Legacy Flaw in Word Docs Unleashes Data-Stealing Malware Campaign
Cybersecurity experts at Fortinet's FortiGuard Labs have recently identified a sophisticated phishing operation distributing dangerous malware through Microsoft Word documents. The campaign preys on Windows users by sending emails disguised as business communications, urging recipients to open attached files. What makes this attack particularly noteworthy is its reliance on a remarkably old security weakness, present in Microsoft Office for nearly two decades.
Upon merely opening one of these tainted documents, users inadvertently trigger an exploit targeting CVE-2017-11882, a vulnerability dating back 17 years within Office's Equation Editor component. This flaw permits attackers to execute malicious code remotely without requiring further user interaction. The exploit facilitates the extraction of a hidden malicious file and its execution, leading to the deployment of the FormBook malware. This potent threat establishes persistence on the compromised system and employs sophisticated techniques to steal sensitive information, including login credentials, keystrokes, and screen data, providing attackers extensive access to victims' digital lives.
This campaign is part of a broader trend observed by researchers, where malicious actors frequently weaponize common file formats like Microsoft Office documents for initial infection vectors. To safeguard against such threats, users are advised to exercise extreme caution with email attachments from unknown sources, ensure all software, especially Microsoft Office and Windows, is kept up-to-date with the latest security patches, and utilize comprehensive, multi-layered security solutions capable of detecting and blocking sophisticated malware attacks.
Explore the most significant cybersecurity events of 2024, from critical supply chain failures and major corporate breaches to nation-state espionage and the rise of persistent threats.
Global tensions are escalating cyber threats, driving nations to enhance digital defenses against potential attacks on critical infrastructure and businesses amidst a growing digital arms race.
The cybersecurity landscape in 2025 is marked by sophisticated attacks targeting vendors and increasing regulatory demands, leading to significant challenges and burnout for security professionals.
As technology advances, so do digital threats. Learn about the dynamic nature of cybersecurity and the growing challenges organizations face in an increasingly complex environment.
Experts warn of the growing threat of sophisticated Chinese cyberattacks targeting critical U.S. infrastructure and telecom networks, highlighting perceived inadequate preparedness.
A new report highlights concerning cybersecurity trends for 2025, revealing employee vulnerabilities, lack of essential tools, and inadequate AI use policies leave many businesses exposed to data breaches and cyberattacks.
A massive data breach impacting potentially tens of millions of U.S. students at education tech company PowerSchool was reportedly enabled by a failure to implement basic security measures like two-factor authentication.
2024 was marked by significant cybersecurity challenges, including major incidents like the Change Healthcare ransomware attack and a global CrowdStrike IT issue, among its top stories.
Google and Microsoft are providing free assessments and discounted cybersecurity tools to small and rural hospitals facing a surge in cyberattacks that threaten patient data and care.