Security News

A business email compromise scheme targeting CEOs and CFOs using Microsoft Office 365 combines phishing with a man-in-the-middle attack to bypass multi-factor authentication. These attacks take advantage of a Microsoft 365 design flaw that allows miscreants to compromise accounts with MFA enabled and achieve persistence in victims' systems by adding a new, compromised, authentication method allowing them to come back at any time.

Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 worldwide, identified a new RAT advertised in Dark Web and Telegram called Escanor. The threat actors offer Android-based and PC-based versions of RAT, along with HVNC module and exploit builder to weaponize Microsoft Office and Adobe PDF documents to deliver malicious code.

LibreOffice is the world's most widely used open-source office suite, available in 120 languages, Linux, Windows, and macOS operating systems, and supporting a range of architectures. Version 7.4 is the fourth major release of branch seven that focuses on improving the project's interoperability and compatibility with proprietary MS Office document formats, and much work has been carried out on that front.

Microsoft is showing ads for Microsoft 365 Family subscriptions to its Office 2021 customers, offering them discounts of over $28 to get a 3-month Family plan subscription. Several users have reported seeing these ads this week, starting on August 10, with Lee Holmes, a Principal Security Architect at Microsoft Azure Security, also sharing today a screenshot showing the ad displayed as an alert bar under the Office menu.

Leisurely bug fixes all that, and more, on the Naked Security Podcast. DOUG. We talked about an Office macro security feature that people were asking for for the better part of 20 years.

Threat actors are finding their way around Microsoft's default blocking of macros in its Office suite, using alternative files to host malicious payloads now that a primary channel for threat delivery is being cut off, researchers have found. The beginning of the decrease coincided with Microsoft's plan to start blocking XL4 macros by default for Excel users, followed up with the blocking of VBA macros by default across the Office suite this year.

Hackers who normally distributed malware via phishing attachments with malicious macros gradually changed tactics after Microsoft Office began blocking them by default, switching to new file types such as ISO, RAR, and Windows Shortcut attachments.VBA and XL4 Macros are small programs created to automate repetitive tasks in Microsoft Office applications, which threat actors abuse for loading, dropping, or installing malware via malicious Microsoft Office document attachments sent in phishing emails.

The phrase Office macros is a harmless-sounding, low-tech name that refers, in real life, to program code you can squirrel away inside Office files so that the code travels along with the text of a document, or the formulas of a spreadsheet, or the slides in a presentation. Even though the code is hidden from sight in the file, it can nevertheless sneakily spring into life as soon as you use the file in any way.

Microsoft is shutting the door on a couple of routes cybercriminals have used to attack users and networks. The issue of macros has become a particularly gnarly one for the software giant.

Microsoft has officially resumed blocking Visual Basic for Applications macros by default across Office apps, weeks after temporarily announcing plans to roll back the change. Earlier this February, Microsoft publicized its plans to disable macros by default in Office applications such as Access, Excel, PowerPoint, Visio, and Word as a way to prevent threat actors from abusing the feature to deliver malware.