Articles of interest from the week of May 30, 2022

Zero-Day Bug Exploited by Attackers via Macro-Less Microsoft Office Documents (CVE-2022-30190)

A newly numbered Windows zero-day vulnerability (CVE-2022-30190) is being exploited in the wild via specially crafted Office documents (without macros), security researchers are warning. (By Zeljka Zorz, Help Net Security)

You Need to Update iOS, Chrome, Windows, and Zoom ASAP

May has been another busy month of security updates, with Google’s Chrome browser and Android operating system, Zoom, and Apple’s iOS releasing patches to fix serious vulnerabilities. (By Kate O’Flaherty, WIRED)

FBI and NSA Say: Stop Doing These 10 Things That Let the Hackers In

CISA, the FBI, and National Security Agency (NSA), as well as cybersecurity authorities from Canada, New Zealand, the Netherlands, and the UK, have compiled a list of the main weak security controls, poor configurations, and poor security practices that defenders should implement to thwart initial access. It also contains the authorities' collective recommended mitigations. (By Liam Tung, ZDNet)

The Ransomware Crisis Deepens, While Data Recovery Stalls

When it comes to ransomware, more companies are seeing attacks and have had data encrypted, according to research out this week. And even though more companies are backing up or paying ransom demands, less data was recovered in 2021 compared with the previous year. (Robert Lemos, Dark Reading)

Intuit Warns of QuickBooks Phishing Threatening To Suspend Accounts

Tax software vendor Intuit has warned that QuickBooks customers are being targeted in an ongoing series of phishing attacks impersonating the company and trying to lure them with fake account suspension warnings. (By Sergiu Gatlan, Bleeping Computer)