Security News

Microsoft today started rolling out Office LTSC for Windows and macOS, the non-subscription Office version for commercial and government customers. Office LTSC 2021 is specifically designed for organizations running regulated devices where feature updates can't be installed for years at a time, for devices without internet connections, as well as specialty systems that require a long-term servicing channel.

According to a recent AtlasVPN report, malicious office documents are the latest trend in cybercriminal behavior; a timely strategy as companies pause office reentry plans and continue to work remotely due to COVID-19. "Even though infecting office documents with malware has been established for a long time, it is still very successful at tricking people," said William Sword, Atlas VPN cybersecurity researcher, in a blog post about the findings.

Banks and post offices in New Zealand have been hit by a cyber offensive, according to reports, consisting of sustained DDoS attacks against a number of critical online services. Local cybersecurity agency NZ-CERT added to the general air of mystery, saying in a statement on its website that it was "Aware of a DDoS attack targeting a number of New Zealand organisations. We are monitoring the situation and are working with affected parties where we can."

Affecting Windows desktops and servers, the attacks exploit an MSHTML vulnerability by using specially crafted Microsoft Office documents. Microsoft has raised alarm bells over a new cyberattack that's actively targeting Windows users by exploiting a security flaw through malicious Office documents.

Acronis True Image, the leading personal cyber protection solution, is changing its name to Acronis Cyber Protect Home Office. Updating the name to Acronis Cyber Protect Home Office provides a better view into all of the capabilities available to the individuals, families, freelancers, and IT professionals who rely on the solution.

In an advisory issued on Tuesday, Microsoft said some of its users were targeted by poisoned Office documents that exploit an unpatched flaw to hijack their Windows machines. Miscreants are seemingly placing a malicious ActiveX control in an Office document and convincing victims to open or view it, potentially achieving remote code execution.

Microsoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that's being used to hijack vulnerable Windows systems by leveraging weaponized Office documents. "Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents," the company said.

Microsoft today shared mitigation for a remote code execution vulnerability in Windows that is being exploited in targeted attacks against Office 365 and Office 2019 on Windows 10. Microsoft is aware of targeted attacks that try to exploit the vulnerability by sending specially-crafted Microsoft Office documents to potential victims, the company says in an advisory today.

Microsoft plans to allow Office 365 admins ensure that end-users can't ignore organization-wide policies set up to block active content on Trusted Documents. Redmond says trusted docs are files with active content functions that don't require user interaction) that open without warnings after the content has been enabled.

Microsoft is updating Defender for Office 365 to protect customers from embedded email threats while previewing quarantined emails. Microsoft Defender for Office 365 provides Office 365 enterprise email accounts with protection from multiple threats, including business email compromise and credential phishing, as well as automated attack remediation.