Security News

Microsoft is rebranding 'Office' to Microsoft 365
2022-10-14 00:11

Microsoft has begun to kill off the Microsoft Office brand, with plans to rebrand its Office.com and Office cloud-based apps to Microsoft 365 in the near future. In 2020, Microsoft rebranded Office 365 to Microsoft 365 and started to heavily push the subscription-based productivity suite to both the enterprise and consumers.

Microsoft to let Office 365 users report Teams phishing messages
2022-10-01 15:06

Microsoft is working on updating Microsoft Defender for Office 365 to allow Microsoft Teams users to alert their organization's security team of any dodgy messages they receive.Microsoft Defender for Office 365 protects organizations from malicious threats from email messages, links, and collaboration tools.

Office exploits continue to spread more than any other category of malware
2022-09-29 05:15

The latest Internet Security Report from the WatchGuard Threat Lab shows a reduction in overall malware detections from the peaks seen in the first half of 2021, along with an increase in threats for Chrome and Microsoft Office and the ongoing Emotet botnet resurgence. "While overall malware attacks in Q2 fell off from the all-time highs seen in previous quarters, over 81% of detections came via TLS encrypted connections, continuing a worrisome upward trend," said Corey Nachreiner, CSO at WatchGuard.

Week in review: RCE bug in GitLab patched, phishing PyPI users, Escanor malware in MS Office docs
2022-08-28 08:00

Phishing PyPI users: Attackers compromise legitimate projects to push malwarePyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users. DDoS tales from the SOCIn this Help Net Security video, Bryant Rump, Principal Security Architect at Neustar Security Services, talks about the challenges of mitigating immense DDoS attacks.

Crooks target top execs on Office 365 with MFA-bypass scheme
2022-08-25 18:01

A business email compromise scheme targeting CEOs and CFOs using Microsoft Office 365 combines phishing with a man-in-the-middle attack to bypass multi-factor authentication. These attacks take advantage of a Microsoft 365 design flaw that allows miscreants to compromise accounts with MFA enabled and achieve persistence in victims' systems by adding a new, compromised, authentication method allowing them to come back at any time.

Escanor malware delivered in weaponized Microsoft Office documents
2022-08-22 09:37

Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 worldwide, identified a new RAT advertised in Dark Web and Telegram called Escanor. The threat actors offer Android-based and PC-based versions of RAT, along with HVNC module and exploit builder to weaponize Microsoft Office and Adobe PDF documents to deliver malicious code.

LibreOffice 7.4 released with MS Office compatibility improvements
2022-08-18 11:00

LibreOffice is the world's most widely used open-source office suite, available in 120 languages, Linux, Windows, and macOS operating systems, and supporting a range of architectures. Version 7.4 is the fourth major release of branch seven that focuses on improving the project's interoperability and compatibility with proprietary MS Office document formats, and much work has been carried out on that front.

Microsoft is showing ads for Microsoft 365 in Office 2021
2022-08-12 22:44

Microsoft is showing ads for Microsoft 365 Family subscriptions to its Office 2021 customers, offering them discounts of over $28 to get a 3-month Family plan subscription. Several users have reported seeing these ads this week, starting on August 10, with Lee Holmes, a Principal Security Architect at Microsoft Azure Security, also sharing today a screenshot showing the ad displayed as an alert bar under the Office menu.

S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text]
2022-07-28 18:47

Leisurely bug fixes all that, and more, on the Naked Security Podcast. DOUG. We talked about an Office macro security feature that people were asking for for the better part of 20 years.

Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office
2022-07-28 17:24

Threat actors are finding their way around Microsoft's default blocking of macros in its Office suite, using alternative files to host malicious payloads now that a primary channel for threat delivery is being cut off, researchers have found. The beginning of the decrease coincided with Microsoft's plan to start blocking XL4 macros by default for Excel users, followed up with the blocking of VBA macros by default across the Office suite this year.