A Chinese APT Group is Exploiting the Microsoft Follina Flaw for Remote Code Execution
metacurity.substack.com
A Chinese APT Group is Exploiting the Microsoft Follina Flaw for Remote Code Execution
CISA warns of Dominion voting machine vulnerabilities, Italy's CSIRT warns of DDoS attacks, Costa Rica's social security fund hit by Hive ransomware, Russian government spends $8m on VPNs, much more
Check out my latest CSO column, which delves into recent 5G security advancements promoted by CISA, DoD, DHS, and NIST.
The TA413 APT group, a hacking outfit linked to Chinese state interests, is now actively exploiting the Microsoft Office zero-day vulnerability known as Follina to execute malicious code remotely on Windows systems.
Proofpoint security researchers said the group is now using CVE-2022-30190 exploits to execute malicious code via the MSDT protocol when targets open or preview Word documents delivered in ZIP archives. CISA urged admins and users to disable the MSDT protocol on their Windows devices after Microsoft reported active exploitation of this vulnerability in the wild. (Sergiu Gatlan / Bleeping Computer)
Related: Security Week, TechCrunch, Security Affairs, The Hacker News, CISA
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.