Security Alerts & News
by Tymoteusz A. Góral

History
#960 Like macros before it, attackers shifting to OLE to spread malware
Attackers have rekindled their love affair with Windows macros over the last few years, using the series of automated Office commands as an attack vector to spread malware. And while hackers will surely continue to use macros, at least until the technique becomes ineffective, new research suggests they may be shifting gears and beginning to use another proprietary Microsoft technology to deliver threats.

Attackers have been placing malicious code alongside object linking and embedding (OLE) code, along with well-formatted text and images. According to researchers with Microsoft who observed the behavior, it’s being done to trick users into enabling the object or content and in turn, running the malicious code.

OLE technology allows for the facilitation of content, images, text, from elsewhere, usually by another application. If a user wants to edit the embedded data they can allow Windows to activate the originating application and load the content.
Read more
#963 The average cost of a data breach is now $4 million
#962 FBI raids spammer outed by KrebsOnSecurity
#961 Cisco won’t patch critical RV wireless router vulnerability until Q3
#960 Like macros before it, attackers shifting to OLE to spread malware
#959 BadTunnel bug hijacks network traffic, affects all Windows versions
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12