Cybersecurity Starts in the Boardroom
I have written about this Microsoft Word vulnerability earlier this week: New attack using Microsoft Office documents – could you or your team recognise it? – Smart Thinking Solutions There is still not patch – but Microsoft has issued some mitigation guidance: Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability …
Continue reading “Microsoft guidance for Office zero-day vulnerability – Follina”
I have written about the usefulness and the threat that Microsoft Office document macros can pose to your cyber security. This flaw, called Follina, exploits Office functionality to retrieve an HTML file, and Microsoft Support Diagnostic Tool (MSDT) to run some malicious code, which can lead to privilege escalation attacks. …
This is the classic way a hacker gets their payload into your business – send you a spreadsheet that needs your immediate attention. Include the password in the email, this makes it more likely for you to open the file – make it look official and your cyber security threat …
Continue reading “Anatomy of a RAT attack using a password protected Excel attachment”
Here is a classic phishing email attack – millions of potential emails could contain this, could you spot it? It also includes the dreaded “Enable Macro” request. Windows MetaStealer Malware – Sans Internet Storm Centre Windows MetaStealer Malware – SANS Internet Storm Center
Soon Microsoft Office will, by default, block macros from running that originate from the internet. At last! Helping users stay safe: Blocking internet macros by default in Office – Microsoft Tech Community This has been something that Microsoft has dragged it’s feet over for years. It was an open door …
Continue reading “Microsoft to block downloaded Office macros – at last”
