Macro-less code execution in MS Word

Don't open up MS Word files that you get from people.

A new vulnerability discovered in the MS Office suite of products takes advantage of Dynamic Data Exchange protocol.

DDE is a means to include data from other programs into a MS Office document, be it a spreadsheet in a text file, an image in a spreadsheet or similar things like that.

Unfortunately it can also be used for remote code execution as the example at the link demonstrates.

Coinhive miner found on official Showtime Network websites

Coinhive is a Javascript library that resides on websites and mines the internet for Monero. It was recently installed on CBS's Showtime websites.

Trust Nothing

A version of Piriform's CCleaner was injected with a trojan during the build.

Stop using and uninstall Kaspersky A/V, says US Gov't.

A little late for the US gov't to do something about a Russian Intelligence front. Kaspersky A/V ordered off of gov't computers. Good luck getting it off of machines if it's been installed. If Kaspersky is nefarious, then it isn't coming out unless you reinstall.

Mcaffe Anti-Virus problems

If you're running an updated McAfee anti-virus and you're experiencing a complete slow-down of your computer, then this is for you. The problem seems to be triggered by surfing the Internet with Chrome, Internet Explorer or Edge.

A new Dridex variant found

Dridex is a virus that will reside in the memory of your computer rather than the hard drive. It sleeps, waiting, until you log in to your banking institution and then using Form injection, screen scraping and key-logging it sends your banking information to the bad guys.

Subscribe to Catprint Computing RSS