On May 27, 2022, the nao_sec independent security research group shared a VirusTotal link to a weaponized Microsoft Office document revealing a previously unknown vulnerability in the Microsoft Support Diagnostic Tool (MSDT). This vulnerability is most likely to be exploited via phishing lure attachments and is triggered when a document is opened.

It’s been a really long few years in IT. You’ve been working nearly ‘round the clock. First, it was “get everyone remote and productive!” Then it was, “make sure everything is secured!” Now, it’s “we need to document everything with all the new security and privacy compliance requirements!” It’s easy to feel like you’re stuck in a perpetual hamster wheel, running continuously and going nowhere.

You’re reading the handwriting on the wall. Your company expanded its cloud infrastructure over the last few years, adding more and more Software-as-a-Service (SaaS) applications to its stack in response to remote work. Like 86% of other companies, you expect that this will continue at the same or an accelerated pace. In response to these IT changes, new laws and industry standards expect you to move toward a zero trust architecture.

Supercharging CrowdStrike’s artificial intelligence requires both human professionals and the right technologies to deliver blisteringly fast and accurate machine learning model training with a small footprint on the CrowdStrike Falcon® sensor. CrowdStrike data scientists continuously explore theoretical and applied machine learning research to advance and set the industry standard in protecting customers from sophisticated threats and adversaries.

Everyone is at risk of a data breach or cyber attack, no matter how small or large a company is. Hackers and cybercriminals come up with new ways every day to steal sensitive information or personal data that they can potentially sell or ransom for money. According to a report published by the Identity Theft Resource Center (ITRC), a record number of 1862 data breaches occurred in 2021 in the US.

‍Cybersecurity is a broad term that describes the practice of securing and protecting all computer systems, devices, and programs in an IT environment from cyber attacks or cyber threats. However, within the field of cybersecurity, there are many different specializations that individuals can choose for their career paths.

It’s hard to think about personal digital safety and enterprise cybersecurity without referencing passwords. This is why I’m excited that Lookout has acquired SaferPass, an innovative Password Management company that provides secure online identity solutions for both consumers and businesses of all sizes. With the rise in identity theft and threats that seek to compromise corporate applications and emails, passwords offer a critical line of defense.

Cybersecurity awareness, protection, and prevention is all-encompassing. In addition to implementing the right tools and resources, and hiring skilled professionals with the right cybersecurity education and experience, organizations should be aware of the latest CVEs.

On May 27, 2022, a Microsoft Office document was submitted from Belarus to VirusTotal, using a novel method to deliver its payload. This new technique was identified as a Zero-Day RCE (Remote Code Execution) vulnerability in Microsoft Support Diagnostic Tool (MSDT), which is now being tracked as CVE-2022-30190. As of this writing, it affects only Windows computers running with MSDT URI protocol enabled.

“Ransomware has become the enemy of the day; the threat that was first feared on Pennsylvania Avenue and subsequently detested on Wall Street is now the topic of conversation on Main Street.” Frank Dickson, Program Vice President, Cybersecurity Products at IDC.