New Flash Player zero-day used against Russian facility

Credit to Author: Jérôme Segura| Date: Wed, 05 Dec 2018 22:44:59 +0000

An APT group is using a new Flash Player zero-day that was used a lure targeting a Russian-based clinic

Categories:

Tags:

(Read more…)

The post New Flash Player zero-day used against Russian facility appeared first on Malwarebytes Labs.

Read more

Microsoft’s September patches fix a raft of serious bugs

Credit to Author: Andrew Brandt| Date: Wed, 19 Sep 2018 18:00:07 +0000

Updates for Windows and Mac users resolve more than five dozen software vulnerabilities<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/HBOC9eD3Jfo” height=”1″ width=”1″ alt=””/>

Read more

Malicious doc “builders” abandon old exploits wholesale

Credit to Author: Gabor Szappanos| Date: Tue, 11 Sep 2018 16:15:26 +0000

A key piece of the malware ecosystem adopts new vulnerabilities, and scraps old exploits, in record time<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/gKMCGkmvrcQ” height=”1″ width=”1″ alt=””/>

Read more

What you need to know for Patch Tuesday, August 2018

Credit to Author: Andrew ODonnell| Date: Fri, 17 Aug 2018 19:16:44 +0000

With 23 critical vulnerabilities addressed in patches from Microsoft and Adobe, August is turning out to be a good month for updates — but don’t delay installing them.<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/_Fw-RIvgU1s” height=”1″ width=”1″ alt=””/>

Read more

New macro-less technique to distribute malware

Credit to Author: Jérôme Segura| Date: Mon, 02 Jul 2018 21:12:47 +0000

The latest macro-less technique to distribute malware via Office documents does not involve exploits. Just a little bit of social engineering.

Categories:

Tags:

(Read more…)

The post New macro-less technique to distribute malware appeared first on Malwarebytes Labs.

Read more

Blocks for Flash and others coming to Office 365

Credit to Author: Christopher Boyd| Date: Fri, 01 Jun 2018 15:00:00 +0000

If you make use of Flash or Silverlight in your day-to-day activities, you may need to have a word with IT. For everyone else, your Office 365 experience is about to become a lot more secure.

Categories:

Tags:

(Read more…)

The post Blocks for Flash and others coming to Office 365 appeared first on Malwarebytes Labs.

Read more

Flash, Windows Users: It’s Time to Patch

Credit to Author: BrianKrebs| Date: Tue, 13 Mar 2018 19:36:28 +0000

Adobe and Microsoft each pushed critical security updates to their products today. Adobe’s got a new version of Flash Player available, and Microsoft released 14 updates covering more than 75 vulnerabilities, two of which were publicly disclosed prior to today’s patch release. The Microsoft updates affect all supported Windows operating systems, as well as all supported versions of Internet Explorer/Edge, Office, Sharepoint and Exchange Server. All of the critical vulnerabilities from Microsoft are in browsers and browser-related technologies, according to a post from security firm Qualys.

Read more

Old MS Office feature weaponized in malspam attacks

Credit to Author: Jérôme Segura| Date: Tue, 17 Oct 2017 15:00:16 +0000

An old Microsoft Office feature has been brought back to the forefront as way to distribute malware without relying on macros or exploits.

Categories:

Tags:

(Read more…)

The post Old MS Office feature weaponized in malspam attacks appeared first on Malwarebytes Labs.

Read more

Microsoft’s October Patch Batch Fixes 62 Flaws

Credit to Author: BrianKrebs| Date: Wed, 11 Oct 2017 14:18:40 +0000

Microsoft on Tuesday released software updates to fix at least 62 security vulnerabilities in Windows, Office and other software. Two of those flaws were detailed publicly before yesterday’s patches were released, and one of them is already being exploited in active attacks, so attackers already have a head start.

Read more

Fake IRS notice delivers customized spying tool

Credit to Author: Jérôme Segura| Date: Thu, 21 Sep 2017 15:00:24 +0000

Threat actors leverage a Microsoft Office exploit to spy on their victims. In this blog post, we will review its delivery mechanism and analyze the malware we observed, a modified version of a commercial Remote Administration Tool (RAT).

Categories:

Tags:

(Read more…)

The post Fake IRS notice delivers customized spying tool appeared first on Malwarebytes Labs.

Read more

Office 2013 can now block macros to help prevent infection

In response to the growing trend of macro-based threats, a new feature in Office 2016 allows an enterprise administrator to block users from running macros in Office documents that originated from the Internet. This feature was documented back in March: New feature in Office 2016 can block macros and help prevent infection, and the predominant…

Read more