Clicky

New 0-Day Attack Targeting Windows Users With Microsoft Office Documents

ByPR 24
New 0-Day Attack Targeting Windows Users With Microsoft Office Documents | IT Security News

This article has been indexed from The Hacker News

Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that’s being used to hijack vulnerable Windows systems by leveraging weaponized Office documents.
Tracked as CVE-2021-40444 (CVSS score: 8.8), the remote code execution flaw is rooted in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer and which is used in

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to “allow cookies” to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click “Accept” below then you are consenting to this.

Close


Similar Posts

Swiss Firm Says It Accessed SolarWinds Attackers’ Servers

Swiss Firm Says It Accessed SolarWinds Attackers’ Servers

ByPR 24

Cybercrime , Forensics , Fraud Management & Cybercrime Prodaft: APT Group Uses ‘Unprecedented Malware Detection Sandbox’ Prajeet Nair (@prajeetspeaks) • March 22, 2021     SolarWinds attack timeline (Source: Prodaft) Swiss cybersecurity firm Prodaft says it has accessed several servers used by an advanced persistent threat group tied to the SolarWinds supply chain attack. These…

Cybersecurity Executive Order 2021: What It Means for Cloud and SaaS Security

Cybersecurity Executive Order 2021: What It Means for Cloud and SaaS Security

ByPR 24

Cybersecurity Executive Order 2021: What It Means for Cloud and SaaS Security | IT Security News 14. June 2021 This article has been indexed from The Hacker News In response to malicious actors targeting US federal IT systems and their supply chain, the President released the “Executive Order on Improving the Nation’s Cybersecurity (Executive Order).”Although directed…

Microsoft Exchange ProxyToken bug can let hackers steal user email

Microsoft Exchange ProxyToken bug can let hackers steal user email

ByPR 24

Technical details have emerged on a serious vulnerability in Microsoft Exchange Server dubbed ProxyToken that does not require authentication to access emails from a target account. An attacker can exploit the vulnerability by crafting a request to web services within the Exchange Control Panel (ECP) application and steal messages from a victim’s inbox. Delegation confusion…

CVE-2021-22326 – Alert Detail – Security Database

CVE-2021-22326 – Alert Detail – Security Database

ByPR 24

Executive Summary Informations Name CVE-2021-22326 First vendor Publication 2021-06-30 Vendor Cve Last vendor Modification 2021-06-30 Security-Database Scoring CVSS v3 Cvss vector : N/A Overall CVSS Score NA Base Score NA Environmental Score NA impact SubScore NA Temporal Score NA Exploitabality Sub Score NA   Calculate full CVSS 3.0 Vectors scores Security-Database Scoring CVSS v2 Cvss…

After Nuclear Site Blackout, Thunder From Iran, and Silence From U.S.

After Nuclear Site Blackout, Thunder From Iran, and Silence From U.S.

ByPR 24

JERUSALEM — The last time the centrifuges crashed at Iran’s underground nuclear fuel-production center at Natanz, more than a decade ago, the sabotage was the result of a joint Israeli-American cyberattack intended to slow Tehran’s progress toward nuclear weapons and force a diplomatic negotiation. When they crashed again this weekend, the White House asserted that…