Threat Intelligence Bulletin – Follina, Stolen VPN Credentials, and Telegram Phishing

Microsoft Office zero-day ‘Follina’ (CVE-2022-30190) exploiting Support Diagnostic Tools

• https://threatpost.com/zero-day-follina-bug-lays-older-microsoft-office-versions-open-to-attack/179756/
• https://www.zdnet.com/article/this-zero-day-windows-flaw-opens-a-backdoor-to-hackers-via-microsoft-word-heres-how-to-fix-it/

---

FBI warns hackers selling VPN credentials from educational institutions

• https://thehackernews.com/2022/05/fbi-warns-about-hackers-selling-vpn.html

---

Chinese hackers infecting victims using man-on-the-side attacks by monitoring network tracking

• https://www.bleepingcomputer.com/news/security/chinese-luoyu-hackers-deploy-cyber-espionage-malware-via-app-updates/

---

Windows Search zero-day can be used to open search window with remotely-hosted malware by launching a word doc

• https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/

---

Telegraph blogging platform being used for credential harvesting pages of phishing campaigns

• https://www.bleepingcomputer.com/news/security/telegram-s-blogging-platform-abused-in-phishing-attacks/

---

Zero-day in unpatched Atlassian Confluence being exploited

• https://www.helpnetsecurity.com/2022/06/03/cve-2022-26134/
• https://thehackernews.com/2022/06/hackers-exploiting-unpatched-critical.html