Dangerous file attachments¶
Potentially dangerous file attachments are handled securely? Yes / No
File attachments in email and chat are one of the most common attack vectors.
Rigged files may include:
- Office files (Microsoft Word, Microsoft Excel, and related)
- Flash animations
- PDF files
Dangerous communication channels include anything on which team members can be freely contacted, including:
- Skype
The desktop applications and web browser plugins opening this kind of content should be disabled. If disabling is not an option, the attachments in an email or outside team internal communication tool should be opened securely and never using the productivity applications themselves. Secure open methods include opening the file in a web-based viewer, web email preview or otherwise sandboxed tool. Furthermore, a safe version of a desktop productivity suite, which is preferably an up-to-date open source tool, should be used.
Applies for: Everyone
Related incidences:
Links: