Security Alerts & News
by Tymoteusz A. Góral

History
#1639 Microsoft Office malware: Now more users get anti-hacker, macro-blocking features
Citing a growth in macro-borne threats, Microsoft has opted to give Office 2013 users a feature from Office 2016 to selectively block macros and the malware they can carry.

Office macros are a double-edged sword for the enterprise. They can improve productivity by automating routine tasks in Excel and Word, but they can be coded to deliver malware.

Even though it's been possible since the days of Office 97 to disable macros by default, users have always had the option of enabling them, which has presented attackers with a way of spreading malware since the Melissa virus in 1999. More recently, macros have been used to deliver banking Trojans and ransomware.

Fortunately, Microsoft earlier this year introduced a new feature in Group Policy for Office 2016 that allowed admins to block macros from loading in risky scenarios, such as when staff are opening Office email attachments from unknown senders, or when opening a file from Dropbox. Admins could also allow macros to run for certain trusted workflows.
Read more
#1645 Don’t Skype and Type! Acoustic eavesdropping in VOIP (PDF)
#1644 The Dyn report: What we know so far about the world's biggest DDoS attack
#1643 Remote code execution vulnerabilities plague LibTIFF library
#1642 Lawmakers asking what ISPs can do about DDoS attacks
#1641 Paypal fixes 'worrying' security bug
#1640 Windows Atom tables can be abused for code injection attacks
#1639 Microsoft Office malware: Now more users get anti-hacker, macro-blocking features
#1638 Flash Player zero-day being exploited in targeted attacks
#1637 Joomla update fixes two critical issues, 2FA error
#1636 Dyn DDoS could have topped 1 Tbps
#1635 Cisco patches critical vulnerability in facility events response system
#1634 Could your 'smart' home be a weapon of web destruction?
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12