Word, the widely used word processor by Microsoft Office, is known for its variety of features and capabilities. So many in fact, that some are actually forgotten, having being developed a long time ago. An example of such a feature can be found in DDE, Dynamic Data Exchange, a very old feature who made a…
The well documented and widely contentious argument has perhaps been exhausted, but to what result? The two sides still passionately believe employee training either reduces the risk of a cyber attack or is a complete waste of company resources. The truth is there is no hard statistical evidence to strongly support security awareness training (SAT)…
You’d think that with all the successful exploits out there, hackers could just sit back and relax, knowing that their malware is doing the dirty work it was designed to do – largely undisturbed. The fact that they continue to come up with new twists on vulnerabilities – especially in systems and applications that have…
Securing Sensitive Data in 2018 As organizations continue to expand their use of digital content, IT departments struggle to prevent and contend with breaches and cyber attacks across a scaling attack surface. Gone are the days when the simple act of identifying users was enough to secure the documents they handle; today, cyber attackers can…
Windows and its Office progeny may be approaching middle age, but like mischievous teens, they always seem to be up to something new – or, rather, the hackers that have specialized in breaking through PC defenses are always finding new things to exploit. The latest exploit is based on a little-known (until now) file format,…
“Russian hackers” have been much in the news of late, mostly for their alleged political leanings – but a new attack vector attributed to Russian hackers is wreaking havoc in businesses and on private networks around the world. Some 500,000 routers are said to be infected with VPNFilter, a malicious malware that has the capability…
In recent blog posts, we’ve discussed numerous malicious remote-code execution techniques hackers have been discovering – and capitalizing on – in Microsoft Office documents. And we’ve frankly been somewhat shocked that new vulnerabilities are apparently being discovered all the time on a platform that is decades old. But it turns out that Office users…
Hackers never rest, and in recent weeks they have come up with a brand new scam. CVE-2018-8174, like CVE-2017-0199 which gained huge traction on April 2017, is another riff on inserting malware into malicious RTF Microsoft Office documents. Though another zero-day attack, this one contains an unusual combination of vulnerabilities that has yet to be…
The sandbox, last line of defense for many networks, isn’t what it used to be. Watch Votiro’s researcher, Amit Dori, shows how attackers can bypass sandbox security, inserting malicious code on servers without getting flagged, by taking advantage of basic rules of how VBA (Visual Basic for Applications) macros and sandboxes operate. If once a…