Security News

Microsoft plans to kill malware delivery via Excel XLL add-ins
2023-01-23 14:44

Microsoft is working on adding XLL add-in protection for Microsoft 365 customers by including automated blocking of all such files downloaded from the Internet. "In order to combat the increasing number of malware attacks in recent months, we are implementing measures that will block XLL add-ins coming from the internet," Redmond says.

APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
2022-12-28 07:12

Now according to Cisco Talos, advanced persistent threat actors and commodity malware families alike are increasingly using Excel add-in files as an initial intrusion vector. One such method turns out to be XLL files, which is described by Microsoft as a "Type of dynamic link library file that can only be opened by Excel."

Cisco Talos report: Threat actors use known Excel vulnerability
2022-12-22 18:25

Microsoft Office files, particularly Excel and Word files, have been targeted by some cybercriminals for a long time. As exposed in new research from Cisco Talos, threat actors might leverage event handling functions in Excel files in order to automatically launch.

Cisco’s Talos security bods predict new wave of Excel Hell
2022-12-21 00:08

A report released on Tuesday by researchers from Cisco's Talos threat intelligence group dissected one: XLL files in Excel. Microsoft describes XLL files as "a type of dynamic link library file that can only be opened by Excel".

Malicious Microsoft Excel add-ins used to deliver RAT malware
2022-03-24 19:56

Researchers report a new version of the JSSLoader remote access trojan being distributed malicious Microsoft Excel addins. The latest campaign involving a stealthier new version of JSSLoader was observed by threat analysts at Morphisec Labs, who say the delivery mechanism is currently phishing emails with XLL or XLM attachments.

Emotet Now Spreading Through Malicious Excel Files
2022-02-16 13:39

The infamous Emotet malware has switched tactics yet again, in an email campaign propagating through malicious Excel files, researchers have found."Emotet's new attack chain reveals multiple stages with different file types and obfuscated script before arriving at the final Emotet payload," Unit 42 researchers Saqib Khanzada, Tyler Halfpop, Micah Yates and Brad Duncan wrote.

Stealthy Excel malware putting organizations in crosshairs of ransomware gangs
2022-01-27 14:30

The HP Wolf Security threat research team identified a wave of attacks utilizing Excel add-in files to spread malware, helping attackers to gain access to targets, and exposing businesses and individuals to data theft and destructive ransomware attacks. There was a huge six-fold increase in attackers using malicious Microsoft Excel add-in files to infect systems compared to last quarter - a technique found to be particularly dangerous as it only requires one click to run the malware.

Microsoft disables Excel 4.0 macros by default to block malware
2022-01-21 15:56

Microsoft has announced that Excel 4.0 macros will now be disabled by default to protect customers from malicious documents. Starting July 2021, Windows admins could also use group policies and users the 'Enable XLM macros when VBA macros are enabled' setting from the Excel Trust Center to disable this feature manually.

Malicious Excel XLL add-ins push RedLine password-stealing malware
2021-12-05 18:45

Cybercriminals are spamming website contact forms and discussion forums to distribute Excel XLL files that download and install the RedLine password and information-stealing malware. In some phishing lures seen by BleepingComputer, the threat actors have created fake websites to host the malicious Excel XLL files used to install the malware.

Microsoft patches Excel zero-day used in attacks, asks Mac users to wait
2021-11-10 15:36

During this month's Patch Tuesday, Microsoft has patched an Excel zero-day vulnerability exploited in the wild by threat actors. Microsoft also patched a second Excel security flaw used during the Tianfu Cup hacking contest last month, a remote code execution bug tracked as CVE-2021-40442 and exploitable by unauthenticated attackers.