Credit to Author: Jérôme Segura| Date: Mon, 02 Jul 2018 21:12:47 +0000
 | |
| The latest macro-less technique to distribute malware via Office documents does not involve exploits. Just a little bit of social engineering. Categories: Tags: deeplinkmacro-lessmalwareOfficesettingcontent-ms |
The post New macro-less technique to distribute malware appeared first on Malwarebytes Labs.
Read moreCredit to Author: Christopher Boyd| Date: Fri, 01 Jun 2018 15:00:00 +0000
 | |
| If you make use of Flash or Silverlight in your day-to-day activities, you may need to have a word with IT. For everyone else, your Office 365 experience is about to become a lot more secure. Categories: Tags: 365controlsflashmacrosmicrosoftOfficeshockwavesilverlight |
The post Blocks for Flash and others coming to Office 365 appeared first on Malwarebytes Labs.
Read more
Credit to Author: BrianKrebs| Date: Tue, 13 Mar 2018 19:36:28 +0000
Adobe and Microsoft each pushed critical security updates to their products today. Adobe’s got a new version of Flash Player available, and Microsoft released 14 updates covering more than 75 vulnerabilities, two of which were publicly disclosed prior to today’s patch release. The Microsoft updates affect all supported Windows operating systems, as well as all supported versions of Internet Explorer/Edge, Office, Sharepoint and Exchange Server. All of the critical vulnerabilities from Microsoft are in browsers and browser-related technologies, according to a post from security firm Qualys.
Read moreCredit to Author: Jérôme Segura| Date: Tue, 17 Oct 2017 15:00:16 +0000
 | |
| An old Microsoft Office feature has been brought back to the forefront as way to distribute malware without relying on macros or exploits. Categories: Tags: DDEDDEAUTOmacromalspammalwaremicrosoftOfficeword |
The post Old MS Office feature weaponized in malspam attacks appeared first on Malwarebytes Labs.
Read more
Credit to Author: BrianKrebs| Date: Wed, 11 Oct 2017 14:18:40 +0000
Microsoft on Tuesday released software updates to fix at least 62 security vulnerabilities in Windows, Office and other software. Two of those flaws were detailed publicly before yesterday’s patches were released, and one of them is already being exploited in active attacks, so attackers already have a head start.
Read moreCredit to Author: Jérôme Segura| Date: Thu, 21 Sep 2017 15:00:24 +0000
 | |
| Threat actors leverage a Microsoft Office exploit to spy on their victims. In this blog post, we will review its delivery mechanism and analyze the malware we observed, a modified version of a commercial Remote Administration Tool (RAT). Categories: Tags: CP2000CVE-2017-0199docexploitIRSmalspammalwareOfficephishingratremote administration toolRMSspyword |
The post Fake IRS notice delivers customized spying tool appeared first on Malwarebytes Labs.
Read moreIn response to the growing trend of macro-based threats, a new feature in Office 2016 allows an enterprise administrator to block users from running macros in Office documents that originated from the Internet. This feature was documented back in March: New feature in Office 2016 can block macros and help prevent infection, and the predominant…
Read moreRecently, we’ve seen reports of malicious files that misuse the legitimate Office object linking and embedding (OLE) capability to trick users into enabling and downloading malicious content. Previously, we’ve seen macros used in a similar matter, and this use of OLE might indicate a shift in behavior as administrators and enterprises are mitigating against this…
Read more