Hackers Use Weaponized LNK Files to Exploit Microsoft Connection Manager Profile | allinfosecnews.com

Aug. 25, 2023, 8:41 a.m. | Eswar

Cyber Security News cybersecuritynews.com

Threat actors have shifted from using malicious macros to malicious LNK files for initial access. This is due to Microsoft’s announcement in 2022 to disable macros by default for Office documents downloaded from unknown sources or the internet. The current attack vector uses the Microsoft Connection Manager Profile, which runs the process cmstp.exe for proxying […]

The post Hackers Use Weaponized LNK Files to Exploit Microsoft Connection Manager Profile appeared first on Cyber Security News.

access announcement attack attack vector current default documents exploit files hackers initial access internet lnk lnk files macros malicious manager microsoft office profile threat threat actors weaponized lnk files

More from cybersecuritynews.com / Cyber Security News

Android Bug Leaks DNS Traffic to Hackers While Switching VPN Servers 4 hours ago | cybersecuritynews.com

android android 14 bug critical +21

ShadowSyndicate Hackers Exploit Aiohttp Vulnerability To Steal Sensitive Data 20 hours ago | cybersecuritynews.com

access aiohttp vulnerability asynchronous attackers +25

Florida Man Arrested For Selling Fake Cisco Device To U.S. Military 20 hours ago | cybersecuritynews.com

arrested cisco computer counterfeit +25

How U.S K-12 Schools Can Solve Their Top 10 Cybersecurity Challenges – Free E-Book 20 hours ago | cybersecuritynews.com

access book can challenges +27

AI-Based Webshell Detection Model – Detailed Overview 21 hours ago | cybersecuritynews.com

access ai-based security attackers code +23

Critical OpenVPN Zero-Day Flaws Affecting Millions of Endpoints Across the Globe 23 hours ago | cybersecuritynews.com

android bsd critical cyber security +23

Operation PANDORA Shutdown 12 Fake Call Centers that Steal Over €10M 1 day, 2 hours ago | cybersecuritynews.com

10 million a network call call centers +19

CISA & FBI Release Urges Developers to Eliminate Directory Traversal Vulnerabilities 1 day, 3 hours ago | cybersecuritynews.com

agency alert bureau calling +24

LayerX Security Raises $24M for its Browser Security Platform, Enabling Employees to Work Securely from … 1 day, 19 hours ago | cybersecuritynews.com

browser browser security capital dell +24

Principal Security Engineer

@ Elsevier | Home based-Georgia

View on infosec-jobs.com

Infrastructure Compliance Engineer

@ NVIDIA | US, CA, Santa Clara

View on infosec-jobs.com

Information Systems Security Engineer (ISSE) / Cybersecurity SME

@ Green Cell Consulting | Twentynine Palms, CA, United States

View on infosec-jobs.com

Sales Security Analyst

@ Everbridge | Bengaluru

View on infosec-jobs.com

Alternance – Analyste Threat Intelligence – Cybersécurité - Île-de-France

@ Sopra Steria | Courbevoie, France

View on infosec-jobs.com

Third Party Cyber Risk Analyst

@ Chubb | Philippines

View on infosec-jobs.com