Security News > 2020 > August > Pay ransomware crooks, or restore the network? Guess which way this city chose after weighing up the costs

Pay ransomware crooks, or restore the network? Guess which way this city chose after weighing up the costs
2020-08-10 10:04

The city of Lafayette - technically a home-rule municipality - with a population of around 30,000, said it has opted to pay ransomware criminals a $45,000 fee after deciding that it was a better use of cash than spending time and money wiping and reformatting all of their machines.

Patrick Wardle, principal security boffin at JAMF and Apple security expert, has a new warning for macOS users: look out for malicious Office Macros.

Booby-trapped Office documents are something Mac users may not realize are a threat on their platform of choice.

He pointed to a Microsoft Office bug, CVE-2019-1457, that can be exploited to escape Apple's sandbox protections, and grant miscreants code execution in a Mac Office environment as well as in Windows.

The hackers were able to steal data including source code, technical documents involving industrial controllers, and info on development kits.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/08/10/in_brief_security/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-11-12 CVE-2019-1457 Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Office 2016/2019
A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'.
network
microsoft CWE-732
6.8
6.8