The fourth horseman: CVE-2019-0797 vulnerability

The new zero-day in the Windows OS exploited in targeted attacks In February 2019, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to Read More …

GandCrab ransomware and Ursnif virus spreading via MS Word macros

Security researchers have discovered two separate malware campaigns, one of which is distributing the Ursnif data-stealing trojan and the GandCrab ransomware in the wild, whereas the second one is only infecting victims with Ursnif malware. Though both malware campaigns appear to be a work Read More …

LCG Kit: Sophisticated builder for Malicious Microsoft Office Documents

Proofpoint researchers discovered “LCG Kit,” a weaponized document builder service, in March 2018.  Since we began tracking LCG Kit, we have observed it using the Microsoft Equation Editor CVE-2017-11882 [1] exploit in various forms. More recently, its authors have integrated Read More …

For the fourth month in a row, Microsoft patches Windows zero-day used in the wild

Today, Microsoft released its monthly security patches –known as the Patch Tuesday updates. This month the Redmond-based company fixed 38 vulnerabilities across a large set of products. For the fourth month in a row, Microsoft patched a Windows OS zero-day Read More …

Microsoft patches Windows zero-day used by multiple cyber-espionage groups

Microsoft released today its monthly roll-up of security patches known as Patch Tuesday. This month, the Redmond-based company has fixed 62 security flaws. Among the 62 fixes, there is also a fix for a zero-day vulnerability that was under active Read More …

Microsoft regularly shared data of India bank customers with US intelligence agencies, claims report

Technology company Microsoft has routinely shared the financial details of Indian bank customers with intelligence agencies in the United States, DNA reported on Tuesday. According to the newspaper, the Reserve Bank of India flagged its concerns on the matter in a risk Read More …

SettingContent-ms can be Abused to Drop Complex DeepLink and Icon-based Payload

Microsoft’s SettingContent-ms has become a recent topic of interest. In July, we saw one spam campaign use malicious SettingContent-ms files embedded in a PDF to drop the remote access Trojan FlawedAmmyy, a RAT also used by the Necurs botnet. That campaign was Read More …

Researcher Discloses New Zero-Day Affecting All Versions of Windows

A security researcher has publicly disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows operating system (including server editions) after the company failed to patch a responsibly disclosed bug within the 120-days deadline. Discovered by Lucas Leong of the Read More …