HPE Aruba Networking fixes four critical RCE flaws in ArubaOS

External Penetration Testing

Secure Internet-facing IT assets.

Internal Penetration Testing

Secure internal networks and servers.

Web Application Penetration Testing

Secure mission-critical Web Apps & APIs.

Medical Device Penetration Testing

Secure smart medical equipment & data.

Cloud Security Services

Secure cloud-hosted assets & environments.

SCADA Cybersecurity Assessment

Secure SCADA / ICS systems & networks.

Cyber Maturity Assessment

Assess and prioritize your cybersecurity.

Red Team Security Services

Protect against sophisticated cyberattacks.

Consulting & Professional Services

Get advice and support from certified experts.

Compliance Services

Meet the requirements of various standards.

View All Vumetric Services →

SOLUTIONS BY STANDARD

SOLUTIONS BY INDUSTRY

SOLUTIONS BY CHALLENGE

Secure your network infrastructure

Protect your network from security breaches.

Secure your applications

Secure your missions-critical applications (Web, Mobile ,etc.).

Secure your cloud infrastructure

Ensure the security of your cloud environments.

Prevent ransomware attacks

Protect your business from ransomware attacks.

Contact a Cybersecurity Specialist →

WHITEPAPERS

CASE STUDIES

TOOLS

VIEW ALL CYBERSECURITY RESOURCES →

PENETRATION TESTING

APPLICATION SECURITY

VIEW ALL CYBERSECURITY NEWS →

FREQUENTLY ASKED QUESTIONS

Why should we perform penetration testing?

Conducting a penetration test is a critical tool used by companies as part of their cybersecurity risk management strategy. It helps organizations identify and fix the vulnerabilities most likely to be exploited to breach their cybersecurity and offers counter-measures to mitigate the most important risks of facing cybersecurity incidents.

Regular testing can help ensure that your security measures are up-to-date and effective against the latest hacking techniques and cyber threats.

Will your pentest help us meet compliance requirements?

Our penetration tests helps several organizations of all types meet compliance requirements every year by identifying vulnerabilities that need remediation. Once remediation testing is completed, we provide an official attestation confirming that vulnerabilities have been remediated, helping organizations meet compliance requirements efficiently.

How is it conducted? What is the process?

The process is divided in various stages including reconnaissance, scanning, exploitation, and post-exploitation stages to identify vulnerabilities and safely exploit them to determine their full impact. Detailed reports are then provided after testing to help you understand and address discovered issues.

During testing, our experts leverage a combination of manual and automated techniques to simulate exploits and attacks that would be used by hackers in a real-world scenario in accordance with the latest industry standards.

How much does it cost?

The cost of a penetration test can vary significantly depending on the scope of the assessment. For external penetration testing, one of the most significant factors in the price is the number of IP addresses that need to be evaluated. For an application penetration test, the complexity of the app and the number of user roles will directly impact pricing.

Learn more about the main factors that determine the cost of a penetration test →

Quickly receive a free quote with no engagement using our self-quoting tool →

Looking For Additional Information?

Visit our detailed FAQ to learn more or get in touch with a Vumetric expert directly to receive free guidance and advice.

DETAILED FAQ

About Vumetric

Learn more about Vumetric and discover why hundreds of organizations trust our experts.

Partnership Program

Unlock new business opportunites by reselling top-of-the-line cybersecurity services.

Certifications

Discover our team's cybersecurity and penetration testing certifications.

PTaaS Platform

Discover the modern way to launch and manage your penetration testing projects.

Methodologies

Discover our cybersecurity testing methodologies and standards.

Careers

Explore new career opportunities and join our team of passionate experts.

1-877-805-7475

[email protected]

GET STARTED

New Microsoft Office zero-day used in attacks to execute PowerShell

EDR, Microsoft, Microsoft Office, Zero-day
May 30, 2022

Security researchers have discovered a new Microsoft Office zero-day vulnerability that is being used in attacks to execute malicious PowerShell commands via Microsoft Diagnostic Tool simply by opening a Word document.

The vulnerability, which has yet to receive a tracking number and is referred to by the infosec community as ‘Follina,’ is leveraged using malicious Word documents that execute PowerShell commands via the MSDT. This new Follina zero-day opens the door to a new critical attack vector leveraging Microsoft Office programs as it works without elevated privileges, bypasses Windows Defender detection, and does not need macro code to be enabled to execute binaries or scripts.

The HTML code then uses Microsoft’s MS-MSDT URI protocol scheme to load additional code and execute PowerShell code.

Multiple security researchers have analyzed the malicious document shared by nao sec and successfully reproduced the exploit with multiple versions of Microsoft Office.

For organizations relying on Microsoft Defender’s Attack Surface Reduction rules, Huntress advises activating the “Block all Office applications from creating child processes” in Block mode, which would prevent Follina exploits.

Another mitigation, from Didier Stevens, would be to remove the file type association for ms-msdt so that Microsoft Office won’t be able to invoke the tool when opening a malicious Folina document.

Share this article on social media:

Subscribe to Our Newsletter!

Stay on top of cybersecurity risks, evolving threats and industry news.

HPE Aruba Networking fixes four critical RCE flaws in ArubaOS

2024-05-02

London Drugs closes all of its pharmacies following ‘cybersecurity incident’

2024-04-29

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

2024-04-25

Microsoft releases Exchange hotfixes for security update issues

2024-04-23

Synlab Italia suspends operations following ransomware attack

2024-04-22

MITRE Corporation Breached by Nation-State Hackers Exploiting Ivanti Flaws

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

2024-04-17

Cisco Duo provider breached, SMS MFA logs compromised

2024-04-16

View more cybersecurity news →

Featured Services

Web Application Penetration Testing

External Network Penetration Testing

Internal Network Penetration Testing

Medical Device Penetration Testing

Cloud Infrastructure Penetration Testing

Enterprise
Cybersecurity Audit

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

Synlab Italia suspends operations following ransomware attack

Synlab Italia has suspended all its medical diagnostic and testing services after a ransomware attack forced its IT systems to be taken offline

Read The Article →

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE 2024 3400 would be possible by disabling the devices 8217 telemetry it has now been comfirmed

Read The Article →

Cisco Duo provider breached, SMS MFA logs compromised

Hackers have managed to compromise a telephony provider for Duo the Cisco owned company providing secure access solutions and steal MFA SMS message logs of Duo customers

Read The Article →

VIEW MORE RECENT NEWS →

CONTACT US

Get in Touch With The Team

Whether you’re looking for more information on our services or simply have a general inquiry, our team remains at your disposal to answer any questions or provide guidance.

A Vumetric expert will be in touch shortly to discuss further.

4.9

5.0

BUILD A QUOTE

RECEIVE YOUR QUOTE QUICKLY

Step 1 of 11

What type of test do you need a quote for?(Required)

External Pentest

Internal Pentest

Web Application Pentest

Mobile Application Pentest

API / Web Service Pentest

Cloud Infra. Pentest

Phishing Simulation

Other Services

What you will get in your detailed quote:

Activities

Including methodologies

Deliverables

Report table of content

Total cost

All-inclusive flat fee

More than 500 organizations received a quote from us in 2023

BOOK A MEETING

Schedule a Meeting With The Team

Looking for more details on how we can help or need guidance to determine the approach best suited for your organization? Plan a virtual meeting with a member of our team to discuss further without any engagement.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

What happens next?

A Vumetric expert learns about your needs and objectives during a quick meeting.

A project scope is defined (target environment, deadlines, requirements, etc.)

A detailed quote including all-inclusive pricing and statement of work is provided.

CONTACT US

Get in Touch With The Team

Whether you’re looking for more information on our services or simply have a general inquiry, our team remains at your disposal to answer any questions or provide guidance.

A Vumetric expert will be in touch shortly to discuss further.

4.9

5.0

BUILD A QUOTE

RECEIVE YOUR QUOTE QUICKLY

Step 1 of 11

What type of test do you need a quote for?(Required)

External Pentest

Internal Pentest

Web Application Pentest

Mobile Application Pentest

API / Web Service Pentest

Cloud Infra. Pentest

Phishing Simulation

Other Services

What you will get in your detailed quote:

Activities

Including methodologies

Deliverables

Report table of content

Total cost

All-inclusive flat fee

More than 500 organizations received a quote from us in 2023

BOOK A MEETING

Schedule a Meeting With The Team

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

What happens next?

A Vumetric expert learns about your needs and objectives during a quick meeting.

A project scope is defined (target environment, deadlines, requirements, etc.)

A detailed quote including all-inclusive pricing and statement of work is provided.

Have a Question?

Got an Urgent Need?

1-877-805-7475

Stay Updated on Cyber Risks

Subscribe to the Vumetric Monthly Bulletin to keep up with breaking news in the cybersecurity industry.

1-877-805-7475

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.

External Penetration Testing

Internal Penetration Testing

Web Application Penetration Testing

Medical Device Penetration Testing

Cloud Security Services

SCADA Cybersecurity Assessment

Cyber Maturity Assessment

Red Team Security Services

Consulting & Professional Services

Compliance Services

Looking For Additional Information?

About Vumetric

Partnership Program

Certifications

PTaaS Platform

Methodologies

Careers

New Microsoft Office zero-day used in attacks to execute PowerShell

Recent News

Featured Services

The Latest Cybersecurity News

CONTACT US

Get in Touch With The Team

4.9

4.9

5.0

BUILD A QUOTE

RECEIVE YOUR QUOTE QUICKLY

What you will get in your detailed quote:

Activities

Deliverables

Total cost

More than 500 organizations received a quote from us in 2023

BOOK A MEETING

Schedule a Meeting With The Team

What happens next?

CONTACT US

Get in Touch With The Team

4.9

4.9

5.0

BUILD A QUOTE

RECEIVE YOUR QUOTE QUICKLY

What you will get in your detailed quote:

Activities

Deliverables

Total cost

More than 500 organizations received a quote from us in 2023

BOOK A MEETING

Schedule a Meeting With The Team

What happens next?

USA - HQ

Canada - HQ

Canada - Satellite

BOOK A MEETING

Enter your Email Address

PENETRATION TESTING Buyer's Guide

Everything You Need to Know