So most organisations use Microsoft Office in some way. Even if it they do not use it, someone will email them a Word or Excel document. You cannot avoid it – even on a Mac or Linux computer. That makes it a juicy target for threat actors – there are …
US government Cybersecurity and Infrastructure Security Agency Advisories
The US government Cybersecurity and Infrastructure Security Agency (CISA) site in one of my “go to” places for information on vulnerabilities, exploitations and patches. Built for the US Government, and American centric, it is still a great resource. This week it has run an excellent article for security professionals on …
Continue reading “US government Cybersecurity and Infrastructure Security Agency Advisories”
Patching Matters…
…for governments and for you. Hot on the heels of Microsoft’s Patch Tuesday – an important day of the month for patches and updates from many vendors – is appears that various threat actors gained access to an unpatched US Government Agency server, exploiting a three year old vulnerability that …
Patch Tuesday
Yesterday was Patch Tuesday – so get ready for your Windows PC to ask you to rebbot your machine – even though you are in the middle of a job – read about that here. What is fixed this month? The headlines are- as it is every month – this …
More protection for Microsoft Excel
Following the blocking of VBA macros by default in Microsoft Office apps – read about the ups and downs of that story here – Microsoft has announced that all untrusted XLL add-ins will be blocked by default. Microsoft Excel now blocking untrusted XLL add-ins by default (bleepingcomputer.com) Blocking any avenue …
Google ads malvertising campaign evades anti-virus detection
Data stealing malware, pushed through compromised Google search ads, is attempting to evade detection by using virtualisation components: Google ads push ‘virtualized’ malware made for antivirus evasion (bleepingcomputer.com) Researchers think this new type of attack strategy and other emerging attack vectors are being prompted s as reaction to Microsoft tightening …
Continue reading “Google ads malvertising campaign evades anti-virus detection”
December’s Microsoft Patch Tuesday
SANS Internet Storm Diary has a comprehensive report on Microsoft’s Patch Tuesday: Microsoft December 2022 Patch Tuesday – SANS Internet Storm Center Here is the Microsoft release page: December 2022 Security Updates – Release Notes – Security Update Guide – Microsoft The Microsoft report gives much more information on the …