Security News

Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine
2024-06-04 11:07

A new sophisticated cyber attack has been observed targeting endpoints geolocated to Ukraine with an aim to deploy Cobalt Strike and seize control of the compromised hosts. The attack chain, per...

It’s time for security operations to ditch Excel
2024-02-26 05:30

Security teams are hiding an embarrassing secret from the outside world: despite their position at the vanguard of technology, security risks and threats, their actual war plans are managed on spreadsheets. Using these spreadsheets requires security operations to chase down every team in their organization for input on everything from the mapping of exceptions and end-of-life of machines to tracking hardware and operating systems.

CISA warns of actively exploited bugs in Chrome and Excel parsing library
2024-01-03 12:55

The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalog, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information in an Excel file called Spreadsheet::ParseExcel. Spreadsheet::ParseExcel RCE. The first issue that CISA added to its Known Exploited Vulnerabilities is CVE-2023-7101, a remote code execution vulnerability that affects versions 0.65 and older of the Spreadsheet::ParseExcel library.

Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware
2023-12-21 07:22

Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel...

Microsoft Excel to let you run Python scripts as formulas
2023-08-22 14:51

Even if you join the Microsoft 365 Insiders Beta channel to test the new feature, there is no guarantee that Python in Excel will be available, as Microsoft is rolling it out slowly to test the feature. The new Python in Excel feature brings a new 'PY' function that allows users to embed Python code directly in a cell to be executed like any macro or regular Excel function.

Excel Data Forensics
2023-06-26 15:36

In this detailed article about academic plagiarism are some interesting details about how to do data forensics on Excel files. It really needs the graphics to understand, so see the description at the link.

Microsoft Dataverse: Going from Excel to new AI-powered tools
2023-05-23 17:03

It does exactly what the name suggests: Users can drag and drop unstructured data from Excel - or give Copilot a link to the file - and the Power Platform will analyze it, enrich it with the extra information Dataverse needs, and turn it into an app, Nirav Shah, the vice president of Dataverse at Microsoft explained to TechRepublic. Data in Excel might be easy for users to work with individually, but bringing it to Dataverse connects it to a range of new AI tools.

Microsoft Excel now blocking untrusted XLL add-ins by default
2023-03-07 19:54

Microsoft says the Excel spreadsheet software is now blocking untrusted XLL add-ins by default in Microsoft 365 tenants worldwide. "We are introducing a default change for Excel Windows desktop apps that run XLL add-ins: XLL add-ins from untrusted locations will now be blocked by default," Microsoft said in a new Microsoft 365 message center post.

Microsoft closes another door to attackers by blocking Excel XLL files from the internet
2023-01-25 21:59

Microsoft in March will start blocking Excel XLL add-ins from the internet to shut down an increasingly popular attack vector for miscreants. Security researchers have said that after Microsoft began blocking Visual Basic for Application macros by default in Word, Excel, and PowerPoint in July 2022 to cut off a popular attack avenue, threat groups began using other options, such as LNK files and ISO and RAR attachments.

Microsoft plans to kill malware delivery via Excel XLL add-ins
2023-01-23 14:44

Microsoft is working on adding XLL add-in protection for Microsoft 365 customers by including automated blocking of all such files downloaded from the Internet. "In order to combat the increasing number of malware attacks in recent months, we are implementing measures that will block XLL add-ins coming from the internet," Redmond says.