The attacks begin with malicious emails containing seemingly innocuous document attachments (Excel and Word files) that exploit the CVE-2017-11882 flaw, a commonly targeted Microsoft Office Equation Editor vulnerability fixed in 2017.
Microsoft Excel Infection Sequence Threat actors begin the infection sequence by distributing spam emails with malicious attachments (like in Figure 1 and Figure 2 below) in hopes that users on vulnerable versions of Microsoft Excel open these emails and download the attachments. Figure 1: Spam email example Figure 2: Spam email example To make these […]
Let’s begin with a thought-provoking question: among a credit card number, a social security number, and an Electronic Health Record (EHR), which commands the highest price on a dark web forum? Surprisingly, it’s the EHR, and the difference is stark: according to a study, EHRs can sell for up to $1,000 each, compared to a […]
The Federal Communications Commission’s privacy and data protection task force will begin partnering with four state governments to strengthen enforcement investigations and pool resources, FCC Chairwoman Jessica Rosenworcel announced Wednesday. The attorneys general of Connecticut, Illinois, New York and Pennsylvania signed a memorandum of understanding with the FCC to cement the partnership. Federal and state […]