Adobe Type Manager Vulnerability

Adobe Type Manager Vulnerability

Summary On Monday, March 23, 2020, Microsoft’s Security Response Center released a Security Advisory documenting vulnerabilities in Adobe Type Manager Library, which is a program built into all currently supported versions of Windows. This vulnerability may allow an attacker to craft a document, which, when previewed...


COVID-19 Phishing Scheme

COVID-19 Phishing Scheme

Summary In light of the heightened fear around the COVID-19 pandemic, criminals are targeting and exploiting remote workers that are isolated from their regular daily routines. This week the U.S. Secret Service issued an alert around Coronavirus-related phishing scams. “Cybercriminals are exploiting the Coronavirus through the wide...


RDP Vulnerabilities

RDP Vulnerabilities

Summary On Tuesday, May 14th, 2019, Microsoft’s Security Response Center released a statement along with a patch for a critical Remote Code Execution vulnerability in Remote Desktop Services. The vulnerability affects Windows Server versions 2008 R2, 2008, and 2003. Windows 7 and XP are also affected. If...


WPA Protocol Vulnerability (KRACKs)

WPA Protocol Vulnerability (KRACKs)

Summary On Monday, October 16th, 2017 10 new vulnerabilities were announced which affect WPA 1 and 2, with both PSK and Enterprise configurations. These vulnerabilities may allow an attacker to view data transmitted between a client and an access point (AP) which were previously assumed to...


Petya Malware Attack

Petya Malware Attack

Summary On Tuesday, June 27th, reports of a new, widespread malware outbreak appeared on security forums and eventually mainstream media sites. The malware at the center of this outbreak, known as “Petya”, appears to have first attacked organizations in Ukraine, before spreading to other Eastern European...


WannaCry Ransomware Attack

WannaCry Ransomware Attack

Summary On Friday morning, a widespread Ransomware attack began spreading across the globe. Going by the name “WannaCry” and some variations, this attack takes advantage of a vulnerability in the Server Message Block (SMB) in Microsoft’s Windows operations system. Once infected, the malicious software operated like...


Google Docs Phishing Attack

Google Docs Phishing Attack

Summary Yesterday afternoon a unique phishing attack impersonating Google Docs quickly began spreading via email. The email appeared to be sharing a Google Doc and contained a link to a legitimate Google webpage, requesting permissions to your account. If you granted the permissions, the attacker had...


Phishing Attacks Simulating Federated Authentication Forms

Phishing Attacks Simulating Federated Authentication Forms

Summary Attackers are using phishing emails with links to landing pages that impersonate federated authentication pages from common providers such as Gmail, Office 365, Yahoo and Twitter. Typically, an attacker may send a link to a “secure” document or message hosted at one of these providers....