InfoSecBulletin Cybersecurity for mankind
Microsoft is looking into a problem with Outlook security alerts when trying to open .ICS calendar files after installing December 2023 Patch Tuesday Office security updates.
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code
Microsoft 365 users report a problem that they receive warning messages when they try to open locally saved ICS files. The messages indicate a possible security risk.
“This behavior is not expected when opening .ICS files. This is a bug and will be addressed in a future update,” Microsoft explains in this support document.
The company announced that a security warning will appear after installing an update that fixes the CVE-2023-35636 Microsoft Outlook information disclosure vulnerability.
If not fixed, the security flaw can be used by attackers to trick users of unpatched Outlook into opening files to steal Windows credentials.
Attackers can later use the compromised user’s authentication to gain access to sensitive data or spread throughout the network.
