Microsoft Fixed Follina Vulnerability and 55 Other Bugs

As part of the June Patch Tuesday, Microsoft finally fixed the Follina Critical Vulnerability associated with Windows MSDT, and fixed 55 more bugs in its products. As a reminder, Follina (CVE-2022-30190) is a remote code execution issue in the Microsoft Windows Support Diagnostic Tool (MSDT) and affects all versions of Windows that receive security updates… Continue reading Microsoft Fixed Follina Vulnerability and 55 Other Bugs

Microsoft Is in No Hurry to Fix the Follina Vulnerability, Which Has Become a Real Disaster

Hackers are actively exploiting the critical 0-day Follina vulnerability, which Microsoft is in no hurry to fix. Researchers warn that European governments and municipalities in the US have been targeted by a phishing campaign using malicious RTF documents. Let me remind you that the discovery of Follina became known at the end of May, although… Continue reading Microsoft Is in No Hurry to Fix the Follina Vulnerability, Which Has Become a Real Disaster

Attackers Exploit MSDT Follina Bug to Drop RAT

Threat Actors Exploit MSDT Follina Bug To Drop RAT And Infostealer

Security specialists caution users about the exploitation of the recently disclosed Follina Bug found in all supported versions of Windows. Threat actors have actively utilized this vulnerability to install payloads such as the AsyncRAT trojan and infostealer. Understanding the Follina Vulnerability On May 27, 2022, the public became aware of a remote code execution (RCE)… Continue reading Attackers Exploit MSDT Follina Bug to Drop RAT

Attackers Are Already Exploiting the Fresh 0-day Follina Bug in Microsoft Office

Security researchers recently discovered a zero-day vulnerability in Microsoft Office dubbed Follina. The bug can be exploited through the normal opening of a Word document, using it to execute malicious PowerShell commands through the Microsoft Diagnostic Tool (MSDT). Let me remind you that we also wrote that Lapsus$ hack group stole the source codes of… Continue reading Attackers Are Already Exploiting the Fresh 0-day Follina Bug in Microsoft Office

Fake Exploits Used to Deliver Cobalt Strike Beacons

Cyble experts have warned that cybercriminals are attacking IS researchers, distributing malware under the guise of exploits for Windows, which eventually installs Cobalt Strike beacons on the experts’ machines. Let me remind you that we also wrote that Emotet now installs Cobalt Strike beacons. Cyble analysts report that malware disguised as PoC exploits for a… Continue reading Fake Exploits Used to Deliver Cobalt Strike Beacons

Information Security Specialist Showed How to Steal a Tesla Car

Sultan Qasim Khan, a security consultant of the NCC Group, has disclosed a vulnerability that allows attackers to enter the salon and steal a Tesla car. The vulnerability consists of the redirection of communication between the Tesla owner’s smartphone or key fob and the car itself. During the demonstration, the specialist used two small repeaters… Continue reading Information Security Specialist Showed How to Steal a Tesla Car

Microsoft Has Not Fully Coped with PetitPotam Attacks in Windows NTLM Relay

In May, Microsoft released a security update, as it had previously not fully coped with attacks called PetitPotam. The update and mitigation recommendations target a heavily exploited vulnerability in NTLM Relay called Windows LSA Spoofing Vulnerability with the number CVE-2022-26925. Last July, security researcher Gilles Lionel, also known as Topotam, introduced a new PetitPotam method… Continue reading Microsoft Has Not Fully Coped with PetitPotam Attacks in Windows NTLM Relay

F5 warns of critical BIG-IP RCE vulnerability

0-day vulnerability, Vulnerabilities, F5 Inc, Security breach, Exploit,

F5, Inc warned the users about the critical vulnerability that harms the iControl REST users. That solution is a framework offered by the F5 Corporation as an advanced tool for software developers. The detected flaw is noted as critical, since it makes the device takeover possible for non-authorised users. F5 warns its customers of a… Continue reading F5 warns of critical BIG-IP RCE vulnerability

Zero-Day Vulnerability: Understanding the Real Threats

Zero-day vulnerabilities, Zero-day exploits, Exploit

Zero-day vulnerability are the real mess of a modern cybersecurity world. You may have a perfect protection system established in your network, and your employees may be warned and ready to react properly if something goes wrong, but that still is not enough to say that a zero-day threat is avoided. So is there a… Continue reading Zero-Day Vulnerability: Understanding the Real Threats

Vulnerabilities in Linux Allow Gaining Superuser Rights

A Microsoft specialist has discovered vulnerabilities in Linux systems, the exploitation of which allows quickly gaining superuser rights. In total, two vulnerabilities were discovered (CVE-2022-29799 and CVE-2022-29800) and united under the common name Nimbuspwn. Problems are found in the networkd-dispatcher component of many Linux distributions, which dispatches network status changes and can run various scripts… Continue reading Vulnerabilities in Linux Allow Gaining Superuser Rights