Security News

A new phishing campaign dubbed MirrorBlast is deploying weaponized Excel documents that are extremely difficult to detect to compromise financial service organizations. The most notable feature of MirrorBlast is the low detection rates of the campaign's malicious Excel documents by security software, putting firms that rely solely upon detection tools at high risk.

Microsoft will soon begin disabling Excel 4.0 XLM macros by default in Microsoft 365 tenants to protect customers from malicious documents. Excel 4.0 macros, or XLM macros, were first added to Excel in 1992 and allowed users to enter various commands into cells that are then executed to perform a task.

The ZLoader malware family has switched to a new delivery mechanism in recent spam campaigns, fetching malicious code only after the initial attachment has been opened, McAfee reports. ZLoader is being distributed through spam emails that carry various types of attachments, with the most recent ones featuring Microsoft Word documents.

While it's a norm for phishing campaigns that distribute weaponized Microsoft Office documents to prompt victims to enable macros in order to trigger the infection chain directly, new findings indicate attackers are using non-malicious documents to disable security warnings prior to executing macro code to infect victims' computers. In yet another instance of malware authors continue to evolve their techniques to evade detection, researchers from McAfee Labs stumbled upon a novel tactic that "Downloads and executes malicious DLLs without any malicious code present in the initial spammed attachment macro."

Microsoft has updated the security baseline for Microsoft 365 Apps for enterprise to include protection from JScript code execution attacks and unsigned macros. Security baselines enable security admins to use Microsoft-recommended Group Policy Object baselines to reduce the attack surface of Microsoft 365 Apps and boost the security posture of enterprise endpoints they run on.

Threat actors are increasingly adopting Excel 4.0 documents as an initial stage vector to distribute malware such as ZLoader and Quakbot, according to new research. The findings come from an analysis of 160,000 Excel 4.0 documents between November 2020 and March 2021, out of which more than 90% were classified as malicious or suspicious.

Microsoft has added XLM macro protection for Microsoft 365 customers by expanding the runtime defense provided by Office 365's integration with Antimalware Scan Interface to include Excel 4.0 macro scanning. Microsoft first extended support for its Antimalware Scan Interface to Office 365 client applications in 2018 to defend customers against attacks using VBA macros.

Aradatum introduced the world's first truly self-powered macro cell tower that can be placed literally anywhere. Taking a unique approach to modernizing telecom infrastructure, the start-up's self-powered towers give wireless pioneers and mobile and virtual network operators access to previously unreached and strategic locations needed to optimize their advanced applications of 5G, fixed wireless access, Citizens Broadband Radio Service, neutral host, private networks, and edge computing.

A new "Zero-click" MacOS exploit chain could allow attackers to deliver malware to MacOS users using a Microsoft Office document with macros. The exploit chain, revealed by Patrick Wardle, principal security researcher with Jamf, at Black Hat USA 2020, runs macros without an alert or prompt from the Microsoft Office application that prompts explicit user approval - meaning that when a user opens the document, the macro is automatically executed.

A researcher found a way to deliver malware to macOS systems using a Microsoft Office document containing macro code. Macros enable Office users to automate frequent tasks using VBA code.