You might be interested in …

[SANS ISC] Microsoft July 2021 Patch Tuesday, (Tue, Jul 13th)

All posts, Sans-ISC

This month we got patches for 117 vulnerabilities. Of these, 13 are critical, 6 were previously disclosed and 4 are being exploited according to Microsoft. The known Printnightmare vulnerability (CVE-2021-34527) is one of the 4 exploited. Microsoft released an out of bound emergency security fix for it (KB5004945) on July 6 but it  is worth stressing […]

Read More

[SANS ISC] .docx With Embedded EXE, (Sun, Aug 22nd)

All posts, Sans-ISC

I received a malicious document sample, a .docx file: c977b861b887a09979d4e1ef03d5f975f297882c30be38aba59251f1b46c2aa8. If you are familiar with maldocs, you know that .docx files do not contain VBA macros. What is hiding in this maldoc, is just 2 embedded files: In the command above, I just use my zipdump.py tool to peek into the .docx file (OOXML files […]

Read More

[HackerNews] Critical ThroughTek Flaw Opens Millions of Connected Cameras to Eavesdropping

All posts, HackerNews

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday issued an advisory regarding a critical software supply-chain flaw impacting ThroughTek’s software development kit (SDK) that could be abused by an adversary to gain improper access to audio and video streams. “Successful exploitation of this vulnerability could permit unauthorized access to sensitive information, such Source: […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.