My Shared Links — Week 39/2022

Xavier «X» Santolaria
3 min readOct 3, 2022

Collection of the resources and links I have found insightful and shared during week #39 of 2022.

Photo by Towfiqu barbhuiya on Unsplash

Microsoft confirms new Exchange zero-days are used in attacks

🚨 Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in the wild.

The first vulnerability, identified as CVE-2022–41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second, identified as CVE-2022–41082, allows remote code execution (RCE) when PowerShell is accessible to the attacker,” Microsoft said.

Brave browser to start blocking annoying cookie consent banners

The Brave browser will soon allows users to block annoying and potentially privacy-harming cookie consent banners on all websites they visit.

These banners have become necessary to do business online to comply with data protection regulations like GDPR.

In some cases, however, these banners can serve as #trackers themselves, as they engage in a privacy-breaching data exchange before the user even has a chance to opt out.

Hackers use PowerPoint files for ‘mouseover’ malware delivery

Hackers believed to work for Russia have started using a new code execution technique that relies on mouse movement in Microsoft PowerPoint presentations to trigger a malicious PowerShell script.

No malicious macro is necessary for the malicious code to execute and download the payload, for a more insidious attack.

--

--