Office for Mac Users Warned of Malicious SYLK Files

Microsoft Office for Mac users are being warned that malicious SYLK files are sneaking past endpoint defenses even when the “disable all macros without notification” is turned on. This leaves systems vulnerable to a remote, unauthenticated attackers who can execute Read More …

LCG Kit: Sophisticated builder for Malicious Microsoft Office Documents

Proofpoint researchers discovered “LCG Kit,” a weaponized document builder service, in March 2018.  Since we began tracking LCG Kit, we have observed it using the Microsoft Equation Editor CVE-2017-11882 [1] exploit in various forms. More recently, its authors have integrated Read More …

Word-based Malware Attack Doesn’t Use Macros

Typically, inbox-based attacks that include malicious Microsoft Office attachments require adversaries to trick users into enabling macros. But researchers say they have identified a new malicious email campaign that uses booby-trapped Office attachments that are macro-free. The attacks do not Read More …

Hackers Exploiting Three Microsoft Office Flaws to Spread Zyklon Malware

Security researchers have spotted a new malware campaign in the wild that spreads an advanced botnet malware by leveraging at least three recently disclosed vulnerabilities in Microsoft Office. Dubbed Zyklon, the fully-featured malware has resurfaced after almost two years and primarily Read More …

Russian ‘Fancy Bear’ Hackers Using (Unpatched) Microsoft Office DDE Exploit

Cybercriminals, including state-sponsored hackers, have started actively exploiting a newly discovered Microsoft Office vulnerability that Microsoft does not consider as a security issue and has already denied to patch it. Last month, we reported how hackers could leverage a built-in feature of Read More …

Attackers Use Undocumented MS Office Feature to Leak System Profile Data

An undocumented Microsoft Office feature allows attackers to gather sensitive configuration details on targeted systems simply by tricking recipients to open a specially crafted Word document—no VBA macros, embedded Flash objects or PE files needed. The undocumented feature is being Read More …

Credit card details and passwords of MILLIONS of users have been leaked online by Microsoft’s Docs.com

Credit card details, passwords and social security numbers are just some of the highly sensitive documents leaked by an online sharing site. Computer security researchers have revealed that Microsoft’s Docs.com is automatically sharing data – which users believed they were Read More …