Attackers bypass Microsoft security patch to drop Formbook malware

The patch was issued for CVE-2021-40444 to prevent the execution of code that downloaded the Microsoft Cabinet (CAB) archive containing a malicious executable. Sophos Labs researchers have shared their findings…

Microsoft MSHTML flaw exploited in Gmail and Instagram phishing scam

The attacks started in July 2021 in which threat actors exploited Microsoft MSHTML vulnerability to target overseas Iranians. SafeBreach Labs researchers discovered a new Iranian threat actor trying to steal…

A Microsoft MSHTML Exploited By Hackers

It seems that a newly found Iranian threat actor is stealing Google and Instagram credentials from Farsi-speaking targets all around the world employing a new PowerShell-based stealer named PowerShortShell. The…

Magniber Ransomware Shifts Attention Now to Internet Explorer Vulnerabilities

A change of focus took place in the Magniber ransomware’s gang attack method arsenal, as now the threat actor group started to propagate the ransomware and encrypt users’ devices by…

Microsoft November 2021 Patch Tuesday: 55 bugs squashed, two under active exploit

Microsoft has released 55 security fixes for software including patches that resolve zero-day vulnerabilities actively exploited in the wild. The Redmond giant’s latest round of patches, usually released on the second…

WinRAR vulnerability allowed attackers to remotely hijack systems

The vulnerability in WinRAR trialware could be abused by a remote attacker for executing arbitrary code on any system thus, getting an opportunity to launch a range of attacks. According…

Podcast: Could the Zoho Flaw Trigger SolarWinds 2.0?

Companies are worried that the highly privileged password app could let attackers deep inside an enterprise’s footprint, says Redscan’s George Glass. A month ago, the FBI, CISA and the U.S.…

HP Wolf report highlights widespread exploitation of MSHTML, typosquatting and malware families hosted on Discord

Special feature Cyberwar and the Future of Cybersecurity Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at…

October Patch Tuesday: 3 Critical Bulletins Among 71

Trend Micro – Trend Micro – The October 2021 Patch Tuesday continues the quiet streak observed for the months of August and September. Out of 71 bulletins, only three were rated Critical this month. The list also included a fix…

Hackers hit Russian ministry, rocket center using MSHTML vulnerability

By Waqas Microsoft Office zero-day also dubbed MSHTML attack exploited to target Russian government including Interior ministry and State Rocket Center. This is a post from HackRead.com Read the original…