Security News

Microsoft Office 2024 now available for Windows and macOS users
2024-10-02 16:43

Microsoft has released Office 2024 for small businesses and consumers who want a standalone version without a Microsoft 365 subscription. [...]

Microsoft Office 2024 to disable ActiveX controls by default
2024-09-06 16:15

​After Office 2024 launches in October, Microsoft will disable ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps. [...]

Pirated Microsoft Office delivers malware cocktail on systems
2024-05-30 20:53

Cybercriminals are distributing a malware cocktail through cracked versions of Microsoft Office promoted on torrent sites. The malware delivered to users includes remote access trojans, cryptocurrency miners, malware downloaders, proxy tools, and anti-AV programs.

Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw
2024-04-27 12:47

Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on...

Microsoft Office LTSC 2024 preview available for Windows, Mac
2024-04-18 16:49

A preview of Microsoft Office LTSC 2024, a volume-licensed and perpetual version of Office for commercial customers, is now available for Windows and macOS users. Office LTSC 2024 for commercial preview, Visio 2024 preview, and Project 2024 preview.

New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT
2024-03-19 05:28

A new phishing campaign is targeting U.S. organizations with the intent to deploy a remote access trojan called NetSupport RAT. Israeli cybersecurity company Perception Point is tracking the...

Microsoft Office update breaks actively exploited RCE attack chain
2023-08-08 20:15

Microsoft today released a defense-in-depth update for Microsoft Office that prevents exploitation of a remote code execution vulnerability tracked as CVE-2023-36884 that threat actors have already leveraged in attacks. In today's Microsoft August Patch Tuesday, the update helps fix CVE-2023-36884, a security issue disclosed in July, which Microsoft did not patch at the time but provided mitigation advice.

Hackers can abuse Microsoft Office executables to download malware
2023-08-03 15:48

The main executable for the Microsoft Publisher application has already been confirmed that it can download payloads from a remote server. According to recent research, even executables that are not signed by Microsoft serve purposes that are useful in attacks, such as reconnaissance.

These Microsoft Office security signatures are 'practically worthless'
2023-06-13 10:26

Office Open XML Signatures, an Ecma/ISO standard used in Microsoft Office applications and open source OnlyOffice, have several security flaws and can be easily spoofed. Microsoft refers to the format simply as Open XML. The boffins say they found discrepancies in the structure of office documents and the way signatures get verified.

Capita cyberattack disrupted access to its Microsoft Office 365 apps
2023-04-03 13:20

British outsourcing services provider Capita announced today that a cyberattack on Friday prevented access to its internal Microsoft Office 365 applications. The cyber incident prompted the Capita on March 31 to announce an IT issue that impacted its internal systems.