Martijn Lammerts
My own digital place with a little of everything

Hide and Script: Inserted Malicious URLs within Office Documents’ Embedded Videos

In late October, security researchers from Cymulate showed a proof of concept (PoC) exploiting a logic bug that could allow hackers to abuse the online video feature in Microsoft Office to deliver malware. We indeed identified an in-the-wild sample (detected by Trend Micro as TROJ_EXPLOIT.AOOCAI) in VirusTotal, using this method to deliver the URSNIF information stealer (TSPY_URSNIF.OIBEAO).

Since this kind of attack involves the use of a specially crafted Word document, we can assume that it can arrive on a user’s system through other malware or as an attachment or links/URLs in spam.

The post Hide and Script: Inserted Malicious URLs within Office Documents’ Embedded Videos appeared first on .

Continue reading...

Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets

Our analysis of a targeted attack that used a language-specific word processor shows why its important to understand and protect against small-scale and localized attacks as well as broad-scale malware campaigns. The attack exploited a vulnerability in InPage, a word processor software for specific languages like Urdu, Persian, Pashto, and Arabic. More than 75% of

Read more

The post Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets appeared first on Microsoft Secure.

Continue reading...

Cryptocurrency Mining Malware uses Various Evasion Techniques, Including Windows Installer, as Part of its Routine

The concept of a stealthy, difficult-to-detect malware operating behind the scenes has proven to be an irresistible proposition for many threat actors, and they're evidently adding even more techniques, as seen in a cryptocurrency miner (detected as Coinminer.Win32.MALXMR.TIAOODAM) we discovered that includes uses multiple obfuscation and packing as part of its routine.

The post Cryptocurrency Mining Malware uses Various Evasion Techniques, Including Windows Installer, as Part of its Routine appeared first on .

Continue reading...

CISO series: Build in security from the ground up with Azure enterprise

Shawn Anderson, a former CISO, now meets with CISOs every other week to answer their questions on moving to the cloud and where to start. Today, Shawn shows you how you can use the Azure enterprise scaffold to migrate to the cloudeven in a hybrid-cloud environment.

The post CISO series: Build in security from the ground up with Azure enterprise appeared first on Microsoft Secure.

Continue reading...

Perl-Based Shellbot Looks to Target Organizations via C&C

We uncovered an operation of a hacking group, which we’re naming “Outlaw” (translation derived from the Romanian word haiduc, the hacking tool the group primarily uses), involving the use of an IRC bot built with the help of Perl Shellbot. The group distributes the bot by exploiting a common command injection vulnerability on internet of things (IoT) devices and Linux servers. Further research indicates that the threat can also affect Windows-based environments and even Android devices.

The post Perl-Based Shellbot Looks to Target Organizations via C&C appeared first on .

Continue reading...