Critical Patches Issued for Microsoft ProductS
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Affected Systems:
- Many popular Microsoft products including, but not limited to, Windows, Office, and .NET
Risk
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
References
Ransomware Campaign Abuses AWS Encryption Service
to Encrypt S3 Buckets
Researchers at Halcyon warn that a new ransomware campaign is abusing AWS’s Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt data in Amazon S3 buckets. The attacks don't exploit any AWS vulnerabilities; the threat actors simply use stolen or publicly disclosed AWS keys with permission to write and read S3 objects. The attacker then generates a local encryption key and encrypts the victim's data. Halcyon notes, "AWS CloudTrail logs only an HMAC of the encryption key, which is insufficient for recovery or forensic analysis." In the cases observed by Halcyon, the attackers mark the encrypted files for deletion in seven days and place a ransom note with a Bitcoin address in the affected directory.
AWS provided the following statement in response to Halcyon's findings: "AWS helps customers secure their cloud resources through a shared responsibility model. Anytime AWS is aware of exposed keys, we notify the affected customers. We also thoroughly investigate all reports of exposed keys and quickly take any necessary actions, such as applying quarantine policies to minimize customer risks without disrupting their IT environment. We encourage all customers to follow security, identity, and compliance best practices. If a customer suspects they may have exposed their credentials; they can start by following the steps listed in this post."
Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user.
Affected Systems:
- Photoshop 2025 26.1 and earlier versions
- Photoshop 2024 25.12 and earlier versions
- Adobe Substance 3D Stager 3.0.4 and earlier versions
- Adobe Illustrator on iPad 3.0.7 and earlier versions
- Adobe Animate 2023 23.0.9 and earlier versions
- Adobe Animate 2024 24.0.6 and earlier versions
- Adobe Substance 3D Designer 14.0 and earlier versions
Risk
- Large and medium business entities: High
- Small business entities: Medium
Remediation Recommendations
References
Oracle Quarterly Critical Patches Issued January 21, 2025
Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution.
Affected Systems:
- Most Oracle products including, but not limited to, Oracle Communications, Oracle Java SE, and MySQL
Risk:
- Large and medium business entities: High
- Small business entities: High
Remediation Recommendations
- Ensure all devices utilizing Oracle products have the latest version(s) installed
- Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it)
References
Ransomware Actors Launch Social Engineering Attacks
of Microsoft Teams
Ransomware actors are impersonating tech support in Microsoft Teams calls to trick employees into granting remote access, according to researchers at Sophos. The researchers note that two separate threat actors "operated their own Microsoft Office 365 service tenants as part of their attacks and took advantage of a default Microsoft Teams configuration that permits users on external domains to initiate chats or meetings with internal users."
The threat actors first send thousands of spam emails to the targeted employee, then contact the employee via Microsoft Teams posing as tech support and offering instructions to stop the barrage of spam. During the Teams call, the attacker tricks into allowing a remote screen control session through Teams. The attacker then uses this access to install malware.
