Microsoft Office
Phishing Campaign Uses Internal Email to Trick Employees into Sharing Office 365 Credentials
A campaign targeting Office 365 customers used a compromised internal email for phishing messages, giving much more credence to an email that people would otherwise dismiss immediately. Phishing emails are a fact ...
Court Lets Microsoft Seize Web Domains Used in COVID-19 Phishing/BEC Scams and Fraud
A U.S. court order has allowed Microsoft to seize control of key domains controlled by fraudsters to halt criminal activity after an increase in scams targeting users of Office 365. The U.S ...
Phishing Campaign Targets FINRA in Search for Microsoft Office or SharePoint Credentials
A new phishing campaign is targeting members of Financial Industry Regulatory Authority (FINRA), with emails purporting to be from FINRA officers. The goal is to obtain the members’ user names and passwords ...
Detecting the Impossible: Serverless C2 in the Cloud
There are certain sophisticated threat behaviors that are generally considered “impossible” to detect on the network, which are both tedious and challenging for security teams to protect against. These include the use ...
Microsoft Office: The New Hot Target for Hackers
New research finds cybercriminals have changed their focus from web vulnerabilities to Microsoft Office, and it is extremely easy to exploit holes in the popular software. Recent research from Kaspersky Lab reveals ...
Facebook Passwords Exposed, Android Q Privacy, Microsoft Office Targeted
This is your Shared Security Weekly Blaze for March 25th 2019 with your host, Tom Eston. In this week’s episode: Facebook passwords exposed in plain text, Android Q’s new privacy features, and ...
Who Is Agent Tesla?
A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity -- attracting more than 6,300 ...
Attackers Test New Document Attack Vector That Slips Past Office Defenses
After abusing Microsoft Office macros, Dynamic Data Exchange (DDE) and Object Linking and Embedding (OLE), attackers have found a new document feature they can leverage to execute malicious code on computers. The ...
Tripwire Patch Priority Index for March 2018
BULLETIN CVE Browser CVE-2018-0942, CVE-2018-0929, CVE-2018-0927, CVE-2018-0932, CVE-2018-0879 Scripting Engine CVE-2018-0872,CVE-2018-0873,CVE-2018-0874,CVE-2018-0934,CVE-2018-0933,CVE-2018-0936,CVE-2018-0937,CVE-2018-0930,CVE-2018-0931,CVE-2018-0939,CVE-2018-0891,CVE-2018-0876,CVE-2018-0889,CVE-2018-0893,CVE-2018-0935 Adobe Flash Player: APSB18-05 CVE-2018-4919, CVE-2018-4920 Microsoft Office CVE-2018-0907,CVE-2018-0919,CVE-2018-0922 Microsoft Access CVE-2018-0903 Windows CVE-2018-0902,CVE-2018-0886,CVE-2018-0881,CVE-2018-0977,CVE-2018-0882,CVE-2018-0880,CVE-2018-0877,CVE-2018-0817,CVE-2018-0816,CVE-2018-0815,CVE-2018-0868,CVE-2018-0878,CVE-2018-0884,CVE-2018-0883,CVE-2018-0983 Hyper-V CVE-2018-0888,CVE-2018-0885 Windows Kernel CVE-2018-0900,CVE-2018-0904,CVE-2018-0897,CVE-2018-0896,CVE-2018-0898,CVE-2018-0895,CVE-2018-0894,CVE-2018-0901,CVE-2018-0899,CVE-2018-0926,CVE-2018-0813,CVE-2018-0811,CVE-2018-0814 Exchange Server ...
Spectre Patches Reach More CPUs as New Attack Variants Appear
Intel has released microcode patches to address the Spectre vulnerability on additional families of CPUs. Meanwhile, researchers have found a new way of implementing the Meltdown and Spectre attacks, but the variants ...
