InfoSecBulletin Cybersecurity for mankind
Microsoft is looking into a problem with Outlook security alerts when trying to open .ICS calendar files after installing December 2023 Patch Tuesday Office security updates.
“Forces Penpals” exposed US and UK Military Social Network’s 1 Million Records
CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE
Apple Releases Patch for two Actively Exploited Zero-Day
Maxar Space Data Leak, Company admit, Investigation ongoing!
GitHub CLI Vulnerability Could Allow RCE
“Sarcoma” ransomware group
Hacker to disclose “Popular Life Insurance” 36 GB of stolen data
BugHunt 2024: A Milestone Cyber security Competition held at Dhaka
TP-Link DHCP Vulnerability Allow Attackers Takeover Routers Remotely
WSJ reports
T-Mobile hacked in massive breach of telecom networks
Palo Alto Networks Confirms critical RCE zero-day actively exploited
Microsoft 365 users report a problem that they receive warning messages when they try to open locally saved ICS files. The messages indicate a possible security risk.
“This behavior is not expected when opening .ICS files. This is a bug and will be addressed in a future update,” Microsoft explains in this support document.
The company announced that a security warning will appear after installing an update that fixes the CVE-2023-35636 Microsoft Outlook information disclosure vulnerability.
If not fixed, the security flaw can be used by attackers to trick users of unpatched Outlook into opening files to steal Windows credentials.
Attackers can later use the compromised user’s authentication to gain access to sensitive data or spread throughout the network.
