Office for Mac Users Warned of Malicious SYLK Files

Posted onNovember 1, 2019November 5, 2019

Microsoft Office for Mac users are being warned that malicious SYLK files are sneaking past endpoint defenses even when the “disable all macros without notification” is turned on. This leaves systems vulnerable to a remote, unauthenticated attackers who can execute Read More …

Compromised Office 365 Accounts Used to Send 1.5 Million Email Threats in March

Posted onMay 6, 2019May 9, 2019

Microsoft Office 365 remains an attractive target for cybercriminals as it continues to be used by businesses worldwide. In a new report from Barracuda Networks, the company revealed that more than 1.5 million malicious and spam emails were sent from thousands of Read More …

LCG Kit: Sophisticated builder for Malicious Microsoft Office Documents

Posted onDecember 13, 2018December 18, 2018

Proofpoint researchers discovered “LCG Kit,” a weaponized document builder service, in March 2018. Since we began tracking LCG Kit, we have observed it using the Microsoft Equation Editor CVE-2017-11882 [1] exploit in various forms. More recently, its authors have integrated Read More …

Word-based Malware Attack Doesn’t Use Macros

Posted onFebruary 15, 2018February 16, 2018

Typically, inbox-based attacks that include malicious Microsoft Office attachments require adversaries to trick users into enabling macros. But researchers say they have identified a new malicious email campaign that uses booby-trapped Office attachments that are macro-free. The attacks do not Read More …

Hackers Exploiting Three Microsoft Office Flaws to Spread Zyklon Malware

Posted onJanuary 17, 2018January 19, 2018

Security researchers have spotted a new malware campaign in the wild that spreads an advanced botnet malware by leveraging at least three recently disclosed vulnerabilities in Microsoft Office. Dubbed Zyklon, the fully-featured malware has resurfaced after almost two years and primarily Read More …

Russian ‘Fancy Bear’ Hackers Using (Unpatched) Microsoft Office DDE Exploit

Posted onNovember 8, 2017November 9, 2017

Cybercriminals, including state-sponsored hackers, have started actively exploiting a newly discovered Microsoft Office vulnerability that Microsoft does not consider as a security issue and has already denied to patch it. Last month, we reported how hackers could leverage a built-in feature of Read More …

Attackers Use Undocumented MS Office Feature to Leak System Profile Data

Posted onSeptember 18, 2017September 20, 2017

An undocumented Microsoft Office feature allows attackers to gather sensitive configuration details on targeted systems simply by tricking recipients to open a specially crafted Word document—no VBA macros, embedded Flash objects or PE files needed. The undocumented feature is being Read More …

Credit card details and passwords of MILLIONS of users have been leaked online by Microsoft’s Docs.com

Posted onMarch 28, 2017March 29, 2017

Credit card details, passwords and social security numbers are just some of the highly sensitive documents leaked by an online sharing site. Computer security researchers have revealed that Microsoft’s Docs.com is automatically sharing data – which users believed they were Read More …

Cyber Security Review

Unique content I Global reach I Direct mailing and online

Microsoft Office