Office

Pierluigi Paganini February 22, 2021
Researchers uncovered a new Malware Builder dubbed APOMacroSploit

Researchers spotted a new Office malware builder, tracked as APOMacroSploit, that was employed in a campaign targeting more than 80 customers worldwide. Researchers from security firm Check Point uncovered a new Office malware builder called APOMacroSploit, which was employed in attacks that targeted more than 80 customers worldwide. APOMacroSploit is a macro builder that was […]

Pierluigi Paganini June 10, 2019
Microsoft warns of spam campaign exploiting CVE-2017-11882 flaw

Microsoft is warning of an active spam campaign targeting European languages that leverages an exploit to infect simply by opening the attachment. Microsoft issued a warning on Friday about an ongoing spam campaign that is targeting European users. Spam messages are carrying weaponized RTF documents that could infect users with malware without any user interaction, […]

Pierluigi Paganini January 18, 2018
Threat actors are delivering the Zyklon Malware exploiting three Office vulnerabilities

Security experts from FireEye have spotted a new strain of the Zyklon malware that has been delivered by using new vulnerabilities in Microsoft Office. Researchers at FireEye reported the malware was used in attacks against organizations in the telecommunications, financial, and insurance sectors. Zyklon has been spotted for the first time in 2016, it is a publicly available […]

Pierluigi Paganini January 10, 2018
January 2018 Patch Tuesday security updates fix a zero-day vulnerability in MS Office

Microsoft has released the January 2018 Patch Tuesday security updates, containing fixes for 56 vulnerabilities including the zero-day vulnerability CVE-2018-0802 in MS Office. Microsoft has released the January 2018 Patch Tuesday security updates, containing fixes for 56 vulnerabilities including a zero-day vulnerability in MS Office. 16 security updates are rated as critical, 38 as important, 1 […]

Pierluigi Paganini November 15, 2017
17-Year-Old MS Office flaw CVE-2017-11882 could be exploited to remotely install malware without victim interaction

Ops, a 17-Year-Old flaw in MS Office, tracked as CVE-2017-11882, could be exploited by remote attackers to install a malware without user interaction. Ops, a 17-Year-Old vulnerability in MS Office could be exploited by remote attackers to install a malware without user interaction. The flaw is a memory-corruption issue that affects all versions of Microsoft […]

Pierluigi Paganini October 11, 2017
Microsoft addresses CVE-2017-11826 Office Zero-Day used to deliver malware

Microsoft October Patch Tuesday addresses the CVE-2017-11826 Office Zero-Day vulnerability that has been exploited in the wild in targeted attacks. Yesterday we discussed Microsoft’s October Patch Tuesday addressed three critical zero-day security vulnerabilities tied to the DNSSEC protocol. Going deep in the analysis of the Patch Tuesday updates for October 2017 we can see that Microsoft addressed […]

Pierluigi Paganini August 15, 2017
CVE-2017-0199: Crooks exploit PowerPoint Slide Show files to deliver malware

According to Trend Micro, cyber criminals abuse the CVE-2017-0199 vulnerability to deliver malware via PowerPoint Slide Show. In April Microsoft fixed the CVE-2017-0199  vulnerability in Office after threat actors had been exploiting it in the wild. Hackers leveraged weaponized Rich Text File (RTF) documents exploiting a flaw in Office’s Object Linking and Embedding (OLE) interface to deliver malware such […]

Pierluigi Paganini October 15, 2015
Microsoft fixes critical vulnerabilities affecting Windows and Office

Microsoft has released the month’s Microsoft Patch Tuesday that has fixed 33 vulnerabilities, most of them critical and affecting Internet Explorer. Here we are to discuss the last month’s Microsoft Patch Tuesday that this month fixed for 33 vulnerabilities, most of them affecting Internet Explorer. The experts warned that that many of the vulnerabilities are critical and […]

Pierluigi Paganini January 29, 2015
Spam campaign relies on macros embedded in empty Word documents

Experts at Bitdefender have discovered a spam campaign that tricks antispam filters by relying on macros in Empty Word Documents. Security experts at BitDefender observed a new tactic adopted by spammers that rely on emails with an empty Word document in the attachment to bypass anti-spam filters. The social engineering strategy adopted by spammers to lure victims into […]