A newly discovered malware infection is masquerading in the form of a Microsoft PowerPoint file which downloads the infection as soon as users hover over a link. The file is sent as an attachment through email to victims.
The attachment may sometimes even contain zip files, which when extracted show the PowerPoint files. While PowerPoint files are written as PPTX, this file that comes attached in the mail reads as PPSX. The file format is identical to PowerPoint files but they enter the PowerPoint presentation view directly when opened. On opening a blank page, there is a message written in bright blue font saying, "Loading Please Wait" which is the malicious link.Read more
Most people are conditioned by now to not open unknown file attachments — especially file attachments on emails from unknown sources. Just in case you somehow missed the memo, there is a new reason to think twice before opening a PowerPoint file.
New research indicates that attackers have figured out how to weaponized a PowerPoint file so that it circumvents detection by antivirus tools. The malware is embedded in a PowerPoint presentation. Because the file is saved in PPS format it bypasses AV detection, but when the file is opened in Slide Show presentation format the phishing attack is able to execute.Read more
Microsoft is aware of a vulnerability affecting all supported releases of Microsoft Windows, excluding Windows Server 2003. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object.
An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. The attack requires user interaction to succeed on Windows clients with a default configuration.Read more
A cyberespionage campaign believed to be based in Russia has been targeting government leaders and institutions for nearly five years, according to researchers with iSight Partners who have examined code used in the attacks.
The campaign, dubbed “Sandworm” is believed to have been running since 2009, and used a wide-reaching zero-day exploit uncovered by the researchers that affects nearly every version of the Windows operating system released since Windows Vista. The attackers also targeted attendees of this year’s GlobSec conference, a high-level national security gathering that attracts foreign ministers and other top leaders.Read more