fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Is Disabling Excel 4.0 Macros By Default To Protect Users

Microsoft Is Disabling Excel 4.0 Macros By Default To Protect Users

​Microsoft will soon begin disabling Excel 4.0 XLM macros by default in Microsoft 365 tenants to protect customers from malicious documents.

Excel 4.0 macros, or XLM macros, were first added to Excel in 1992 and allowed users to enter various commands into cells that are then executed to perform a task.

Also Read: The DNC Registry Singapore: 5 Things You Must Know

Malicioux XLS document with obfuscated Excel 4.0 macro
Malicious XLS document with obfuscated Excel 4.0 macro

While VBA macros were introduced in Excel 5.0, threat actors continue to XLM macros twenty years later in malicious documents that download malware or perform other unwanted behavior.

Malicious campaigns utilizing Excel 4.0 XLM macros include ones for malware, such as TrickBotQbotDridexZloader, and many more.

Due to their continued abuse, Microsoft has been recommending users switch from and disable Excel 4.0 XLM macros for years in favor of VBA macros. This recommendation is because VBA macros support the Antimalware Scan Interface (AMSI), which can be used by security software to scan macros for malicious behavior.

To disable Excel 4.0 macros, Windows admins can use group policies to disable the feature, and users can disable it via the Excel Trust Center using the Enable XLM macros when VBA macros are enabledsetting.

Enable XLM macros when VBA macros are enabled in Excel Trust Center
Enable XLM macros when VBA macros are enabled in Excel Trust Center

Microsoft to disable Excel 4.0 macros in all tenants

Instead of waiting for organizations to disable XLM macros on their own, Microsoft announced yesterday that they would be disabling Excel 4.0 macros by default starting in October in preview builds and then moving onto the current channel in November.

Also Read: How To Comply With PDPA: A Checklist For Businesses

“We are introducing a change to the Excel Trust Center Macro settings to provide a more secure experience for users by default. This new default behavior will disable Excel 4.0 macros,” explained an advisory in the Microsoft 365 message center.

Microsoft will begin disabling Excel 4.0 macros in all tenants using this rollout schedule:

  • Insiders-Slow: will rollout in late October and be complete in early November.
  • Current Channel: will rollout in early November and be complete in mid-November.
  • Monthly Enterprise Channel (MEC): will begin and complete rollout in mid-December.

Microsoft will not be making any changes for users who have manually configured this setting or configured it via group policies.

When the change rolls out, the Enable XLM macros when VBA macros are enabled setting will be unchecked by default, which disables XLM macros.

Microsoft states that users who wish to enable XLM macros after this rollout has finished can do so in the Excel Trust Center.

H/T Omri Segev Moyal

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us