Blog

  **Updated Note: As of November 12th, 2018, Trend Micro has discovered an in-the-wild sample of this logical bug seen in the TROJ_EXPLOIT.AOOCAI, using it  to deliver the URSNIF information stealer (TSPY_URSNIF.OIBEAO).** Cymulate’s research team has discovered a way to abuse the Online Video feature on Microsoft Word to execute malicious code (Read the press release here). Attackers could use this for malicious purposes such as phishing, as the document will show the embedded online video.

When organizations worry about their cyber security, they focus on ransomware attacks, employees opening (spear) phishing emails or clicking on malicious banners and links on websites. But there is another danger that is often underestimated - the web applications of your own organization could harbor vulnerabilities and security issues. This happens more often than you think - “bad” coding is still a major concern as the HP Security Research’s Cyber Risk Report 2015 indicates: .