The average website contains nearly 13 “serious” vulnerabilities, according to a report released this week by White Hat Security, a website risk management solutions provider. The report, which was compiled using data from more than 2,000 websites across 350 organizations, found that cross-site scripting and information leakage flaws were most prevalent, and websites belonging to large organizations – those with more than 2,500 employees – had the highest average number of serious flaws. In terms of industry, banking organizations had the least amount of vulnerabilities on average, followed by insurance and health care firms. — AM
BleepingComputer reports that more threat actors have been leveraging Microsoft Visual Studio Tools for Office to enable .NET-based malware integration within Office add-ins after Microsoft moved to block VBA and XL4 macro execution in Office by default.
Cybercriminals have been launching malvertising attacks to facilitate the distribution of virtualized .NET loaders, dubbed "MalVirt," that deploy the Formbook and newer XLoader information-stealing malware strains, both of which have keylogging, credential theft, and additional malware staging capabilities, reports The Register.