office
Microsoft’s March Security Update of High-Risk Vulnerability Notice for Multiple Products
Overview On March 11, NSFOCUS CERT detected that Microsoft released the March Security Update patch, which fixed 83 security issues involving widely used products such as Windows, Microsoft Office, Microsoft SQL Server, ...
Microsoft’s January Security Update of High-Risk Vulnerability Notice for Multiple Products
Overview On January 14, NSFOCUS CERT detected that Microsoft released the January Security Update patch, which fixed 112 security issues involving widely used products such as Windows, Microsoft Office, Microsoft SQL Server, ...
Microsoft’s August Security Update on High-Risk Vulnerabilities in Multiple Products
Overview On August 14, NSFOCUS CERT detected that Microsoft released a security update patch for August, which fixed 90 security issues involving widely used products such as Windows, Microsoft Office, Visual Studio ...
Cybercriminals Leverage File-Based Attacks to Infiltrate Critical Networks
According to Verizon’s 2022 Data Breach Investigations Report, office docs and emails continue to be proven ways that cybercriminals deliver harmful payloads to gain access into organizations’ networks. Threat actors can conceal ...
‘Wormable’ Flaw Leads July Microsoft Patches
Microsoft today released updates to plug a whopping 123 security holes in Windows and related software, including fixes for a critical, "wormable" flaw in Windows Server versions that Microsoft says is likely ...
Court Lets Microsoft Seize Web Domains Used in COVID-19 Phishing/BEC Scams and Fraud
A U.S. court order has allowed Microsoft to seize control of key domains controlled by fraudsters to halt criminal activity after an increase in scams targeting users of Office 365. The U.S ...
New COVID-19-themed Malware Campaign Spreading through Emails
Microsoft warns of a new COVID 19-related malware campaign spreading by email and using Excel 4.0 macros and NetSupport Manager to compromise systems. The email is a favorite method for attackers to ...
Analysing a massive Office 365 phishing campaign
Last week, a friend of mine reached out with a query: a contact in his address book had sent him a suspicious email. As it turns out, it was. In this blog ...
Deeper Down the Rabbit Hole: Second-Stage Attack and a Fileless Finale
In our last blog, “Following a Trail of Confusion: PowerShell in Malicious Office Documents”, we systematically unraveled multiple layers of obfuscation initiated by a weaponized first-stage Microsoft Word document to reveal a ...
New macro-less technique to distribute malware
The latest macro-less technique to distribute malware via Office documents does not involve exploits. Just a little bit of social engineering. Categories: Threat analysis Tags: deeplinkmacro-lessmalwareOfficesettingcontent-ms (Read more...) The post New macro-less ...
