CTO ブログ

How to Prevent Arbitrary File Disclosure Vulnerability in OpenOffice and LibreOffice

January 17, 2018 by Vinh Lam
In early December 2017, OPSWAT announced that OpenDocument Text files are supported in MetaDefender for data sanitization (CDR). Data sanitization, or Content Disarm and Reconstruction (CDR), removes potentially malicious embedded...

Metadefender Now Supports Content Disarm and Reconstruction for OpenDocument Text

December 07, 2017 by Vinh Lam
Instead of purchasing the widely used Microsoft Office suite, many users opt to use the free alternatives LibreOffice or Apache OpenOffice. However, these open-source software products contain many vulnerabilities that attackers can...

How We Blocked a Word DDE Attack from APT28

November 16, 2017
By the OPSWAT Data Sanitization Team Last week, the APT28 threat group (also known as "Fancy Bear") was discovered to be using the Dynamic Data Exchange (DDE) attack method that we described in our recent blog post, "Data Sanitization...

Data Sanitization Prevents Macro-Less MS Word Attacks

November 08, 2017
By the OPSWAT Data Sanitization Team Malicious Word Documents Without Macros Attackers have used macros in Microsoft Word documents for malware delivery for a long time, starting in the mid-to-late 1990s. To combat this, Microsoft added...

An In-Depth Look at XML Document Attack Vectors

August 15, 2017 by Taeil Goh
XML documents can be used in malware attacks. This blog post is for technical readers who would like to see details about XML-based attacks with examples.

'Hacking with Pictures': Stegosploit and How to Stop It

August 02, 2017
The vast majority of users do not expect an image file to be remotely risky. This makes image-borne malware attacks like Stegosploit particularly dangerous.

Metadefender Now Supports Data Sanitization for XML Documents

June 08, 2017 by Taeil Goh
The flexibility of XML has resulted in its widespread usage, including within Microsoft Office documents and SOAP messages. However, XML documents have many security vulnerabilities that can be targeted for different types of attacks,...

For more information, please contact one of our critical infrastructure cybersecurity experts.

Sign up for Blog updates
Get information and insight from the leaders in advanced threat prevention.