The College of New Jersey

Apply     Visit     Give     |     Alumni     Parents     Offices     TCNJ Today     Three Bar Menu

Author Archives: minsterg

EXPLOIT – CVE-2021-30860 – FORCEDENTRY zero-day exploit on Apple devices

The FORCEDENTRY vulnerability was discovered last week by CitizenLab.  This vulnerability allows attackers to craft malicious PDF files which the device then process and runs the attackers code, leading to data theft, impersonation and potential device takeover.  This vulnerability exploits Apple’s image rendering library, CoreGraphics and requires no interaction from the user once the text… Continue Reading

Exploit – CVE-2021-40444 – MSHTML RCE Vulnerbility via malicious Microsoft Office documents

This week Microsoft reported that they are seeing this vulnerability being actively exploited in the wild.  The attacker crafts a Microsoft Office document which contains a malicious ActiveX control, that once installed, grants the attacker the same rights as the user who opened the document.  This can allow the attacker to run code, install and… Continue Reading

Phish – Subject:Evaulation.docx01.docx

New phish reported, 04/28/2021.  Mail comes from a Jeremy Keifer in the From field and the email appears to be from some variation of share-drive-noreply@google.com.  It is impersonating Kathryn Foster and claims to share a file from Sharepoint (it also has a typo and misspells “has”).  Do not open this attachment or enter any information.… Continue Reading

August 2020 Security Patches

Microsoft’s Patch Tuesday addressed 120 vulnerabilities.  17 are critical severity rated, with two zero days addressed.  The first allows attackers to bypass security features to load files, and the second affects the Internet Explorer scripting engine, allowing attackers to execute code. Both zero days are actively exploited and one is publicly disclosed. Additional information can… Continue Reading

Top