Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Nearly undetectable Microsoft Office exploit installs malware without an email attachment

Malware-code

A newly discovered Microsoft Office zero day could put any machine with an Office install at risk. According to a blog post from cybersecurity company Sophos, the exploit can deliver remote access Trojans (RATs) without the need to run macros.

Utilizing a 24-year-old Microsoft protocol called Dynamic Data Exchange (DDE), the exploit can be used in any Microsoft Office application.

A second blog post from Sophos revealed an even more concerning layer to the exploit: It can be triggered through an email or calendar invite without the need for an attachment.

Why DDE is a security hole

The Dynamic Data Exchange protocol is used to share data between applications—in this case Microsoft Office apps.

Any data that needs to be shared to a document and then handled without user interaction utilizes DDE. Compound Word documents that contain a graphic or Excel workbooks that record real-time data are both examples of common DDE applications.

SEE: Use new security features in...(continued)

View All Trending Stories