Microsoft Word – Page 9 – WindowsTechs.com

Microsoft patches zero-day exploit against Internet Explorer

Posted on August 15, 2018 by Patrick Howell O'Neill

Researchers at Trend Micro recently discovered a high-risk zero-day exploit against the latest versions of Windows and Internet Explorer in malicious web traffic, the security firm announced on Wednesday. Microsoft issued patches this week. The vulnerability, dubbed CVE-2018-8373, is “a remote code execution vulnerability [that] exists in the way that the scripting engine handles objects in memory in Internet Explorer,” according to Microsoft. “The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user,” Microsoft said. The vulnerability is exploited by visiting a malicious web page or opening a malicious Microsoft Word document rendered with Internet Explorer. Internet Explorer is the second-most-popular web browser after Google Chrome. It’s also especially popular in enterprise environments, which means exploits can potentially be used to attack businesses and other large organizations. Trend Micro security researcher Elliot Cao is credited with discovery. […]

The post Microsoft patches zero-day exploit against Internet Explorer appeared first on Cyberscoop.

Continue reading Microsoft patches zero-day exploit against Internet Explorer→

Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M

Posted on July 24, 2018 by BrianKrebs

Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. Now the financial institution is suing its cybersecurity insurance provider for refusing to fully cover the losses. Continue reading Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M→

Hackers Keep it Simple: Malware Evades Detection by Simply Copying a File

Posted on February 13, 2018 by Adrian Taylor

New malware technique evades detection by simply copying a file We break it down step-by-step to show you how it works Innovative hackers continue to deliver sophisticated malware that evades detection The Bromium Lab is back to break down a recent out… Continue reading Hackers Keep it Simple: Malware Evades Detection by Simply Copying a File→

EMC Patches Serious Flaws in Data Protection Suite

Posted on January 5, 2018 by Lucian Constantin

EMC has released security fixes for three vulnerabilities that, when combined, can be used to take full control of products from its Data Protection Suite: the Avamar Server, the NetWorker Virtual Edition and the Integrated Data Protection Appliance. A… Continue reading EMC Patches Serious Flaws in Data Protection Suite→

Unpatched Microsoft Word DDE Exploit Being Used In Widespread Malware Attacks

Posted on October 20, 2017 by Swati Khandelwal

A newly discovered unpatched attacking method that exploits a built-in feature of Microsoft Office is currently being used in various widespread malware attack campaigns.

Last week we reported how hackers could leveraging an old Microsoft Office featu… Continue reading Unpatched Microsoft Word DDE Exploit Being Used In Widespread Malware Attacks→

RAT flies under the radar with exploit-laden file downloaded by decoy Word document

Posted on October 17, 2017 by David Bisson

A malware campaign is using a decoy Word document to automatically download an exploit-laden file and install a remote administration tool (RAT) for nefarious purposes.
David Bisson reports.
Continue reading RAT flies under the radar with exploit-laden file downloaded by decoy Word document→

BlackOasis APT and new targeted attacks leveraging zero-day exploit

Posted on October 16, 2017 by GReAT

On October 10, 2017, Kaspersky Lab’s advanced exploit prevention systems identified a new Adobe Flash zero day exploit used in the wild against our customers. The exploit was delivered through a Microsoft Office document and the final payload was the latest version of FinSpy malware. We have reported the bug to Adobe who assigned it CVE-2017-11292 and released a patch earlier today. Continue reading BlackOasis APT and new targeted attacks leveraging zero-day exploit→

BlackOasis APT and new targeted attacks leveraging zero-day exploit

Posted on October 16, 2017 by GReAT

Researchers say this attack is a bad bug. Microsoft says it’s a feature.

Posted on October 12, 2017 by Shaun Waterman

Microsoft says the wave of stealthy fileless attacks leveraging the company’s applications to create the attacks, is a feature not a vulnerability, and won’t be patched despite knowing about the flaw since August. Microsoft “said they weren’t going to fix it” Sept. 29, Dominic White, CTO of pentesting outfit SensePost told CyberScoop via email. SensePost had alerted the company a month before that the Dynamic Data Exchange, or DDE protocol, in Microsoft Word could be used by hackers to run commands and open executable programs. Microsoft told the pentesters that was a feature and there would be no patch, but it would be considered for a bug fix in a future version. This week SensePost published a proof-of-concept on their blog, noting that the technique was an excellent way to get around security measures that cyber-aware enterprises might have in place. The following day, researchers found the technique being used in the wild […]

The post Researchers say this attack is a bad bug. Microsoft says it’s a feature. appeared first on Cyberscoop.

Continue reading Researchers say this attack is a bad bug. Microsoft says it’s a feature.→