What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-05-31 16:33:34 | New Microsoft Office “Follina” zero-day Already Shared on Ransomware Forums (lien direct) |
The new zero-day MS Word vulnerability recently discovered by Nao_Sec on May 27, 2022, titled 'Follina' (CVE-2022-30190) targeting Microsoft Office is being actively utilised, Minerva researchers found. The exploit targets a vulnerability in Microsoft's Windows Support Diagnostic Tool (MSDT) that occurs due to the ms-msdt MSProtocol URI scheme which could load code and execute via PowerShell despite macros being disabled. Successful exploitation of the CVE enables an attacker to execute arbitrary code on the targeted host. However, the attacker must socially engineer the victim into opening a specially crafted file to exploit this issue which requires a targeted effort to succeed making the vulnerability less prominent to unskilled actors but highly relevant to ransomware gangs such as CONTI, CL0P and ALPHV. To combat this new threat businesses must focus on threat prevention-an approach in which Minerva excels. |
Ransomware Tool Vulnerability Threat |
1
We have: 1 articles.
We have: 1 articles.
To see everything:
Our RSS (filtrered)
