Iranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting Diplomats

An Iran-nexus group has been linked to a "coordinated" and "multi-wave" spear-phishing campaign targeting the embassies and consulates in Europe and other regions across the world. The activity has been attributed by Israeli cybersecurity company Dream to Iranian-aligned operators connected to...

Maldoc in PDF Polyglot converter

A malicious MHT file created can be opened in Microsoft Word even though it has magic numbers and file structure of PDF. If the file has configured macro, by opening it in Microsoft Word, VBS runs and performs malicious behaviors. The attack does not bypass configured macro locks. And the malicio...

New Group of Hackers Targeting Businesses with Financially Motivated Cyber Attacks

Security researchers have tracked down activities of a new group of financially-motivated hackers that are targeting several businesses and organizations in Germany, Italy, and the United States in an attempt to infect them with backdoor, banking Trojan, or ransomware malware. Though the new...

O365-Attack-Toolkit - A Toolkit To Attack Office365

o365-attack-toolkit allows operators to perform an OAuth phishing attack and later on use the Microsoft Graph API to extract interesting information. Some of the implemented features are : Extraction of keyworded e-mails from Outlook. Creation of Outlook Rules. Extraction of files from...

CVE-2019-0561

An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly, aka "Microsoft Word Information Disclosure Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office, Word...

Hancitor: fileless attack with a DLL copy trick

This article was authored by David Sánchez, Mickaël Roger, and Jérôme Segura During the past few years, malicious spam campaigns have proven to be one of the most efficient infection vectors, in part due to a combination of social engineering and a regular number of Office vulnerabilities. The...

Exploit for Code Injection in Microsoft

CVE-2017-8759-Exploit-sample Running CVE-2017-8759 exploit sam...

Microsoft Windows .NET Framework - Remote Code Execution

Microsoft Windows .NET Framework - Remote Code Execution Source: https://github.com/Voulnet/CVE-2017-8759-Exploit-sample Running CVE-2017-8759 exploit sample. Flow of the exploit: Word macro runs in the Doc1.doc file. The macro downloads a badly formatted txt file over wsdl, which triggers the WS...

Microsoft Windows .NET Framework - Remote Code Execution

Source: https://github.com/Voulnet/CVE-2017-8759-Exploit-sample Running CVE-2017-8759 exploit sample. Flow of the exploit: Word macro runs in the Doc1.doc file. The macro downloads a badly formatted txt file over wsdl, which triggers the WSDL parser log. Then the parsing log results in running...

Microsoft Windows .NET Framework - Remote Code Execution 0day Exploit

Exploit for windows platform in category remote exploits Source: https://github.com/Voulnet/CVE-2017-8759-Exploit-sample Running CVE-2017-8759 exploit sample. Flow of the exploit: Word macro runs in the Doc1.doc file. The macro downloads a badly formatted txt file over wsdl, which triggers the WS...

Watch Out! First-Ever Word Macro Malware for Apple Mac OS Discovered in the Wild

After targeting Windows-based computers over the past few years, hackers are now shifting their interest to Macs as well. The emergence of the first macro-based Word document attack against Apple's macOS platform is the latest example to prove this. The concept of Macros dates back to 1990s. You...

Targeted String of Paerls Campaign Includes Word Macro Attack

A targeted malware campaign has been uncovered that combines an old-school Microsoft Word Macro malware attack with a decidedly new school approach of redirecting victims to exploits stored on Dropbox. The String of Paerls attacks, which Cisco’s VRT team reported today, targets industries such as...

Microsoft Windows application policy bypass

It's possible to bypass application restriction policy by directly loading code into suspended process' memory via e.g. Microsoft Word macro...

CVE-2002-1776

Symantec Norton AntiVirus 2002 is affected by CVE-2002-1776. The issue allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. The vendor disputes the claim, noting that...

CVE-2002-1776

NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed th...

CVE-2002-1776

NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed th...

CVE-2001-0501

Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner...