sandboxing | Breaking Cybersecurity News | The Hacker News

Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of the easiest ways into a victim's system. Here are the top three Microsoft Office-based exploits still making the rounds this year and what you need to know to avoid them. 1. Phishing in MS Office: Still Hackers' Favorite Phishing attacks using Microsoft Office files have been around for years, and they're still going strong. Why? Because they work, especially in business environments where teams constantly exchange Word and Excel documents. Attackers know that people are used to opening Office files, especially if they come from what looks like a colleague, a client, or a partner. A fake invoice, a shared report, or a job offer: it doesn't take much to convince someone to click. And once the file is open, the attacker has their chance. Phishing with Offic...

Tactics, techniques, and procedures (TTPs) form the foundation of modern defense strategies. Unlike indicators of compromise (IOCs), TTPs are more stable, making them a reliable way to identify specific cyber threats. Here are some of the most commonly used techniques, according to ANY.RUN's Q3 2024 report on malware trends, complete with real-world examples. Disabling of Windows Event Logging (T1562.002) Disrupting Windows Event Logging helps attackers prevent the system from recording crucial information about their malicious actions. Without event logs, important details such as login attempts, file modifications, and system changes go unrecorded, leaving security solutions and analysts with incomplete or missing data. Windows Event Logging can be manipulated in different ways, including by changing registry keys or using commands like "net stop eventlog". Altering group policies is another common method. Since many detection mechanisms rely on log analysis to identify s...

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we'll focus on the device threat vector. The risk they pose is significant, which is why device management tools like Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) are essential components of an organization's security infrastructure. However, relying solely on these tools to manage device risk actually creates a false sense of security. Instead of the blunt tools of device management, organizations are looking for solutions that deliver device trust . Device trust provides a comprehensive, risk-based approach to device security enforcement, closing the large gaps left behind by traditional device management solutions. Here are 5 of those limitations and how to ov...

One of the most common misconceptions in file upload cybersecurity is that certain tools are "enough" on their own—this is simply not the case. In our latest  whitepaper  OPSWAT CEO and Founder, Benny Czarny, takes a comprehensive look at what it takes to prevent malware threats in today's ever-evolving file upload security landscape, and a big part of that is understanding where the pitfalls are, and how to avoid them. The first step in that process is understanding that three commonly used tools or solutions are not enough on their own. Let's explore this concept and take a closer look at a better solution. Understanding the Challenge Modern web applications are complex, utilizing internet-connected IT systems that interface with critical OT systems, as well as leveraging a wide range of cloud providers and protocols. All these systems transfer and store highly sensitive and valuable data across government, healthcare, power, financial, and other critical sectors the wor...

Microsoft Windows built-in anti-malware tool, Windows Defender, has become the very first antivirus software to have the ability to run inside a sandbox environment. Sandboxing is a process that runs an application in a safe environment isolated from the rest of the operating system and applications on a computer. So that if a sandboxed application gets compromised, the technique prevents its damage from spreading outside the closed area. Since antivirus and anti-malware tools run with the highest level of privileges to scan all parts of a computer for malicious code, it has become a desired target for attackers. The need for sandboxing an antivirus tool has become necessary after multiple critical vulnerabilities were discovered in such powerful applications, including Windows Defender, in past years that could have allowed attackers to gain full control of a targeted system. That's why Microsoft announced to add a sandbox mode to its Windows Defender. So, even if an att...