What is KRACK?

Welcome to another manic Monday! Some might say, “welcome to the next dumpster fire.” In any case, if you follow InfoSec security news feeds, you have probably heard of a newly released set of vulnerabilities in the WPA2 wireless authentication protocol. These collectively are know as the Key Reinstallation Attack vulnerabilities or KRACK vulnerabilities. Steve Ragan (@SteveD3) broke the details this morning in his CSO Online post which describes the vulnerabilities. This type of attack has been “branded” with the name Krack Attacks and the latest details can be found here.

Read More

Move over macros, Office DDE exploits arrive!

Office macros have been the primary choice of attacks by malicious actors for years.  IT administrators and users have learned to be cautious before running macros. The Dynamic Data Exchange (DDE) protocol has been around much longer but hadn’t been used for attacks.  It’s a communication protocol that allows programs to share data with each other.

In 2016, Sensepost researchers authored an article describing how DDE exploits may be used with Microsoft Excel formulas. It allows specially crafted formulas to run applications on the machine and return data from web requests.  Unlike macros, the formulas don’t currently execute with an option to display a security warning to the user.  Excel isn’t the only application that offers these formulas, Word includes the option as well.  Macros, OLE objects, and RTF exploits have been the main attack Office vectors, however, we expect DDE will gain traction since it is lesser known.

Read More