Recently Browsing 0 members
No registered users viewing this page.
By Usama Jawad96
Runtime inspection of XLM macros is now available in Microsoft Excel
by Usama Jawad
Excel 4.0 (XLM) is an old macro language which Microsoft released for Excel back in 1992. Although it is a legacy language and most organizations have since migrated to Visual Basic for Applications (VBA), some continue to use XLM because of its functionalities and interoperability with the OS. Microsoft has noticed that due to its continued use, malicious actors have started to abuse XLM macros more frequently, which is why the company is now enabling runtime inspection of XLM code in Microsoft Excel.
Microsoft's Antimalware Scan Interface (AMSI) was already integrated with VBA back in 2018 and has been very successful in exposing and stopping malware attacks dependent upon the particular technology. Naturally, malicious actors have recently shifted focus to relatively less secure technologies such as XLM to call Win32 APIs and run shell commands for their activities. As such, Microsoft is now enabling runtime inspection of XLM code in Office 365 applications such as Excel.
Multiple tools and antivirus solutions can utilize AMSI to request scans of data to detect potential threats. The Redmond tech giant uses it heavily with Microsoft Defender for Endpoint for threat detection in various applications such as Office VBA macros, JScript, VBScript, PowerShell, WMI, dynamically loaded .NET assemblies, and MSHTA/Jscript9.
Microsoft has noted that this new integration with XLM is essential, saying that:
Multiple malicious groups have been named which are using XLM macros as an attack surface for their activities including Trickbot, Zloader, and Ursnif.
Runtime inspection of XLM in Microsoft is now available in AMSI, which means that it can be performed by any antivirus solution that is registered as an AMSI provider for a machine. Under default configurations, files that are from trusted locations or are trusted documents will not be scanned at runtime. The same also applies for files that are opened when the security settings are configured to enable all macros. The feature is enabled by default on the February Current Channel and Monthly Enterprise Channel for Microsoft 365 subscription users.
By News Staff
This All-In-One 2021 Super-Sized Ethical Hacking Bundle is only $42.99
by Steven Parker
Today's highlighted deal comes via our Online Courses section of the Neowin Deals store, where you can save 98% off the All-In-One 2021 Super-Sized Ethical Hacking Bundle. Be a data master player with the world's best-selling online Excel diploma! Lifetime access to 60 hours and 300 easy-to-follow lessons and projects.
This bundle consists of the following courses:
Complete Python 3 Ethical Hacking Course: Zero to Mastery
Learn to Code 10+ Penetration Testing Tools from Scratch Complete Ethical Hacking & Penetration Testing Course
Web Hacking, Phishing, NMAP, Password Cracking, Penetration Testing, Metasploit & More Website Hacking in Practice: Hands-On Course 101
Understand Today's Top Hacking Threats & How to Combat Them Hacking Wireless Networks: Theory & Practice
Explore the Essentials of Hacking Networks with this Example-Driven Course Hacking in Practice: Certified Ethical Hacking Mega Course
Explore Today's Cyber Threats & Shut Them Down with 20+ Hours of Practical Training Hack People, Systems & Mobile Devices: Advanced Social Engineering
Learn Advanced Social Engineering Techniques to Crack Mobile Devices Learn Burp Suite for Advanced Web Penetration Testing
Perform Hands-On Security Testing to Master Burp Suite Learn Server Security with BitNinja
Enjoy Real-Time Protection, Automatic False Positive Handling & Threat Analysis All-in-One Hacking Guide: From Zero to Hero
Master Ethical Hacking Techniques & Methodologies Used in Penetration Systems PenTesting with OWASP ZAP: Mastery Course
Must-Have Tool Mastery for Hackers, PenTesters, Developers, Coders & Experienced Security Professionals Mastering Burp Suite Community Edition: Bug Hunters Perspective
Learn Burp Suite Community Edition to Use It Effectively as an Ethical Hacker, Web Security Tester, or Bug Bounty Hunter Kali Linux Hacker Tools, Tricks & Techniques
A Beginner Course for Ethical Hackers Who Are New in Kali Linux Bug Bounty: Web Hacking
Get Paid to Legally Hack The World's Biggest Web Apps Learn Network Attacks & Security
Explore Different Types of Network Attacks & Secure Yourself From Them Master in Hacking with Metasploit
Hack Almost All Operating System Introduction to Python & Hacking with Python
Create Your Own Hacking Scripts Ethical Hacker Certification Course
Hack Windows, Linux, Android, & All Kinds of Operating Systems! Complete NMAP: Learn Ethical Hacking with NMAP
Become an Ethical Hacker & Cyber Security Expert with NMAP Good to know
Length of time users can access this course: Lifetime Certification of completion included Updates included Redemption deadline: redeem your code within 30 days of purchase For specifications and instructor info please click here.
Here's the deal:
This eLearnExcel: The Excel Certification School Bundle normally costs $3,284, but can now be yours for just $42.99, for a limited time, that's a saving of $3,241.01 (98%) off!
Learn more about it, or get this deal now
See all Online Courses on offer. This is a time-limited offer that ends soon.
Get $1 credit for every $25 spent · Give $10, Get $10 · 10% off for first-time buyers.
Not for you?
That's OK, there are other deals on offer you can check out here.
Home Gym Giveaway | Ultimate Gaming Giveaway (feat. PlayStation 5 & Xbox Series X) Ivacy VPN - 5 year subscription for just $1 per month NordVPN - 2 year subscription at up to 68% off Private Internet Access VPN - subscriptions at up to 71% off Unlocator VPN or SmartDNS - unblock Geoblock with 7-day free trial Neowin Store for our preferred partners. Subscribe to Neowin - for $14 a year, or $28 a year for Ad-Free experience Disable Sponsored posts · Neowin Deals · Free eBooks · Neowin Store
Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.
Malwarebytes says it was targeted by SolarWinds hackers too
by Paul Hill
In a blog post, the digital security firm Malwarebytes said that it had been targeted by the nation state actor implicated in the SolarWinds breach late last year that affected the U.S. government, Microsoft, Nvidia, VMware, and others.
According to the computer security firm, it does not use SolarWinds but was attacked via another intrusion vector that leveraged applications that had privileged access to Microsoft Office 365 and Azure. Malwarebytes said that the attacker managed to get access to "a limited subset of internal company emails" but didn't find any evidence that their production systems had been compromised.
Malwarebytes’ incident response group worked with Microsoft’s Detection and Response Team (DART) to find out how the attack happened. Explaining what the teams did, Malwarebytes CEO Marcin Kleczynski said:
To ensure that none of its products and systems were compromised, it carried out an analysis of the Malwarebytes source code, build and delivery processes and even reverse-engineered its software. This, coupled with the fact that none of its internal systems were compromised, led the company to declare that its software remains safe to use.
To combat these sophisticated attacks, Malwarebytes has called on other security companies to continue sharing information so that responses are effective. It also thanked the security community for working over the holiday period to respond to the hack.
By Usama Jawad96
Microsoft declares war on Israeli surveillance company NSO Group
by Usama Jawad
Back in 2019, Israeli technology company NSO Group found itself embroiled in controversy when it was alleged that its Pegasus program was used to hack WhatsApp. The sophisticated attack technique allowed attackers to inject spyware into Android and iOS devices by simply calling them. The victim is not even required to attend the call in order for the attack to be successful.
While WhatsApp plugged the vulnerability, it later took NSO Group to court for its malicious actions. The surveillance company has denied wrongdoing multiple times using the defense of immunity since it claims that Pegasus is used on behalf of governments. Following recent reports of Al Jazeera journalists being hacked using software developed by NSO Group, Microsoft and various other corporations have now joined the fight against the Israeli firm.
Group of anonymous hackers in black costumes working with computers in office image via ShutterstockIn a sternly worded blog post, Corporate Vice President of Customer Security & Trust at Microsoft, Tom Burt has described NSO Group as the cyber mercenaries of the 21st century and stated that they should get no immunity. Together with Cisco, GitHub, Google, LinkedIn, VMWare, and the Internet Association, Microsoft has filed an amicus brief in WhatsApp's legal case against NSO Group. Simply stated, this means that the firms will be providing assistance to the court by offering technical expertise.
Microsoft has highlighted that Pegasus infected WhatsApp on 1,400 devices last year, including those of journalists and prominent figures fighting against human rights violations. It emphasized that NSO Group's business model is very dangerous for a number of reasons. Primarily, there is no guarantee that the cyber-weapons won't fall into the wrong hands. Even if NSO Group sells Pegasus only to governments, it could be handed over to customers who lack proper defenses, resulting in highly dangerous software being stolen. Microsoft also stated that:
Lastly, the Redmond tech giant emphasized that such tools developed by private security firms are a threat to human rights and privacy. It stated that NSO Group's clients are spread throughout the world, and they utilize cyber weapons to track journalists and other opposing groups. Microsoft indicated that even if NSO Group's own intention is not to violate human rights, its tools certainly allow its clients to do so.
Moving forward, Microsoft has urged that private security firms such as NSO Group should be liable for any laws that are broken by using their tools, and they should not be granted immunity in any circumstances. The coalition hopes that the amicus brief will enable it to protect the rights and privacy of all its global customers.
By Ather Fawaz
Trump campaign website briefly defaced by hackers
by Ather Fawaz
Image via Alex Brandon With the U.S. Presidential Elections just around the corner, President Donald Trump's campaign website was briefly taken over and defaced by hackers. In an act that lasted close to 30 minutes, The New York Times reports that hackers replaced a section of Trump's campaign website. Gabriel Lorenzo Greschler, who is a journalist at the Jewish News of Northern California, was among the first to report of the incident. Greschler stumbled upon the hack while researching climate change, and proceeded to make a video demonstrating the seized website:
As seen above, hackers took over the 'Coalitions' tab on the President's website and claimed to have compromised 'multiple devices', essentially giving them access to 'most internal and secret conversations', including classified information. They further threatened to discredit the POTUS by choosing to either release the sensitive data or keep it a secret. The choice of this was left at the hands of site visitors; an encryption key was also dropped on the page so that the hackers could solicit votes in a cryptocurrency called Monero. The hackers also accused the Trump administration of cooperating with foreign actors in manipulating the upcoming elections and of having a hand in the advent of the coronavirus.
Tim Murtaugh, the spokesman for the Trump campaign confirmed the reports of the website being defaced and said they were “working with law enforcement authorities to investigate the source of the attack.” He later clarified that there was no leak of sensitive data either and that the website had been restored.
This hack comes less than a week after an ethical hacker claimed to have obtained access to President Trump's official Twitter account with the password 'maga2020!'. It's also days after the President claimed in a campaign rally that “Nobody gets hacked. To get hacked you need somebody with 197 I.Q. and he needs about 15 percent of your password.” Regardless, intelligence agencies have claimed that today's defacement could've been yet another cryptocurrency fraud to solicit money via phishing.
Source: Gabriel Lorenzo Greschler (Twitter) via The New York Times