#microsoft

A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel.  

By Waqas According to Fortinet Labs, third parties have already purchased top-level domains (TLD) such as Joomla.zip and MSNBC.zip, which could potentially be a breach of the Anticybersquatting Consumer Protection Act (ACPA). This is a post from HackRead.com Read the original post: FortiGuard Labs Discovers .ZIP Domains Fueling Phishing Attacks

An unidentified threat actor compromised an application used by multiple entities in Pakistan to deliver ShadowPad, a successor to the PlugX backdoor that's commonly associated with Chinese hacking crews. Targets included a Pakistan government entity, a public sector bank, and a telecommunications provider, according to Trend Micro. The infections took place between mid-February 2022 and

By Deeba Ahmed The fake flyer was emailed on 4 May 2023 to multiple diplomatic missions in Kyiv. This is a post from HackRead.com Read the original post: Phishers Targeting Diplomats in Kyiv with Fake 2011 BMW Flyers

Discover stories about threat actors’ latest tactics, techniques, and procedures from Cybersixgill’s threat experts each month. Each story brings you details on emerging underground threats, the threat actors involved, and how you can take action to mitigate risks. Learn about the top vulnerabilities and review the latest ransomware and malware trends from the deep and dark web. Stolen ChatGPT

Microsoft Word documents exploiting known remote code execution flaws are being used as phishing lures to drop malware called LokiBot on compromised systems. "LokiBot, also known as Loki PWS, has been a well-known information-stealing Trojan active since 2015," Fortinet FortiGuard Labs researcher Cara Lin said. "It primarily targets Windows systems and aims to gather sensitive information from

Fun Facts: Game you binged: Guitar Hero and Rock Band fanatic. Go to snack: Nutri-Grain Bars. Favorite Drink: Soda – Coca Cola specifically. Favorite Place: Singapore – stayed an extra week after a hacking collaboration and truly fell in love and hopes to get back as soon as possible. Favorite Movie/Genre: Parasite – Korean Cinema, had been watching Koren Cinema before it became a thing.

Microsoft on Friday said a validation error in its source code allowed for Azure Active Directory (Azure AD) tokens to be forged by a malicious actor known as Storm-0558 using a Microsoft account (MSA) consumer signing key to breach two dozen organizations. "Storm-0558 acquired an inactive MSA consumer signing key and used it to forge authentication tokens for Azure AD enterprise and MSA

By Waqas Both teenagers, who are on trial in the United Kingdom, have been accused of being associated with the infamous Lapsus$ hacking group. This is a post from HackRead.com Read the original post: Teenagers Face Trial for Hacking BT, Nvidia, Rockstar Games, Revolut, Uber

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability