VB Migration

Tag: office

  • VB2018 paper: Office bugs on the rise

    A large portion of today’s malware infections use malicious Office documents as a first-stage payload. Typically, the user is tricked into enabling macros or disabling some security protection, after which the next-stage payload is downloaded and executed. However, a different kind of Office malware targets outdated versions of Microsoft Office , which continue to be…

  • VB2018 paper: Office bugs on the rise

    A large portion of today’s malware infections use malicious Office documents as a first-stage payload. Typically, the user is tricked into enabling macros or disabling some security protection, after which the next-stage payload is downloaded and executed. However, a different kind of Office malware targets outdated versions of Microsoft Office , which continue to be…

  • .SettingContent-ms files remind us that it is features, not bugs we should be most concerned about

    One of the most significant developments in the threat landscape in recent years has been the return of malicious Office macros, their resurgence having started four years ago . Unlike their predecessors from the 1990s, these macros can’t run automatically, but require the user to explicitly enable macros. This obviously mitigates the damage quite a…

  • .SettingContent-ms files remind us that it is features, not bugs we should be most concerned about

    One of the most significant developments in the threat landscape in recent years has been the return of malicious Office macros, their resurgence having started four years ago . Unlike their predecessors from the 1990s, these macros can’t run automatically, but require the user to explicitly enable macros. This obviously mitigates the damage quite a…

  • New paper: Powering the distribution of Tesla stealer with PowerShell and VBA macros

    Ever since their return more than four years ago, initially in targeted attacks and later in large-scale malware campaigns, Office macros have been one of the most prominent ways to spread malware. Today, we publish a research paper by Aditya K. Sood and Rohit Bansal of SecNiche Security , in which they analyse a malware…

  • New paper: Powering the distribution of Tesla stealer with PowerShell and VBA macros

    Ever since their return more than four years ago, initially in targeted attacks and later in large-scale malware campaigns, Office macros have been one of the most prominent ways to spread malware. Today, we publish a research paper by Aditya K. Sood and Rohit Bansal of SecNiche Security , in which they analyse a malware…

  • Is CVE-2017-0199 the new CVE-2012-0158?

    There are two good reasons not to be concerned about CVE-2012-0158 , an RTF handling vulnerability in Microsoft Office . First, the vulnerability was patched more than five years ago, so if you follow good security practices and patch regularly, you won’t have to worry about it. Secondly, if you are following those good security practices,…

  • Is CVE-2017-0199 the new CVE-2012-0158?

    There are two good reasons not to be concerned about CVE-2012-0158 , an RTF handling vulnerability in Microsoft Office . First, the vulnerability was patched more than five years ago, so if you follow good security practices and patch regularly, you won’t have to worry about it. Secondly, if you are following those good security practices,…

  • Paper: New Keylogger on the Block

    Keyloggers have long been a popular tool for cybercriminals, something made worse by the fact that many of them are sold commercially. Today, we publish a paper ( here as a PDF) by Sophos researcher Gabor Szappanos, in which he studies the ‘KeyBase’ keylogger. Though the product has officially been discontinued, allegedly because of abuse…

  • Paper: New Keylogger on the Block

    Keyloggers have long been a popular tool for cybercriminals, something made worse by the fact that many of them are sold commercially. Today, we publish a paper ( here as a PDF) by Sophos researcher Gabor Szappanos, in which he studies the ‘KeyBase’ keylogger. Though the product has officially been discontinued, allegedly because of abuse…