MS Office
Microsoft fixes wormable RCE in Windows Server and Windows (CVE-2022-21907)
The first Patch Tuesday of 2022 is upon us, and Microsoft has delivered patches for 96 CVE-numbered vulnerabilities, including a wormable RCE flaw in Windows Server …
Attackers bypass Microsoft patch to deliver Formbook malware
Sophos Labs researchers have detected the use of a novel exploit able to bypass a patch for a critical vulnerability (CVE-2021-40444) affecting the Microsoft Office file …
Microsoft patches spoofing vulnerability exploited by Emotet (CVE-2021-43890)
It’s the final Patch Tuesday of 2021 and Microsoft has delivered fixes for 67 vulnerabilities, including a spoofing vulnerability (CVE-2021-43890) actively exploited to …
Microsoft announces passwordless authentication option for consumers
After offering the passwordless authentication option to enterprise customers in March 2021, Microsoft has now started rolling it out to its consumer segment of users. The …
Attackers are exploiting zero-day RCE flaw to target Windows users (CVE-2021-40444)
Attackers are exploiting CVE-2021-40444, a zero-day remote code execution vulnerability in MSHTML (the main HTML component of the Internet Explorer browser), to compromise …
Finding 365 bugs in Microsoft Office 365
Microsoft 365 is used by over a billion users worldwide, so attackers are naturally deeply invested in compromising its security. One of the ways of making sure this suite of …
Using virtualization to isolate risky applications and other endpoint threats
More and more security professionals are realizing that it’s impossible to fully secure a Windows machine – with all its legacy components and millions of potentially …
Update MS Office, Paint 3D to plug RCE vulnerabilities
A week after the April 2020 Patch Tuesday, Microsoft has released out-of-band security updates for its Office suite, to fix a handful of vulnerabilities that attackers could …
February 2020 Patch Tuesday: Microsoft fixes 99 vulnerabilities, Adobe 42
February 2020 Patch Tuesday is here. To mark the occasion, Microsoft has released fixes for 99 vulnerabilities – 12 critical, one of which is being exploited in the wild …
February 2020 Patch Tuesday forecast: A lot of love coming our way
The January 2020 Patch Tuesday was a light one as predicted; everyone was still catching up from the end-of-year holidays. As we gain momentum into February and move towards …
Which vulnerabilities were most exploited by cybercriminals in 2019?
Which ten software vulnerabilities should you patch as soon as possible (if you haven’t already)? Table of top exploited CVEs between 2016 and 2019 (repeats are noted by …
The lurking danger of hacked email reply chains
Although phishing has been around in various forms since the 1990s, recent news has shown that it continues to evolve – and remains a major threat. These days, phishing …
Featured news
Resources
Don't miss
- F5 data breach: “Nation-state attackers” stole BIG-IP source code, vulnerability info
- Microsoft patches three zero-days actively exploited by attackers
- U.S. seizes $15 billion in Bitcoin linked to massive forced-labor crypto scam
- A safer way to break industrial systems (on purpose)
- Maltrail: Open-source malicious traffic detection system