An email with the subject of *CONFIRM ORDER AND REVISE INVOICE* pretending to come from admin@ random company with a malicious word doc attachment. This word doc is actually a RTF file that uses what looks like the CVE-2017-0199 exploit, although this looks quite different to previous versions I have seen. At … Continue reading →