EUVD-2014-0285

Malware in sbrugna...

CVE-2012-1661

ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map .mxd file...

Six 0-Days Lead Microsoft’s August 2024 Patch Push

Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers. Image: Shutterstock. This months bundle of update joy from Redmond includes patches for...

OfflRouter Malware Evades Detection in Ukraine for Almost a Decade

Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform...

Bumblebee Malware Returns with New Tricks, Targeting U.S. Businesses

The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. Enterprise security firm Proofpoint said the activity targets organizations in the U.S. with voicemail-themed lures...

LODEINFO Fileless Malware Evolves with Anti-Analysis and Remote Code Tricks

Cybersecurity researchers have uncovered an updated version of a backdoor called LODEINFO that's distributed via spear-phishing attacks. The findings come from Japanese company ITOCHU Cyber & Intelligence, which said the malware "has been updated with new features, as well as changes to the...

Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins

Microsoft is phasing out support for executing VBA macros in downloaded Office documents. Cisco Talos investigates another vector for introduction of malicious code to Microsoft Excel--malicious add-ins, specifically XLL files. Although XLL files were supported since early versions of Excel,...

Experts Warn of Stealthy PowerShell Backdoor Disguising as Windows Update

Details have emerged about a previously undocumented and fully undetectable FUD PowerShell backdoor that gains its stealth by disguising itself as part of a Windows update process. "The covert self-developed tool and the associated C2 commands seem to be the work of a sophisticated, unknown threa...

James Webb telescope images used to hide malware

A rather unique approach to spread malware using the popularity of the James Webb telescope images has been identified by the Securonix threat research team. The malware is being spread by a phishing campaign that includes a Microsoft Office attachment. Similar to traditional Office macros, the...

Microsoft Resumes Blocking Office VBA Macros by Default After 'Temporary Pause'

Microsoft has officially resumed blocking Visual Basic for Applications VBA macros by default across Office apps, weeks after temporarily announcing plans to roll back the change. "Based on our review of customer feedback, we've made updates to both our end user and our IT admin documentation to...

Microsoft Temporarily Rolls Back Plan to Block Office VBA Macros by Default

Five months after announcing plans to disable Visual Basic for Applications VBA macros by default in the Office productivity suite, Microsoft appears to have rolled back its plans. "Based on feedback received, a rollback has started," Microsoft employee Angela Robertson said in a July 6 comment...

Researchers Warn of Spam Campaign Targeting Victims with SVCReady Malware

A new wave of phishing campaigns has been observed spreading a previously documented malware called SVCReady. "The malware is notable for the unusual way it is delivered to target PCs — using shellcode hidden in the properties of Microsoft Office documents," Patrick Schläpfer, a threat analyst at...

Emotet Testing New Delivery Ideas After Microsoft Disables VBA Macros by Default

The threat actor behind the prolific Emotet botnet is testing new attack methods on a small scale before co-opting them into their larger volume malspam campaigns, potentially in response to Microsoft's move to disable Visual Basic for Applications VBA macros by default across its products. Calli...

Microsoft takes macros out of the equation for five Office apps

Microsoft says it is going to disable macros in five Office apps by default. Besides Excel 4.0 macros, which were disabled by default last month, now VBA macros obtained from the Internet will be blocked by default as well. The change will begin rolling out in Version 2203, starting with Current...

Microsoft Disables Internet Macros in Office Apps by Default to Block Malware Attacks

Microsoft on Monday said it's taking steps to disable Visual Basic for Applications VBA macros by default across its products, including Word, Excel, PowerPoint, Access, and Visio, for documents downloaded from the web in an attempt to eliminate an entire class of attack vector. "Bad actors send...

Mageia: Security Advisory (MGASA-2014-0447)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Stealthy ‘WIRTE’ Gang Targets Middle Eastern Governments

A threat actor tracked as WIRTE has been assaulting Middle East governments since at least 2019 using “living-off-the-land” techniques and malicious Excel 4.0 macros. On Monday, Kaspersky reported that it observed the group in February using Microsoft Excel droppers, which planted hidden...

WIRTE Hacker Group Targets Government, Law, Financial Entities in Middle East

Government, diplomatic entities, military organizations, law firms, and financial institutions primarily located in the Middle East have been targeted as part of a stealthy malware campaign as early as 2019 by making use of malicious Microsoft Excel and Word documents. Russian cybersecurity compa...

FIN7 Capitalizes on Windows 11 Release in Latest Gambit

The FIN7 financial cybercrime gang is back, delivering JavaScript backdoors using Word documents themed around the next version of Windows. That’s according to researchers at Anomali, who observed a recent campaign from the group that leveraged six different docs, all referencing “Windows 11 Alph...

Purgalicious VBA: Macro Obfuscation With VBA Purging

Malicious Office documents remain a favorite technique for every type of threat actor, from red teamers to FIN groups to APTs. In this blog post, we will discuss "VBA Purging", a technique we have increasingly observed in the wild and that was first publicly documented by Didier Stevens in Februa...