Microsoft has updated the list of dangerous files it blocks inside Office 365 documents, and has added the ".SettingContent-ms" file format to that list.
A new file type format added in Windows 10 can be abused for running malicious code on users' computers, according to Matt Nelson, a security researcher for SpecterOps.
Microsoft announced plans last week to block Flash, Shockwave, and Silverlight content from activating in Office 365. The block will only apply to Office 365 subscription clients, but not to Office 2016, Office 2013, or Office 2010 distributions, the company said.
Spam distributors are using a new technique to infect users with malware, and while this attack relies on having users open Word documents, it does not involve users having to allow the execution of macro scripts.
Microsoft announced yesterday that future versions of the standalone Office 2019 app will work on Windows 10 versions exclusively.
The security research team at Rhino Labs, a US-based cyber-security company, has discovered that malicious actors can use a lesser-known Microsoft Word feature called subDoc to trick Windows computers into handing over their NTLM hashes, the standard format in which user account credentials are stored.
Microsoft is considering adding Python as one of the official Excel scripting languages, according to a topic on Excel's feedback hub opened last month.
As part of the December 2017 Patch Tuesday, Microsoft has shipped an Office update that disables the DDE feature in Word applications, after several malware campaigns have abused this feature to install malware.
A week after details about a severe Microsoft Office vulnerability came to light, at least one criminal group is now using it to infect users.
Security researchers have discovered a new ransomware strain named qkG that targets only Office documents for encryption and infects the Word default document template to propagate to new Word documents opened through the same Office suite on the same computer.
The way Microsoft patched a recent security bug has made several security and software experts believe the company might have lost the source code to one of its Office components.
Microsoft has patched today a huge security hole in Microsoft Office that could be exploited to run malicious code without user interaction on all Windows versions released in the past 17 years.
Malware authors don't necessarily need to trick users to enable macros to run malicious code. An alternative technique exists, one that takes advantage of another legitimate Office feature.
Security researchers have spotted a new type of low-and-slow brute-force attack — which they nicknamed KnockKnock — aimed at companies with Office 365 accounts.
Over the past few months, an Office vulnerability has become one of the most popular and efficient ways of delivering malware to vulnerable computers.
Today at the company's Inspire business conference, Microsoft announced a new service called "Microsoft 365" that bundles together three of its previous standalone services: Office 365, Windows 10, and Enterprise Mobility + Security.
Security researchers have spotted a booby-trapped PowerPoint file that will download malware to a computer whenever a victim hovers a link, no macro scripts required.
Microsoft's May 2017 Patch Tuesday, released yesterday, included fixes for three zero-days, which according to ESET and FireEye, were used by cyber-espionage groups operating out of Russia.
Today, WikiLeaks continued its "Vault 7" campaign by dumping another set of CIA files, but this time around, the organization also included the tool's source code, something they have not leaked in previous data dumps.