March 14, 2018 / Votiro Labs

Invitation to cause problems

Next time you’re invited to a meeting, plan on being late – unless you want to give hackers access to your computer, network, or entire IT system. In the ongoing and ever-going battle against hackers, it’s come down to this; even responding to a meeting invitation can give hackers the...
Read More
March 04, 2018 / Amit Dori

Japanese under the cross-hair, again

A new malicious campaign is targeting Japanese firms, Votiro has discovered, in collaboration with cybersecurity consulting and intelligence company, ClearSky. The new campaign consists of spam with attached malicious Excel workbooks, which, once opened, activate macros that utilize PowerShell to download and execute a second-stage...
Read More
February 20, 2018

Think you are just watching a video? Think again!

Word, the leading word processor from Microsoft, has been used by most people at some point in their lifetime. In order to maintain its lead, Word is constantly updated – new features are added and bugs are being removed. A reasonably new feature, Word’s Online Video feature, supports inserting a...
Read More
February 13, 2018 / Amit Dori

Tricky Campaign Leverages Ukraine-Russia Tensions

As we’ve seen in the past, dangers abound even in ostensibly innocent-seeming,documents that appear for all the world to be legitimate. Even documents that seem to be the kind a professional would expect to receive could be harboring some hidden dangers – macros that are embedded in a document that...
Read More
February 05, 2018 / Amit Dori

Word Equation Fiasco

Every family has a skeleton in its closet, one that often remains hidden for a long time. But sooner or later, them bones will begin talking – and when they do, they will sing loudly, indicting the people behind their troubles, and revealing to the world their perfidy and...
Read More
January 03, 2018 / Votiro Labs

AutoCad Security Bug Still a Risk, It Turns Out

Credit card information is nice, and identity theft is a profitable industry – but for hackers, the big money is in industrial espionage. When hackers invade a corporate network, using their tricks to inveigle victims into granting them access to their computers via spear phishing campaigns aided by...
Read More
December 20, 2017 / Itay Glick

Start 2018 Zero-day Attack Free

CISOs spanning the globe have prepared for the unknown coming our way in 2018. You’ve likely spent countless hours thinking, planning and taking extensive action to protect your company, but there’s one thing that remains a mystery … the infamous zero-day attack.  As we embark upon a new year, with...
Read More
December 17, 2017

Arming CISOs Against the Malicious Macro Threat

Invoicing. Business documents. A meeting invitation. These days, the average employee receives countless incoming files, including emails with attachments, web downloads, and others, that have CISOs stressing around the clock about what he might click. Cyber criminals have tapped into yet another virtual weakness with one unsuspecting click that can...
Read More
November 14, 2017

Android Injections Already Targeting Japanese Banking Apps

The threats and attacks overwhelming the cyberspace have been keeping cybersecurity departments on their toes, and they should- This time the online banking service apps are the ones that should be concerned, as the good old web injection method commonly used in MITB-class attacks is now targeting...
Read More
November 10, 2017 / Amit Dori

Word Includes

In the wake of Dynamic Data Exchange (DDE) attacks, the subject of Quick Fields has come into focus among cybersecurity pros as well. These, too, have the potential to become a major security problem, and some researchers have stepped up to the challenge and begun exploring the world...
Read More