SEARCH
Archive
Attackers Exploiting Two Microsoft Exchange Zero Days
Attackers are exploiting two new Microsoft Exchange zero days ( CVE-2022-41040 and CVE-2022-41082) in the wild. Microsoft is working on a patch.
Lazarus Group Affiliate Uses Trojanized Open Source Apps in New Campaigns
Zinc, a Lazarus group offshoot, is using trojanized versions of open source apps such as KiTTY and PuTTY in a new phishing campaign.
Microsoft Fixes Exploited Windows Bug
The vulnerability in the Windows Common Log File system could allow an authenticated attacker to execute code with elevated privileges.
Microsoft Discloses Previously Fixed Azure Synapse Bug
Microsoft quietly fixed the elevation of privilege flaw in June.
Russian APT Targets Microsoft 365 Features to Muddle Detection
APT29, the threat actor linked to the SolarWinds hack, is abusing various Azure features in recent attacks against organizations that influence the foreign policy of NATO countries.