Vulnerabilities

Mitigating The Unpatched Office and Windows HTML RCE (CVE-2023-36884)

July 2023's Patch Tuesday released fixes for several vulnerabilities being actively exploited in the wild, but only identified mitigation for one particular unpatched zero-day that can allow HTML remote code execution as part of an initial attack.

July 18, 2023 18:32 GMT

March 2023 Patch Tuesday Closes Two Zero-Days Actively Exploited By State-Sponsored Actors

Microsoft's Patch Tuesday for March 2023 fixes more than 80 vulnerabilities, 9 of which are rated critical severity, and 2 zero-days—an Outlook Elevation of Privilege Vulnerability (CVE-2023-23397) and a Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2023-24880). Administrators are encouraged to apply updates ASAP. If this is not possible, there are some mitigating actions to be taken.

March 15, 2023 18:37 GMT

Hand-Picked Top-Read Stories

Beyond Mobile Authentication: Exploring Complex Environments MFA Solutions

Weekly Top 10 – 12.04.2023- Google Patches the Sixth Chrome Zero-Day of 2023, Okta Breach Impacts All Users Who Worked with Support, Sinbad Bitcoin Mixer Seized, and more.

Trending Tags

Vulnerabilities

Mitigating The Unpatched Office and Windows HTML RCE (CVE-2023-36884)

March 2023 Patch Tuesday Closes Two Zero-Days Actively Exploited By State-Sponsored Actors

Critical Citrix ADC and Gateway Zero-Day Actively Exploited

Increased Scanning Activity for Recent Exchange SSRF Vulnerabilities

Microsoft Warns of Two Actively-Exploited Exchange Zero-Days

CISA Warns of Exploited DDoS Vulnerability Impacting Palo Alto Firewalls

VMWare Patches Severe Vulnerabilities Across Multiple Platforms

CISA Suggests Patching Severe Vulnerability in OpenSSL

Follina Zero-Day Allows Zero-Click RCE From Office Docs

CISA Advises Urgent Priority For Patching of New VMware Vulnerabilities

The New Standard of

Cybersecurity
Education

Innovate Cybersecurity Summit

Threat Advisories

Weekly Top 10 – 12.04.2023- Google Patches the Sixth Chrome Zero-Day of 2023, Okta Breach Impacts All Users Who Worked with Support, Sinbad Bitcoin Mixer Seized, and more.

Weekly Top 10 – 11.20.2023- Maine State Census Breached, Security Flaw in Google Workspace, “Royal Ransomware” Possibly ReBranding, and more

Weekly Top 10 – 11.13.2023- New North Korean-Linked MacOS Malware, Google Calendar CNC Abuse

Weekly Top 10 – 11.06.2023- Threat Actors Use Credentials Scraped from GitHub for Crypto Mining, Infamous Mozi IOT Botnet Goes Dark, HelloKitty Ransomware Gang Leverages Vulnerabilities in Apache, Boeing Confirms Cyberattack and Lockbit Claims Responsibility

Weekly Top 10 – 10.30.2023- Critical Vulnerabilities in SolarWinds Access Rights Manager, Zero-Day in Roundcube Exploited by Nation State Actors, VMWare VCenter Security Flaw Patched in End-of-Life Products, Vulnerabilities in Google Chrome Lead to Remote Code Execution

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware