Microsoft security teams issued an alert to ask users of Windows systems to take appropriate measures to prevent the exploitation of a zero-day MSHTML vulnerability of remote code execution through malicious documents from the Microsoft Office suite. The flaw was tracked as CVE-2021-40444, although due to the latent risk of exploitation the company has not […]
Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that’s being used to hijack vulnerable Windows systems by leveraging weaponized Office documents. Tracked as CVE-2021-40444 (CVSS score: 8.8), the remote code execution flaw is rooted in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer and which is […]
Researchers uncovered a new ongoing attack by Conti Ransomware Gang that utilized the ProxyShell to target the organization networks. ProxySell is an exploit written to abuse the Microsoft Exchange vulnerabilities reported over the past months, also it was patched by Microsoft and released an update in May 2021 under patch Tuesday. Conti is one of the ruthless […]
The Microsoft exchange servers were hacked by a very new ransomware gang that is known as LockFile. According to the cyber security expert, this ransomware gang has appeared in July 2021. However, the main motive of this ransomware is to encrypt Windows domains soon after hacking into Microsoft Exchange servers, and this they do with […]
Details have emerged about a now-patched security vulnerability impacting Microsoft Exchange Server that could be weaponized by an unauthenticated attacker to modify server configurations, thus leading to the disclosure of Personally Identifiable Information (PII). The issue, tracked as CVE-2021-33766 (CVSS score: 7.3) and coined “ProxyToken,” was discovered by Le Xuan Tuyen, a researcher at the […]
Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. “Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking,” Microsoft 365 Defender […]
Cloud infrastructure security company Wiz on Thursday revealed details of a now-fixed Azure Cosmos database vulnerability that could have been potentially exploited to grant any Azure user full admin access to other customers’ database instances without any authorization. The flaw, which grants read, write, and delete privileges, has been dubbed “ChaosDB,” with Wiz researchers noting […]
In a security alert, Microsoft released a guidance to prevent the exploitation of the three vulnerabilities that integer ProxyShell, which reside in Exchange deployments. Recently reported, these three flaws were discovered by researcher Orange Tsai and addressed in May. During her presentation at the Pwn2Own hacking event, Orange Tsai demonstrated the commitment of a vulnerable […]
Another new zero-day vulnerability in “Windows Printing Spooler Service” has been reported by Microsoft. The experts of Microsoft have also stated that the threat actors who can strongly exploit this vulnerability could easily run the arbitrary code with SYSTEM privileges. Microsoft recently patched remote code execution vulnerability in Windows Print Spooler. The flaw allows a […]
A day after releasing Patch Tuesday updates, Microsoft acknowledged yet another remote code execution vulnerability in the Windows Print Spooler component, adding that it’s working to remediate the issue in an upcoming security update. Tracked as CVE-2021-36958 (CVSS score: 7.3), the unpatched flaw is the latest to join a list of bugs collectively known as […]
Microsoft announced that they will begin implementing a default configuration in the way the Windows system employs the Print Spooler print driver in an attempt to eliminate once and for all the possibilities of exploitation of the dangerous PrintNightmare flaw. The company points out that, from now on, Windows will require administrator rights to change […]
Researchers report the detection of multiple attempts to exploit ProxyShell, a set of remote code execution flaws in Microsoft Exchange disclosed during the Black Hat cybersecurity conference. ProxyShell consists of three vulnerabilities that unauthenticated remote threat actors could chain together to execute malicious code in affected Exchange deployments. The following describes the three flaws that […]
Cybersecurity specialists report the discovery of a dangerous vulnerability in Microsoft 3D Viewer, a 3D object visualization and augmented reality tool first launched in Windows 10 1703. According to the report, successful exploitation of this flaw would allow threat actors to execute arbitrary code in the affected implementations. The vulnerability requires user interaction to be […]
An unidentified threat actor has been exploiting a now-patched zero-day flaw in Internet Explorer browser to deliver a fully-featured VBA-based remote access trojan (RAT) capable of accessing files stored in compromised Windows systems, and downloading and executing malicious payloads as part of an “unusual” campaign. The backdoor is distributed via a decoy document named “Manifest.docx” […]
Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly. As we reported last week, the vulnerability — SeriousSAM — allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash (and potentially Silver Ticket) attack. Attackers can exploit this vulnerability to […]
An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns. “LemonDuck, an actively updated and robust malware that’s primarily […]
The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People’s Republic of China’s Ministry of State Security (MSS). In a statement issued by the White House on Monday, the administration said, […]
Microsoft on Thursday shared fresh guidance on yet another vulnerability affecting the Windows Print Spooler service, stating that it’s working to address it in an upcoming security update. Tracked as CVE-2021-34481 (CVSS score: 7.8), the issue concerns a local privilege escalation flaw that could be abused to perform unauthorized actions on the system. The company […]
This week, PrintNightmare – Microsoft’s Print Spooler vulnerability (CVE-2021-34527) was upgraded from a ‘Low’ criticality to a ‘Critical’ criticality. This is due to a Proof of Concept published on GitHub, which attackers could potentially leverage for gaining access to Domain Controllers. As we reported earlier, Microsoft already released a patch in June 2021, but it […]
Even as Microsoft expanded patches for the so-called PrintNightmare vulnerability for Windows 10 version 1607, Windows Server 2012, and Windows Server 2016, it has come to light that the fix for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain scenarios, effectively defeating the security protections and permitting […]
The PrintNightmare vulnerability has turned out to be a big issue for Windows system users and the cybersecurity community. On Tuesday, Microsoft seemed to have finally addressed this flaw with the release of the KB5004945 update, though things might not turn out as expected. Just hours after the release of this update, researchers Matthew Hickey […]