[HackerNews] Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks

Microsoft on Wednesday disclosed details of a targeting phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems.
“These attacks used the vulnerability, tracked as CVE-2021-40444, as part of an initial access campaign that distributed custom Cobalt Strike Beacon

Source: Read More (The Hacker News)

You might be interested in …

[SecurityWeek] Russian Cyber Restraint in Ukraine Puzzles Experts

All posts, Security Week

The absence of any crippling Russian cyberattacks against Ukraine is puzzling experts, but they warn that low-level assaults may be coming, including against the West in retaliation for sanctions. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[ZDNet] Updates released for multiple vulnerabilities found in 42 Gears’ SureMDM products

All posts, ZDNet

42 Gears released an initial set of updates in November and more earlier this month. Source: Read More (Latest topics for ZDNet in Security)

Read More

[TheRecord] Former defense contractor attempted to provide military secrets to Russia, DOJ says

A former defense contractor was arrested Wednesday night in South Dakota and charged with attempting to provide classified information to the Russian government, the US Department of Justice said. John Murray Rowe Jr., a 63-year-old who spent nearly four decades as a test engineer for several defense contractors, was the target of a monthslong operation […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.