Phishers Can Bypass Multi-Factor Authentication with Microsoft Edge WebView2

An information security expert known as mr.d0x has developed a new attack technique that abuses Microsoft Edge WebView2 applications to steal authentication cookies. In theory, this allows bypassing multi-factor authentication when logging into stolen accounts. Read also: 10 Ways To Recognize and Avoid Phishing Scams. The new attack technique is called WebView2-Cookie-Stealer and consists of… Continue reading Phishers Can Bypass Multi-Factor Authentication with Microsoft Edge WebView2

Microsoft Accuses Russia of Cyberattacks against Ukraine’s Allies

In the latest report on global information security, Microsoft accuses Russia of massive cyberattacks in connection with the war in Ukraine. It states that Russian hackers have carried out numerous cyber-espionage operations against Ukraine’s allied countries since the start of Russia’s full-scale invasion of Ukraine. Let me remind you that we reported that Hacker groups… Continue reading Microsoft Accuses Russia of Cyberattacks against Ukraine’s Allies

Microsoft Has Already Patched a Vulnerability in Windows RDP Twice

This week, CyberArk researchers shared technical information about a named pipe RDP (Remote Desktop Protocol) vulnerability in Windows, for which Microsoft had to release two patches. The RCE vulnerability CVE-2022-21893 was fixed on January 2022 Patch Tuesday, but the attack vector was not fixed. In April 2022, Microsoft already fixed the new bug CVE-2022-24533. Let… Continue reading Microsoft Has Already Patched a Vulnerability in Windows RDP Twice

Internet Explorer shutdown. The Epithaf

Internet Explorer, IE, Microsoft, Microsoft Edge,

On June 15, Microsoft will finally end support for Internet Explorer on various versions of Windows, almost 27 years after its launch on August 24, 1995. The desktop version of IE will be disabled and replaced with the new Microsoft Edge, with users automatically redirected to Edge when they launch Internet Explorer 11. Internet Explorer… Continue reading Internet Explorer shutdown. The Epithaf

Microsoft Fixed Follina Vulnerability and 55 Other Bugs

As part of the June Patch Tuesday, Microsoft finally fixed the Follina Critical Vulnerability associated with Windows MSDT, and fixed 55 more bugs in its products. As a reminder, Follina (CVE-2022-30190) is a remote code execution issue in the Microsoft Windows Support Diagnostic Tool (MSDT) and affects all versions of Windows that receive security updates… Continue reading Microsoft Fixed Follina Vulnerability and 55 Other Bugs

Trojan Qbot Took Advantage of the Famous Follina Vulnerability

The researchers warned that the Qbot malware is already exploiting an unpatched zero-day vulnerability in Windows MSDT called Follina. Let me remind you that the discovery of Follina became known at the end of May, although the first researchers discovered the bug back in April 2022, but then Microsoft refused to acknowledge the problem. The… Continue reading Trojan Qbot Took Advantage of the Famous Follina Vulnerability

Microsoft Is in No Hurry to Fix the Follina Vulnerability, Which Has Become a Real Disaster

Hackers are actively exploiting the critical 0-day Follina vulnerability, which Microsoft is in no hurry to fix. Researchers warn that European governments and municipalities in the US have been targeted by a phishing campaign using malicious RTF documents. Let me remind you that the discovery of Follina became known at the end of May, although… Continue reading Microsoft Is in No Hurry to Fix the Follina Vulnerability, Which Has Become a Real Disaster

Information Security Specialists Discovered a 0-day Vulnerability in Windows Search

A new 0-day Windows Search vulnerability could be used to automatically open a search box and launch remote malware, which is easily done by simply opening a Word document. Bleeping Computer says the problem is serious because Windows supports the search-ms protocol URI handler, which allows apps and HTML links to run custom searches on… Continue reading Information Security Specialists Discovered a 0-day Vulnerability in Windows Search

Chinese Hackers Attack Fresh 0-day Follina Vulnerability

Experts have warned that Chinese hackers are already actively exploiting a 0-day vulnerability in Microsoft Office known as Follina to remotely execute malicious code on vulnerable systems. Let me remind you that the discovery of Follina became known a few days ago, although the first researchers discovered the bug back in April 2022, but then… Continue reading Chinese Hackers Attack Fresh 0-day Follina Vulnerability

Attackers Are Already Exploiting the Fresh 0-day Follina Bug in Microsoft Office

Security researchers recently discovered a zero-day vulnerability in Microsoft Office dubbed Follina. The bug can be exploited through the normal opening of a Word document, using it to execute malicious PowerShell commands through the Microsoft Diagnostic Tool (MSDT). Let me remind you that we also wrote that Lapsus$ hack group stole the source codes of… Continue reading Attackers Are Already Exploiting the Fresh 0-day Follina Bug in Microsoft Office