Tag: office

Microsoft Security Update Summary (10. Juni 2025)

Jun 10, 2025 10:55 PM

Tags: microsoft, office, update, vulnerability, windows, zero-day

Microsoft hat am 10. Juni 2025 Sicherheitsupdates für Windows-Clients und -Server, für Office sowie für weitere Produkte veröffentlicht. Die Sicherheitsupdates beseitigen 65 Schwachstellen (CVEs), zwei davon wurden als 0-day klassifiziert. Eine Schwachstelle wurde bereits angegriffen. Nachfolgend findet sich … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/06/10/microsoft-security-update-summary-10-juni-2025/
Microsoft’s June 2025 Patch Tuesday Addresses 65 CVEs (CVE-2025-33053)

Jun 10, 2025 9:55 PM

Tags: access, advisory, apt, attack, authentication, best-practice, business, control, cve, espionage, exploit, group, malicious, microsoft, office, rce, remote-code-execution, service, social-engineering, update, vulnerability, windows, zero-day

9Critical 56Important 0Moderate 0Low Microsoft addresses 65 CVEs, including two zero-day vulnerabilities, with one being exploited in the wild. Microsoft addresses 65 CVEs in its June 2025 Patch Tuesday release, with nine rated critical, and 56 rated as important. Our counts omitted one vulnerability reported by CERT CC. This month’s update includes patches for: .NET…
Smarte Verteidigung für Zweigstellen: Check Point bringt neue Branch Office Firewalls mit KI

Jun 10, 2025 6:55 PM

Tags: ai, cloud, firewall, office

Diese neue Firewall-Generation ist optimiert für SD-WAN-Umgebungen und sorgt für eine reibungslose Nutzung von Cloud-Diensten und Anwendungen ein echtes Plus für Unternehmen mit verteilten Teams. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/smarte-verteidigung-fuer-zweigstellen-check-point-bringt-neue-branch-office-firewalls-mit-ki/a41093/
Trump takes aim at Biden’s cyber executive order but leaves it largely untouched

Jun 10, 2025 12:55 AM

Tags: access, ai, china, compliance, computer, credentials, cryptography, cyber, cybercrime, cybersecurity, data, defense, detection, exploit, fraud, government, identity, infrastructure, intelligence, malicious, network, nist, office, privacy, programming, risk, risk-management, service, software, supply-chain, technology, threat, tool, unauthorized, vulnerability, zero-day

Executive Order 13694 and Executive Order 14144.”A fact sheet accompanying the order says that President Trump’s EO modifies “problematic and distracting issues” of Obama- and Biden-era cybersecurity EOs, particularly “digital identity mandates that risked widespread abuse by enabling illegal immigrants to improperly access public benefits.”Virtually all of the changes implemented by the Trump administration address…
Organised Crime Gang Steals £47 Million from UK Tax Office in Phishing Scam

Jun 9, 2025 5:55 PM

Tags: breach, crime, data, government, hacking, office, phishing, scam

An organised crime gang has stolen £47 million ($64 million) from the UK’s tax office by hacking into over 100,000 customer accounts and fraudulently claiming government payments. His Majesty’s Revenue and Customs (HMRC) confirmed the breach but assured taxpayers that no individuals lost money. According to HMRC, criminals used stolen personal data, likely obtained through…
HHS Names New Director for HIPAA Enforcement Agency

Jun 5, 2025 10:55 PM

Tags: HIPAA, office, service

Paula Stannard Has Deep HHS Regulatory and Legal Roots. The U.S. Department of Health and Human Services has named Paula Stannard to lead its HIPAA enforcement agency – the Office for Civil Rights. Stannard was a legal counsel at HHS under two previous Republican presidential administrations. She also has state and private sector legal experience.…
UK’s error-prone eVisa system is ‘anxiety-inducing’

Jun 5, 2025 6:54 PM

Tags: office

People experiencing technical errors with the Home Office’s electronic visa system explain the psychological toll of not being able to reliably prove their immigration status in the face of a hostile and unresponsive bureaucracy First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366625359/UKs-error-prone-eVisa-system-is-anxiety-inducing
U.S. Authorities Shut Down Major Dark Web Marketplace with 117,000 Users

Jun 5, 2025 9:54 AM

Tags: crime, cyber, cybercrime, dark-web, Internet, marketplace, office, service

In a blow to the cybercrime underworld, the U.S. Attorney’s Office for the Eastern District of Virginia announced the seizure of approximately 145 domains, spanning both darknet and traditional internet spaces, associated with the notorious BidenCash marketplace. This coordinated operation, executed with support from the U.S. Secret Service, FBI, Dutch National High Tech Crime Unit,…
Law enforcement seized the carding marketplace BidenCash

Jun 5, 2025 8:54 AM

Tags: crypto, cybercrime, dark-web, law, marketplace, office

U.S. and Dutch authorities took down 145 domains tied to the BidenCash cybercrime marketplace in a coordinated law enforcement operation. The US DoJ announced the seizure of approximately 145 darknet and clear web domains, and cryptocurrency funds associated with the BidenCash marketplace. >>The U.S. Attorney’s Office for the Eastern District of Virginia announced today the…
Multiple High-Risk Vulnerabilities in Microsoft Products

Jun 3, 2025 11:54 AM

Tags: advisory, exploit, flaw, microsoft, office, risk, threat, tool, update, vulnerability, windows

According to the latest advisory by Cert-In, 78 vulnerabilities have been discovered across a broad range of Microsoft products, including Windows, Azure, MS Office, Developer Tools, Microsoft Apps, System Center, Dynamics, and even legacy products receiving Extended Security Updates (ESU). These flaws pose serious security threats, as they can be exploited by attackers to gain……
AI gives superpowers to BEC attackers

Jun 3, 2025 9:54 AM

Tags: ai, attack, authentication, automation, business, ceo, cloud, communications, corporate, credentials, crypto, data, deep-fake, defense, dmarc, email, exploit, finance, framework, fraud, gartner, google, group, identity, india, jobs, LLM, mail, malicious, malware, microsoft, mitigation, office, phishing, phone, scam, service, skills, social-engineering, spam, spear-phishing, strategy, technology, theft, threat, tool, training

The role of AI in business email compromise: Unlike traditional spam or phishing emails, which are designed to be as generic as possible, BEC fraud is highly targeted. Attackers must do a great deal of research about their targets to craft their messages and time their attacks for when their victim would be most susceptible,…
Getting the Most Value Out of the OSCP: After the Exam

Jun 2, 2025 10:54 PM

Tags: access, attack, automation, bug-bounty, business, cloud, compliance, conference, control, corporate, credentials, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, flaw, framework, google, governance, group, guide, hacker, hacking, incident response, infosec, injection, intelligence, Internet, iran, jobs, kali, linkedin, linux, malicious, malware, microsoft, mobile, network, office, open-source, penetration-testing, powershell, privacy, RedTeam, reverse-engineering, risk, service, skills, soc, social-engineering, sql, strategy, stuxnet, technology, threat, tool, training, update, vulnerability, windows

In the final post of this series, I’ll discuss what to do after your latest exam attempt to get the most value out of your OSCP journey. DISCLAIMER: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been…
Germany doxxes Conti ransomware and TrickBot ring leader

May 30, 2025 6:55 PM

Tags: cybercrime, germany, office, ransomware, russia

The Federal Criminal Police Office of Germany (Bundeskriminalamt or BKA) claims that Stern, the leader of the Trickbot and Conti cybercrime gangs, is a 36-year-old Russian named Vitaly Nikolaevich Kovalev. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/germany-doxxes-conti-ransomware-and-trickbot-ring-leader/
US Treasury sanctioned the firm Funnull Technology as major cyber scam facilitator

May 30, 2025 1:55 PM

Tags: control, crypto, cyber, fraud, office, scam, technology

The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major crypto losses through fraud infrastructure. The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Philippines-based company Funnull Technology Inc. and its admin Liu Lizhi for enabling romance scams, causing $200M in U.S. victim losses. A romance scam…
U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud

May 30, 2025 11:55 AM

Tags: control, crypto, fraud, infrastructure, office, scam, technology

The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) has levied sanctions against a Philippines-based company named Funnull Technology Inc. and its administrator Liu Lizhi for providing infrastructure to conduct romance baiting scams that led to massive cryptocurrency losses.The Treasury accused the Taguig-headquartered company of enabling thousands of websites involved in First seen…
Southeast Asian provider of ‘infrastructure laundering’ for scams is sanctioned by US

May 29, 2025 6:55 PM

Tags: infrastructure, office, scam, technology

Funnull Technology supports “hundreds of thousands of websites” dedicated to the scams, otherwise known as pig butchering, according to the sanctions announcement by the Treasury Department’s Office of Foreign Assets Control. First seen on therecord.media Jump to article: therecord.media/southeast-asian-provider-of-scam-infrastructure-sanctioned
Check Point Launches Next-Gen Branch Office Security, Boosting Threat Prevention Speed by 4x

May 29, 2025 6:55 PM

Tags: data, office, software, threat

Check Point has announced significant advancements to its Quantum Force Security Gateways family. As a result, all Quantum Force Security Gateways for data centres and perimeters are set to receive a 15-25% performance uplift in threat prevention throughput, delivered automatically via a software update. In parallel, Check Point is rolling out a new line-up of…
CISA’s Leadership Exodus Continues, Shaking Local Offices

May 29, 2025 12:55 AM

Tags: cisa, cybersecurity, infrastructure, office

‘It’s Just Totally Destabilizing,’ Staffers Say Amid CISA’s Leadership Exodus. An ongoing exodus of top officials and senior leadership at the Cybersecurity and Infrastructure Security Agency’s regional offices has left staffers increasingly worried about a potential major shift in mission and continued cuts to staff and spending. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cisas-leadership-exodus-continues-shaking-local-offices-a-28527
Empire of office workers strikes back against RTO mandates

May 28, 2025 2:55 PM

Tags: office

The rebellion grows and it seems resistance is not futile First seen on theregister.com Jump to article: www.theregister.com/2025/05/27/office_workers_ignore_rto_mandate/
FBI Warns Law Firms: Hackers Are Calling Offices in Stealth Phishing Scam

May 27, 2025 7:54 PM

Tags: access, hacker, law, office, phishing, scam, tool

The FBI warns law firms of a stealth phishing scam where hackers call victims, pose as IT staff, and use remote access tools to steal sensitive data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/fbi-warns-luna-moth/
CISA loses nearly all top officials as purge continues

May 27, 2025 5:54 PM

Tags: cisa, government, office

Most of the leaders of the agency’s operating divisions and regional offices have left or will leave this month amid the Trump administration’s aggressive government-downsizing campaign. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-senior-official-departures/748992/
US Government Launches Audit of NIST’s National Vulnerability Database

May 27, 2025 1:54 PM

Tags: government, nist, nvd, office, vulnerability

The audit of the NVD will be conducted by the US Department of Commerce’s Office of Inspector General First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/us-government-launches-audit-nist/
Microsoft Defender vs Bitdefender: Compare Antivirus Software

May 27, 2025 11:54 AM

Tags: antivirus, business, email, endpoint, microsoft, office, software, vulnerability

Microsoft Defender and Bitdefender are two popular small business security providers with multiple products for small teams. Microsoft Defender can protect your office solutions, like Word and Teams, and business endpoint devices. Bitdefender performs vulnerability scans on your devices and protects your email accounts. I’ve compared both solutions to help you decide which is a…
Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth’s Stealth Phishing Campaign

May 27, 2025 10:54 AM

Tags: access, attack, data, email, extortion, hacker, law, office, phishing, social-engineering, technology

The U.S. Federal Bureau of Investigation (FBI) has warned of social engineering attacks mounted by a criminal extortion actor known as Luna Moth targeting law firms over the past two years.The campaign leverages “information technology (IT) themed social engineering calls, and callback phishing emails, to gain remote access to systems or devices and steal sensitive…
Phishing mit Termineinladungen zielt auf Office 365-Konten

May 27, 2025 12:54 AM

Tags: microsoft, office, phishing

Ich greife mal ein Thema auf, welches in der Form irgendwie schon bekannt ist. Besitzer von Microsoft Office 365-Konten erhalten Termineinladungen, die vorgeben, dass eine Aktion durchzuführen ist. Aber im Hintergrund sitzt ein Phisher, der versucht, Opfer über den Tisch … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/05/27/phishing-mit-termineinladungen-zielt-auf-office-365-konten/
Claude Opus 4 is Anthropic’s Powerful, Problematic AI Model

May 26, 2025 7:54 PM

Tags: ai, intelligence, office, startup

Latest AI Model Improves Coding Capabilities But Has a Penchant for Blackmail. Startup Anthropic has birthed a new artificial intelligence model, Claude Opus 4, that tests show delivers complex reasoning and code-writing capabilities, but it also has a Machiavellian streak for solving office problems and a penchant for whistleblowing in response to perceived wrongdoing. First…
ICYMI: A Look Back at Exposure Management Academy Highlights

May 26, 2025 4:54 PM

Tags: attack, business, ceo, cio, control, cyber, cybersecurity, data, framework, infrastructure, intelligence, office, risk, risk-management, strategy, technology, threat, tool, update, vulnerability, vulnerability-management

Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. This week, we look back on some highlights from the first couple of months of posts, including the broad view exposure management provides, business impact and getting to a single pane of glass.…
Beijing may have breached US government systems before Cityworks plugged a critical flaw

May 23, 2025 2:55 PM

Tags: access, control, cve, cvss, exploit, flaw, government, Internet, microsoft, mitigation, office, rce, remote-code-execution, risk, service, unauthorized, update, vulnerability, zero-day

Deserialization bug allowed RCE on Microsoft IIS: The vulnerability, which impacts Cityworks versions before 15.8.9 and Cityworks with Office Companion versions before 23.10, is a deserialization flaw that was assigned a severity rating of CVSS 8.6 out of 10.On successful exploitation, the bug allows authenticated attackers to execute remote code (RCE) on a target’s Microsoft…
ViciousTrap Hackers Breaches 5,500+ Edge Devices from 50+ Brands, Turns Them into Honeypots

May 23, 2025 11:55 AM

Tags: breach, cyber, detection, hacker, Internet, office, router, threat

A sophisticated cyber threat actor, dubbed ViciousTrap by Sekoia.io’s Threat Detection & Research (TDR) team, has compromised over 5,500 edge devices across more than 50 brands, transforming them into a massive honeypot-like network. This alarming operation, detailed in Sekoia.io’s latest investigation, targets a wide array of internet-facing equipment, including Small Office/Home Office (SOHO) routers, SSL…
Russian APT28 compromised Western logistics and IT firms to track aid to Ukraine

May 23, 2025 5:54 AM

Tags: access, advisory, api, authentication, cctv, cloud, computer, container, credentials, cve, cybersecurity, data, detection, email, exploit, flaw, government, hacker, identity, infrastructure, Internet, login, malicious, malware, mfa, military, network, ntlm, office, open-source, password, phishing, powershell, russia, service, software, threat, tool, ukraine, vulnerability

Credential guessing and spearphishing: The attackers used brute-force credential guessing techniques, also known as password spraying, to gain initial access to accounts. This was complemented with targeted phishing emails that directed recipients to fake login pages for government entities or Western cloud email providers. These phishing pages were stored on free web hosting services or…