Blog

Excel Formula, or XLM – doesn’t stop giving pain to researchers? On Friday I got a new sample using the xlsb file-format that supposedly was having malicious code. I had a quick look, and wow – this was different. My first check on VirusTotal (VT) showed me that it hadn’t been uploaded to VT yet. So with nothing to go on,

Read more

Office malware has been around for a long time. In the past I’ve written several blogs [1,2,3,4] about the basics and beyond. In this blog we’ll focus on Excel Formula (XF) 4.0. I wasn’t too familiar with XF 4.0 before I started looking into it, so learn with me. With VBA macros you’ll find these easily by decompressing some streams and

Read more

As cloud services have grown in popularity, they have also become a fertile ground for cybercriminals to launch attacks that stay under the radar. Attackers are taking advantage of the trust that users, organizations, and security vendors place in popular cloud services. This blog post provides examples of four key ways in which attackers abuse cloud services, for: Malware delivery

Read more

Xiaopeng ZhangFortinet’s FortiGuard Labs The Phobos ransomware family is fairly recent, only having been first spotted by security researchers in early 2019. But since then, it has continued to push out new variants that not only evolve attack methods, but also frequently change the extension name of encrypted files in past variants. And in its short history, its victims have often

Read more

Michael Daniel is the President and CEO of the Cyber Threat Alliance (CTA), a US-based non-profit organization that enables cybersecurity providers to share threat information with one another in both automated and human-to-human fashion. Introduction The industry has talked about the concept of threat intelligence sharing for decades, yet it has struggled to adopt mechanisms that facilitate high-quality sharing at scale

Read more