CSV Formula injections have been known for a while now, with many security solutions handling these kinds of attacks. The most common way of dealing with this threat is by applying a regex rule to detect the specific pattern used by Excel in its formulas, the most famous tool (and open-source) is MSODDE of oletools.As…
With IT developing at such a breakneck pace, it almost seems unbelievable that a technology from 26 years ago could be posing a cybersecurity threat. But CISOs and other security professionals know it’s all too believable, with yet another unpatched vulnerability, unnecessary protocol or outdated technology from decades ago causing major problems. This is precisely…
With IT developing at such a breakneck pace, it almost seems unbelievable that a technology from 26 years ago could be posing a cybersecurity threat. But CISOs and other security professionals know it’s all too believable, with yet another unpatched vulnerability, unnecessary protocol or outdated technology from decades ago causing major problems. This is precisely…
An unknown or zero-day exploit is, by its very nature, mysterious. However, thanks to new research, what is now crystal clear is exactly how big a risk these attacks pose to organizations and how badly traditional security measures are failing in the face of them. The Ponemon Institute’s 2018 State of Endpoint Security Risk surveyed…
“Progress,” in the computer world, means being able to do more, with fewer resources, more easily. That’s the reason Microsoft announced that it would begin integrating JavaScript capabilities in Excel, upgrading the capabilities of spreadsheet authors to do scripting, which until now required utilizing VBA. According to Microsoft, the upgrade “provides a powerful set of…
In Hollywood, bad PR is better than no PR at all, they say. But in the tech world, bad PR from a competitor just means that they are worried about you. We at Votiro dedicate all our time to solving security problems for our clients – problems that we are proud to say we have…
Word, the widely used word processor by Microsoft Office, is known for its variety of features and capabilities. So many in fact, that some are actually forgotten, having being developed a long time ago. An example of such a feature can be found in DDE, Dynamic Data Exchange, a very old feature who made a…
Windows and its Office progeny may be approaching middle age, but like mischievous teens, they always seem to be up to something new – or, rather, the hackers that have specialized in breaking through PC defenses are always finding new things to exploit. The latest exploit is based on a little-known (until now) file format,…
In recent blog posts, we’ve discussed numerous malicious remote-code execution techniques hackers have been discovering – and capitalizing on – in Microsoft Office documents. And we’ve frankly been somewhat shocked that new vulnerabilities are apparently being discovered all the time on a platform that is decades old. But it turns out that Office users are…
