BleepingComputer reports that more threat actors have been leveraging Microsoft Visual Studio Tools for Office to enable .NET-based malware integration within Office add-ins after Microsoft moved to block VBA and XL4 macro execution in Office by default.
While the local VSTO method, which does not have trust-related security mechanism bypass requirements for add-in code execution, is more favorable among attackers, some threat actors have also used remote VSTO add-ins, according to a Deep Instinct report.
Attacks using VSTO involved a "custom.xml" parameter enabling add-in tracking and installation, with the add-in payload's dependencies usually stored alongside a document in an ISO container. The report showed that opening the document would trigger an add-in installation prompt, with an attack targeted at Spanish users found to result in the execution of an encoded and compressed PowerShell script.
Meanwhile, threat actors in an attack using a remote VSTO-based add-in configured the payload to facilitate the download of a password-protected ZIP archive.
Fifty percent more distributed denial-of-service attacks have been launched by threat actors during the first quarter of 2024 over the same period last year, with thwarted DDoS attacks increasing by 93% year-over-year, SiliconAngle reports.
Security Affairs reports that attacks with an updated iteration of the LightSpy iOS spyware using the "F_Warehouse" framework have been deployed against Southern Asian targets as part of a new cyberespionage campaign.
Operations of Russia's industrial sensor and monitoring infrastructure were claimed to have been disrupted by Ukrainian hacking operation Blackjack following a Fuxnet malware attack against Moscow-based underground infrastructure firm Moscollector, reports SecurityWeek.