Polyglots and Privacy


MalDOC Security Evasion

by Artie Kaye

This attack uses a document embedded in a PDF file to open Word and execute a payload.  Files like this are called polyglot, because they contain information which can be read as multiple filetypes.  Leveraging this method allows the infected files to avoid detection by malware scanners.  This still requires opening the document to activate it.  Never download or open documents from untrusted sources.

Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)


Chrome Privacy Sandbox

by Artie Kaye

Google has rolled out their new advertising system on their browser.  It does not interact with third party cookies, and relies on the browsing habits of the users to select what ads are shown.  Concerns regarding this new method have been raised by other browser developers.  If using Chrome, the functions are automatically turned on, but can be manually turned off.  The location is under Settings > Privacy and security > Ad privacy.  There are three main features which need to be deactivated to turn it off completely.

Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)