159-CVE January Patch Tuesday smashes single-month record
Credit to Author: Angela Gunn| Date: Wed, 15 Jan 2025 03:09:41 +0000
Brace yourselves… and consider reading your email in plaintext for now
Read moreRTF
[Updated]Microsoft Office zero-day “Follina”—it’s not a bug, it’s a feature! (It’s a bug)
Credit to Author: Pieter Arntz| Date: Mon, 30 May 2022 18:09:26 +0000
Researchers around the world are working to understand a new remote code vulnerability in Microsoft Office dubbed Follina.
The post [Updated]Microsoft Office zero-day “Follina”—it’s not a bug, it’s a feature! (It’s a bug) appeared first on Malwarebytes Labs.
Read moreMicrosoft Office zero-day “Follina”—it’s not a bug, it’s a feature! (It’s a bug)
Credit to Author: Pieter Arntz| Date: Mon, 30 May 2022 18:09:26 +0000
Researchers around the world are working to understand a new remote code vulnerability in Microsoft Office dubbed Follina.
The post Microsoft Office zero-day “Follina”—it’s not a bug, it’s a feature! (It’s a bug) appeared first on Malwarebytes Labs.
Read moreA new Equation Editor exploit goes commercial, as maldoc attacks using it spike
Credit to Author: Gabor Szappanos| Date: Thu, 18 Jul 2019 16:00:18 +0000
Weaponized RTF documents adopt CVE-2018-0798, another Equation Editor vulnerability<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/ltjXsAajVFc” height=”1″ width=”1″ alt=””/>
Read moreMalicious doc “builders” abandon old exploits wholesale
Credit to Author: Gabor Szappanos| Date: Tue, 11 Sep 2018 16:15:26 +0000
A key piece of the malware ecosystem adopts new vulnerabilities, and scraps old exploits, in record time<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/gKMCGkmvrcQ” height=”1″ width=”1″ alt=””/>
Read moreMalspam campaigns exploiting recent MS Office vulnerability ‘CVE-2017-11882’ – An Analysis by Quick Heal Security Labs
Credit to Author: Aniruddha Dolas| Date: Mon, 05 Feb 2018 10:12:34 +0000
No wonder malspam campaigns are a major medium to spread malware. Previously, we have written about such campaigns making use of MS Office malware such as malicious macro, CVE-2017-0199, CVE-2017-8759 and DDE-based attack. Recently, we have started observing various malspam campaigns exploiting the latest MS Office vulnerability CVE-2018-11882. Let’s take a look…
Read moreMalspam campaigns exploiting recent MS Office vulnerability ‘CVE-2017-11882’
Credit to Author: Aniruddha Dolas| Date: Mon, 05 Feb 2018 10:12:34 +0000
No wonder malspam campaigns are a major medium to spread malware. Previously, we have written about such campaigns making use of MS Office malware such as malicious macro CVE-2017-0199, CVE-2017-8759 and DDE-based attack. Recently, we have started observing various malspam campaigns exploiting the latest MS Office vulnerability CVE-2018-11882. Let’s take a…
Read moreAn emerging trend of DDE based Office malware – an analysis by Quick Heal Security Labs
Credit to Author: Aniruddha Dolas| Date: Wed, 06 Dec 2017 09:27:30 +0000
For the past few years, we have been seeing macro-based attacks through Object Linking Embedding (OLE)/Microsoft Office files. But, presently, attackers are using a different technique to spread malware through Office files – using a new attack vector called ‘Dynamic Data Exchange (DDE)’. DDE is an authorized Microsoft Office feature that provides several methods for transferring data between applications. Once the communication protocol is established, it doesn’t require user interactions…
Read more