Excel-based malware has been around for decades and has been in the limelight in recent years. During the second half of 2020, we saw adversaries using Excel 4.0 macros, an old technology, to deliver payloads to their victims. They were mainly using workbook streams via the XLSX file format. In these streams, adversaries were able to enter code straight into cells (that’s why they were called macro-formulas). Excel 4.0 also used API level functions like downloading a file, creation of files, invocation of other processes like PowerShell, cmd, etc.   With the evolution of technology, AV vendors started to…

No attack type has been as impactful as ransomware in 2021. According to a panel of experts at the DEF CON 29 conference, the rising notoriety and impact of ransomware in 2021 has accelerated the need for both government and the private sector to act—though there was no clear consensus on the panel on exactly what actions should be taken. Chris Painter, co-chair of the Ransomware Task Force, commented that after the ransomware attack against…

Amazon’s Kindle e-reader is a popular device that has been on the market since 2007, with approximately 100 million Kindles in use around the world today. The primary purpose of the Kindle is to enable users to read books. Slava Makkaveev, security researcher at Check Point Software Technologies, had another idea, though; he wanted to see if he could load a book that would exploit the Kindle. At the DEF CON 29 conference, Makkaveev outlined…

Three Disney theme park employees have been arrested in Florida as part of an undercover sting operation to catch sexual predators who target children via the internet. The suspects are among 17 individuals arrested by the Polk County Sheriff’s Office (PCSO) under the Operation Child Protector initiative. The initiative was a joint effort involving detectives from the Auburndale Police Department, Orlando Police Department, Winter Haven Police Department, and Orange County Sheriff’s Office. From July 27…

A data breach at the University of Kentucky has exposed the personal information of hundreds of thousands of students and staff. An annual cybersecurity inspection uncovered the breach, which was caused by a vulnerability in a server associated with the university’s College of Education database.  News source WDRB reported that more than 355,000 email addresses were exposed in the security incident, with victims located across the world.  “The database is part of a free resource program known as the Digital…

An intelligence analyst who illegally obtained classified US government documents on drone warfare and leaked them to a journalist has been sentenced to prison. Daniel Everette Hale met the reporter in April 2013 while attending an event in a bookstore in Washington DC.  In 2014, while working as a cleared defense contractor at the National Geospatial-Intelligence Agency (NGA), Hale printed six classified documents, all of which were later published by a news outlet. Hale later printed 36…

This is the third in a series of blogs on the Cybersecurity EO, and I encourage you to read those you may have missed. (Part 1, Part 2). Between the initial publication of the Executive Order (EO) for Improving the Nation’s Cybersecurity on May 12 and late July, a flurry of activity by departments and agencies continues to occur on how best to understand and address potential security gaps. Once identified, these analyses will facilitate…

Now patched by Amazon, security vulnerabilities found by Check Point would have given attackers access to a Kindle device and its stored data. Image: Amazon Amazon Kindle owners could have exposed themselves to a remote control attack simply by opening the wrong e-book. In a report published on Friday, cybersecurity provider Check Point said that it discovered security holes in the Kindle that would have helped a cybercriminal take full control of the device, potentially…