Author: Jeyaraman Thiruvengadam

Follina – ZeroDay hole in MS Office

Follina – ZeroDay hole in MS Office

Microsoft has confirmed a Remote Code Execution (RCE) vulnerability in Microsoft Support Diagnostic Tool (MSDT) which is expected to be exploited since April, at least.  It was on May 27th, 2022, reports came about malicious word documents that leverages remote templates in order to execute PowerShell via the ms-msdt Office URL scheme. This vulnerability is

Read More
WINDOWS LSA Spoofing Vulnerability

WINDOWS LSA Spoofing Vulnerability

Microsoft released a patch for Windows Local Security Authority (LSA) spoofing recently. This was one among the 74 security flaws reported to be fixed with the new patch, including 7 critical, 66 deemed important and 1 low severity. Windows LSA spoofing vulnerability (CVE-2022-26925) is being wildly exploited. As per Microsoft an unauthorised bad actor will

Read More
Do you know about Denonia?

Do you know about Denonia?

Malware that targets AWS Lambda Environments A first-of-its-kind malware that is specifically designed to execute in an AWS Lambda environment has been discovered by Cado labs. Even serverless environments are no longer safe. While the malware’s distribution is limited, the discovery of such malware is evidence of bad actors’ advanced technical skills and their interest

Read More
What is Spring4Shell?

What is Spring4Shell?

Spring framework is found to have a Remote Code Execution (RCE) flaw. This vulnerability, if exploited successfully, will let the attacker take control of the targeted system. Fortunately, the team behind the framework was successfully able to release a patch to address the flaw. What makes Spring4Shell vulnerability (CVE-2022-22965) very dangerous is the leverage it

Read More