[updated] Windows MSHTML zero-day actively exploited, mitigations required

Credit to Author: Pieter Arntz| Date: Wed, 08 Sep 2021 11:04:07 +0000

In-the-wild attacks are exploiting a vulnerability in MSHTML that can load malicious ActiveX controls in Office documents.

Categories: Exploits and vulnerabilities

Tags:

(Read more…)

The post [updated] Windows MSHTML zero-day actively exploited, mitigations required appeared first on Malwarebytes Labs.

Read more

Windows MSHTML zero-day actively exploited, mitigations required

Credit to Author: Pieter Arntz| Date: Wed, 08 Sep 2021 11:04:07 +0000

In-the-wild attacks are exploiting a vulnerability in MSHTML that can load malicious ActiveX controls in Office documents.

Categories: Exploits and vulnerabilities

Tags:

(Read more…)

The post Windows MSHTML zero-day actively exploited, mitigations required appeared first on Malwarebytes Labs.

Read more

Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat

Credit to Author: Threat Intelligence Team| Date: Wed, 06 Jan 2021 15:14:45 +0000

A North Korean threat group has swapped the usual Hangul Office lures for a cleverly packed Office macro.

Categories: Social engineeringThreat analysis

Tags:

(Read more…)

The post Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat appeared first on Malwarebytes Labs.

Read more

‘Wormable’ Flaw Leads July Microsoft Patches

Credit to Author: BrianKrebs| Date: Tue, 14 Jul 2020 21:45:28 +0000

Microsoft today released updates to plug a whopping 123 security holes in Windows and related software, including fixes for a critical, “wormable” flaw in Windows Server versions that Microsoft says is likely to be exploited soon. While this particular weakness mainly affects enterprises, July’s care package from Redmond has a little something for everyone. So if you’re a Windows (ab)user, it’s time once again to back up and patch up (preferably in that order).

Read more

Microsoft pushes fixes for 128 security bugs in June, 2020 Patch Tuesday

Credit to Author: SophosLabs Offensive Security| Date: Tue, 09 Jun 2020 17:01:17 +0000

In this month&#8217;s Patch Tuesday, a total of 128 security vulnerabilities have been patched in Microsoft products, a slight increase compared to the last few months. Only twelve of the vulnerabilities are rated &#8220;Critical.&#8221; None of the bugs have been found being exploited in the wild (yet). Preceding this month&#8217;s update was a fix for [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/02N0ToRkzv0″ height=”1″ width=”1″ alt=””/>

Read more