Recherche : [Office] - Cyberveille

Cybersecurity breach at Congressional Budget Office remains a live threat https://www.politico.com/live-updates/2025/11/10/congress/cbo-still-under-threat-00644930

12/11/2025 17:18:16

www.politico.com
Katherine Tully-McManus
11/10/2025, 2:01pm ET

Library of Congress employees were informed to take caution when emailing the office of the congressional scorekeeper.
A cybersecurity breach discovered last week affecting the Congressional Budget Office is now considered “ongoing,” threatening both incoming and outgoing correspondence around Congress’ nonpartisan scorekeeper.

Employees at the Library of Congress were warned in a Monday email, obtained by POLITICO, that the CBO cybersecurity incident is “affecting its email communications” and that library staff should take a range of measures to protect themselves.

Library of Congress workers also were told to restrict their communication with the nonpartisan agency tasked with providing economic and budgetary information to lawmakers.

“Do NOT click on any links in emails from CBO. Do NOT share sensitive information with CBO colleagues over email, Microsoft Teams, or Zoom at this time,” the email reads.

“Maintain a high level of vigilance and verify the legitimacy of CBO communications by confirming with the sender via telephone that they sent the message,” the note continues.

Congressional staff are in regular communication with CBO regarding scores of legislation and cost estimates the agency prepares for bills in both the House and Senate.

There was no immediate information Monday about the broader implications that a legislative branch office was continuing to experience cybersecurity vulnerabilities.

A CBO spokesperson said last week that officials had taken “immediate action to contain” the breach as officials investigate the incident.

When asked for comment Monday about ongoing issues, the CBO spokesperson referred to the prior statement.

Excel(ent) Obfuscation: Regex Gone Rogue https://www.deepinstinct.com/blog/excellent-obfuscation-regex-gone-rogue

14/05/2025 19:42:34

Join Ido Kringel and the Deep Instinct Threat Research Team in this deep dive into a recently discovered, Office-based regex evasion technique

Microsoft Office-based attacks have long been a favored tactic amongst cybercriminals— and for good reason. Attackers frequently use Office documents in cyberattacks because they are widely trusted. These files, such as Word or Excel docs, are commonly exchanged in business and personal settings. They are also capable of carrying hidden malicious code, embedded macros, and external links that execute code when opened, especially if users are tricked into enabling features like macros.

Moreover, Office documents support advanced techniques like remote template injection, obfuscated macros, and legacy features like Excel 4.0 macros. These allow attackers to bypass antivirus detection and trigger multi-stage payloads such as ransomware or information-stealing malware.

Since Office files are familiar to users and often appear legitimate (e.g., invoices, resumes, or reports), they’re also highly effective tools in phishing and social engineering attacks.

This mixture of social credit and advanced attack characteristics unique to Office files, as well as compatibility across platforms and integration with scripting languages, makes them ideal for initiating sophisticated attacks with minimal user suspicion.

Last year, Microsoft announced the availability of three new functions that use Regular Expressions (regex) to help parse text more easily:

Regex are sequences of characters that define search patterns, primarily used for string matching and manipulation. They enable efficient text processing by allowing complex searches, replacements, and validations based on specific criteria.

Secrétariat d’État à la politique de sécurité (SEPOS) et Office fédéral de la cybersécurité (OFCS) : le Conseil fédéral fixe des bases légales https://www.admin.ch/gov/fr/accueil/documentation/communiques.msg-id-98807.html

23/11/2023 17:28:00

Informations actuelles de l'administration. Tous les communiqués de l'administration fédérale, des départements et des offices.

Detecting OneNote Abuse https://labs.withsecure.com/publications/detecting-onenote-abuse

06/02/2023 18:58:22

OneNote is a software part of the Office suite, commonly used within most organisations for note-keeping, task management and more. In the last year, OneNote gained more attention from a security perspective, mostly thanks to the research paper published by Emeric Nasi.

Rackspace Cloud Office suffers security breach https://doublepulsar.com/rackspace-cloud-office-suffers-security-breach-958e6c755d7f

05/12/2022 08:52:08

Thousands of small to medium size businesses are suffering as Rackspace have suffered a security incident on their Hosted Exchange service.

Yesterday, 2nd December 2022, Rackspace announced an outage to their Hosted Exchange Server:

Follina — a Microsoft Office code execution vulnerability https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e

30/05/2022 11:33:04

Two days ago, Nao_sec identified an odd looking Word document in the wild, uploaded from an IP address in Belarus...

Who Needs to Exploit Vulnerabilities When You Have Macros? https://insights.sei.cmu.edu/blog/who-needs-to-exploit-vulnerabilities-when-you-have-macros/

13/02/2022 01:46:37

Recently, there has been a resurgence of malware that is spread via Microsoft Word macro capabilities....

Helping users stay safe: Blocking internet macros by default in Office https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805

13/02/2022 01:30:37

Changing Default Behavior

We’re introducing a default change for five Office apps that run macros:
VBA macros obtained from the internet will now be blocked by default.

Liens par page

Filtres