09 Feb 2022
By Mary

InfoSec News Nuggets 02/09/2022

Microsoft plans to kill malware delivery via Office macros Microsoft announced today that it will make it difficult to enable VBA macros downloaded from the Internet in several Microsoft Office apps starting in early April, effectively killing a popular distribution method for malware. Using VBA macros embedded in malicious Office documents is a very popular method to push a wide range of malware families in phishing attacks, including Emotet, TrickBot, Qbot, and Dridex. "This change only affects Office on devices running Windows…
Read More
12 Nov 2019
By Mary

InfoSec News Nuggets 11/12/2019

1 - BlueKeep Attacks Crash Systems Due to Meltdown Patch The recent attacks exploiting the BlueKeep vulnerability to deliver cryptocurrency miners caused some systems to crash due to a Meltdown patch being deployed on the targeted machines. The BlueKeep vulnerability, officially tracked as CVE-2019-0708, affects Windows Remote Desktop Services (RDS) and it allows an unauthenticated attacker to execute arbitrary code by sending specially crafted Remote Desktop Protocol (RDP) requests. Microsoft released patches, including for unsupported versions of…
Read More
01 Oct 2019
By Mary

InfoSec News Nuggets 10/01/2019

Driver's License Thefts Spur ADOT to Boost Online Safeguards Arizona transportation officials announced enhanced security measures Thursday for a state website that identity thieves exploited to get dozens of duplicate driver's licenses. The Arizona Department of Transportation announced new safeguards after acknowledging to Azfamily.com this week that at least 164 drivers have been the victims of theft. The cases go back to July 2018. The agency has also been involved in four criminal investigations that…
Read More