Blog

5
Mar

The Generation of Misinformation: Revolutionizing the World of Phishing Through Deepfakes

By Felissa Mariz D. Marasigan and Lovely Jovellee Lyn Bruiz 2020 brought a major change in the digital world. As we bring our day-to-day activities online, our social network grows vastly, and new more diverse threat starts creeping in. In 2017, DeepFakes, also known as manipulated media produced through artificial intelligence, were primarily used by enthusiasts to generate fake porn videos. It is

Read more

26
Feb

Excel Formula/Macro in .xlsb?

Excel Formula, or XLM – doesn’t stop giving pain to researchers? On Friday I got a new sample using the xlsb file-format that supposedly was having malicious code. I had a quick look, and wow – this was different. My first check on VirusTotal (VT) showed me that it hadn’t been uploaded to VT yet. So with nothing to go on,

Read more

23
Feb

Decompiling Excel Formula/Macro 4.0 files to understand their execution

Office malware has been around for a long time. In the past I’ve written several blogs [1,2,3,4] about the basics and beyond. In this blog we’ll focus on Excel Formula (XF) 4.0. I wasn’t too familiar with XF 4.0 before I started looking into it, so learn with me. With VBA macros you’ll find these easily by decompressing some streams and

Read more

19
Feb

Cloud as an Attack Vector

As cloud services have grown in popularity, they have also become a fertile ground for cybercriminals to launch attacks that stay under the radar. Attackers are taking advantage of the trust that users, organizations, and security vendors place in popular cloud services. This blog post provides examples of four key ways in which attackers abuse cloud services, for: Malware delivery

Read more

12
Feb

Pay or Lose Your Critical Data — Deep Analysis of A Variant of Phobos Ransomware

Xiaopeng ZhangFortinet’s FortiGuard Labs The Phobos ransomware family is fairly recent, only having been first spotted by security researchers in early 2019. But since then, it has continued to push out new variants that not only evolve attack methods, but also frequently change the extension name of encrypted files in past variants. And in its short history, its victims have often

Read more

X