9/12/2023 0 Comments Microsoft office logo epsThe fake Ukrainian World Congress site was hosted on a URL that looked almost identical to the real URL: The legitimate domain is, whereas the malicious domain’s URL was ukrainianworldcongressinfo. The spear-phishing emails encouraged their intended victims to click on a link that sent them to a specially crafted replica of the Ukrainian World Congress website, leveraging CVE-2023-36884 to deliver a malicious payload that allows for remote code execution. The infection technique used in the document is RTF exploitation, with outbound connections initiated from the victim’s machine once the target opens the document. Based on BlackBerry's cyberthreat telemetry, network data analysis, and the full set of cyber weapons the team collected, it appears that RomCom ran its first test drills on June 22, and again a few days before the malicious command-and-control (C2) used in this campaign was registered and went live.Īs the team dug deeper into this campaign, the BlackBerry researchers found two malicious documents submitted from an IP address in Hungary, sent as lures to an organization supporting Ukraine abroad, and a document targeting NATO Summit guests who may also be providing support to Ukraine. This method is the gateway to many malicious activities, including data exfiltration, credential gathering, and ransoming or stealing information for adversarial intelligence and cyber-espionage purposes.īlackBerry discovered RomCom’s phishing campaign the week before the NATO Summit and immediately shared this intelligence - including IoCs (indicators of compromise) - with relevant government agencies several days before r eleasing a public report on July 8. The vulnerability announcement was made by Microsoft three days later, on July 11. When the vulnerability is exploited, an attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution on the victim’s machine once the document is opened. Microsoft has stated it will take appropriate mitigation actions, which may include providing a security update through their monthly release process or providing an out-of-cycle security update. Currently, there is no patch available from Microsoft to mitigate against the attack. federal civilian executive branch (FCEB) agencies to secure Windows devices on their networks against CVE-2023-36884 exploits by Aug. They will continue to use the original theme that was applied when they were created.įor anyone who is not a fan of the new theme, it will be possible to revert to the old look - you just need to select the newly renamed Office Theme 2013 – 2022.In response to the attacks, the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD 22-01), which requires U.S. NOTE: Your existing documents won't change. The company adds:Īs the theme rolls out, all new documents, presentations, worksheets, and emails you create in Word, PowerPoint, Excel, and Outlook will use the new theme. Microsoft says that the theme is rolling out and may take some time to reach everyone. There's also an increase in the default outline weights, improved consistency between shapes and lines, and added better overall contrast. The default style used in both Word documents and Outlook emails has been updated to give a more professional and legible look. Having conducted research into design trends and popular color palettes, the company is introducing new colors for background and text, as well as for hyperlinks and accents. Microsoft believes that as well as increasing accessibility, the new default theme helps to give Office documents a more modern look. Unlock the new features of Windows 11 Moment 3 with the newly released KB5028185 update.Microsoft reveals everything you need to know about Windows 11 23H2.Microsoft is working on a new reinstall feature to let you fix Windows 11 without losing files, apps or settings.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |