May 30, 2022
David Redekop

TWINN Security News May 30

Today you could get an Office document as an attachment. Your commercial email security solution detects no problem. Your endpoint protection sees no problem. Word opens up the document and out pops a shell. A remote attacker can now control your computer and nothing prevented the attack from executing. This is the reality of today’s zero-day:

Follina — a Microsoft Office code execution vulnerability. You can mitigate this by removing the protocol handler for ms-msdt. As usual with real threats like this, Zero Trust connectivity would also serve as radio silence to the remote attacker.

Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices. Getting and keeping Android devices up-to-date is of critical importance here.

ChromeLoader Malware Hijacks Browsers With ISO Files. Another regular reminder of wisdom I’ve shared before: “Attacks always get better. They never get worse.” -Bruce Schneier

DisCONTInued: The End of Conti’s Brand Marks New Chapter For Cybercrime Landscape. In short, CONTI went from ransomware, to double-extortion, to a new distributed smaller units focusing on data exfiltration.

Military-made cyberweapons could soon become available on the dark web, Interpol warns. This headline is one that makes most of us laugh. The truth is that such tools are already available on github. For example…

Did you know?

There’s a free and open source tool called Sliver. While it is an excellent “red team tool”, in reality, it is probably one of the most powerful tools available to cyber criminals today. For free.

For a video version of this, see: https://youtu.be/kCHGHRoYF7E

Need an IT professional? Request service today.