CTO's Blog

Cyber Security Insights for the Chief Technology Officer & Executive 

26 new file types support including Video, Email and more

April 03, 2019 by Vinh Lam
Overview We are excited to announce a major release, v5.4, of Data Sanitization (also known as CDR). With this release, we address two new use cases. The first protects isolated networks from threats borne by email messages on...

Data Sanitization against Remote Code Execution in LibreOffice (CVE-2018-16858)

February 25, 2019 by Vinh Lam
Overview LibreOffice is a free and widely used office productivity suite. Several vulnerabilities were discovered in the past, in 2017 the number of CVEs increased significantly. In 2017, OPSWAT started...

Data Sanitization v5.3 Release

December 27, 2018 by Taeil Goh
Highlights Sanitization of recursively embedded documents in Microsoft Office 2007 documentsSanitization of Calendar data files: iCalendar (.ics) & vCalender v1.0 (.vcs)Enhanced EMF/WMF sanitization Improved image sanitization...

Proof of Concept (PoC) Attack Leverages Microsoft Office and YouTube to Deliver Malware

November 26, 2018 by Vinh Lam
Researchers at Cymulate have discovered a way to deliver and execute malware through the Online Video feature in Microsoft Office Word (https://blog.cymulate.com/abusing-microsoft-office-online-video). Here we outline a brief summary of...

Data Sanitization against Steganography, Evasion

November 06, 2018 by Taeil Goh
We have warned about the risk of steganography in the previous blog. Steganography is the method of concealing messages, images, videos or malware within a file or a message. We have now observed steganography in actual attacks*. Just...

Sign up for Blog updates

Get information and insight from the leaders in advanced threat prevention.