So you think you can block Macros? | allinfosecnews.com

April 26, 2023, 7:42 a.m. | /u/munrobotic

/r/netsec - Information Security News & Discussion www.reddit.com

A great blog post from Outflank, and a must-read for CISOs and technical blue teams! The post outlines common controls and strategies deployed to mitigate Microsoft Office macro security issues. They also introduce LOLdocs from a recent Brucon talk, detailing how vulnerabilities in signed #microsoft Office content might be abused to bypass even strictly configured MS Office installs. Awesome.

block blog blog post blue bypass cisos controls for cisos great macro macros microsoft microsoft office microsoft office macro security ms office netsec office security security issues teams technical vulnerabilities

More from www.reddit.com / /r/netsec - Information Security News & Discussion

Exploiting the NT Kernel in 24H2: New Bugs in Old Code & Side Channels Against … 12 hours ago | www.reddit.com

bugs code exploiting kaslr +3

Postman users are exposing Thousands of live Passwords/API keys 1 day, 8 hours ago | www.reddit.com

api api keys exposing keys +4

Moriarty v1.2 has been released! 1 day, 14 hours ago | www.reddit.com

Exploring Vulnerabilities in Embedded Devices: A Case Study of an IP Phone 1 day, 18 hours ago | www.reddit.com

case devices embedded embedded devices +5

Cisco ASA exploit in the wild. 2 days, 10 hours ago | www.reddit.com

asa cisco cisco asa exploit +3

18 vulnerabilities in Brocade SANnav 2 days, 14 hours ago | www.reddit.com

brocade netsec vulnerabilities

SAP Threat Modeling Tool - Open Source Software 2 days, 23 hours ago | www.reddit.com

modeling netsec open source sap +4

Nation-State Threat Actors Renew Publications to npm 3 days, 3 hours ago | www.reddit.com

nation netsec npm publications +3

CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon 3 days, 13 hours ago | www.reddit.com

command command injection command injection vulnerability cve +6

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Senior InfoSec Manager - Risk and Compliance

@ Federal Reserve System | Remote - Virginia

View on infosec-jobs.com

Security Analyst

@ Fortra | Mexico

View on infosec-jobs.com

Incident Responder

@ Babcock | Chester, GB, CH1 6ER

View on infosec-jobs.com

Vulnerability, Access & Inclusion Lead

@ Monzo | Cardiff, London or Remote (UK)

View on infosec-jobs.com

Information Security Analyst

@ Unissant | MD, USA

View on infosec-jobs.com