Blog Tag: Taeil-Goh

Defending Against SettingContent-MS being used in MS Office and PDF Files

July 31, 2018 by Taeil Goh
Summary SettingContent-ms is an XML file that allows users to create a shortcut to Windows 10 setting pages. Recently a serious vulnerability was published by Matt Nelson, a researcher at SpecterOps. Only a week after his report, it...

Singapore Hack – How Did it Happen and Could it Have Been Prevented?

July 20, 2018 by Taeil Goh
The Singapore government today reported that hackers have stolen personal data belonging to some 1.5 million people, calling it "the most serious breach of personal data" the country had experienced. The attackers broke into the government...

Disarming a Multi-Stage Macro-Less Word Attack with Data Sanitization

March 05, 2018 by Taeil Goh
In November 2017, we published a blog post about how OPSWAT data sanitization (CDR) blocks macro-less attacks that use Microsoft Word documents. Recently, Trustwave published an article describing another...

How We Blocked a Word DDE Attack from APT28

November 16, 2017
By the OPSWAT Data Sanitization Team Last week, the APT28 threat group (also known as "Fancy Bear") was discovered to be using the Dynamic Data Exchange (DDE) attack method that we described in our recent blog post, "Data Sanitization...

An In-Depth Look at XML Document Attack Vectors

August 14, 2017 by Taeil Goh
In June, we published a short announcement about the beta release of XML document data sanitization (CDR) in which we briefly mentioned the importance of it: "The flexibility of XML has resulted in its widespread usage, including within...