Microsoft Patches Office, IE Flaws Exploited in Attacks
Microsoft’s security updates for April 2017 address more than 40 critical, important and moderate severity vulnerabilities, including three zero-day flaws that have been exploited in attacks. read more more…Microsoft patches Word zero-day booby-trap exploit
All versions of Office on all versions of Windows are vulnerable to this zero-day that spreads malware, so make sure you patch quickly more…Dridex Attacks Exploit Recent Office 0-Day
A recently revealed zero-day vulnerability in Microsoft Office is being exploited by the Dridex banking Trojan to compromise unsuspecting victims’ computers, Proofpoint security researchers warn. read more more…Dridex gang uses unpatched Microsoft Word exploit to target millions
The gang behind the Dridex computer trojan has adopted an unpatched Microsoft Word exploit and used it to target millions of users. The exploit’s existence was revealed Friday by security researchers from antivirus vendor McAfee, but targeted attacks using it have been happening since January. After McAfee’s limited public disclosure, researchers from FireEye confirmed having […] more…Latest Shadow Brokers exploit dump poses little threat
A group of hackers that has been trying to sell exploits and malware allegedly used by the U.S. National Security Agency decided to make the data available for free over the weekend. The security community was expecting the password-encrypted archive that the Shadow Brokers group unlocked Saturday to contain previously unknown and unpatched exploits — […] more…Email-based attacks exploit unpatched vulnerability in Microsoft Word
Attackers have been exploiting an unpatched vulnerability in Microsoft Word for the past few months to compromise computers and infect them with malware. The first report about the attacks came Friday from antivirus vendor McAfee after the company’s researchers analyzed some suspicious Word files spotted a day earlier. It turned out that the files were […] more…Critical Office Zero-Day Exploited in Attacks
An unpatched critical vulnerability in Microsoft Office is being exploited by malicious actors to achieve full code execution on target machines, McAfee and FireEye security researchers warn. read more more…Shadow Brokers Release More NSA Exploits
The hacker group calling itself “Shadow Brokers” has released another round of exploits and tools allegedly used by the NSA-linked threat actor “Equation Group,” along with a message to U.S. President Donald Trump. read more more…Booby-trapped Word documents in the wild exploit critical Microsoft 0day
There’s a new zeroday attack in the wild that’s surreptitiously installing malware on fully-patched computers. It does so by exploiting a vulnerability in most or all versions of Microsoft Word. Tags: Security more…Apache Struts 2 exploit used to install ransomware on servers
Attackers are exploiting a vulnerability patched last month in the Apache Struts web development framework to install ransomware on servers. The SANS Internet Storm Center issued an alert Thursday, saying an attack campaign is compromising Windows servers through a vulnerability tracked as CVE-2017-5638. The flaw is located in the Jakarta Multipart parser in Apache Struts […] more…UEFI flaws can be exploited to install highly persistent ransomware
Over the past few years, the world has seen ransomware threats advance from living inside browsers to operating systems, to the bootloader, and now to the low-level firmware that powers a computer’s hardware components. Earlier this year, a team of researchers from security vendor Cylance demonstrated a proof-of-concept ransomware program that ran inside a motherboard’s […] more…AKBuilder, Microsoft Word Intruder exploiting Office RTF vulnerability
If you haven’t applied the latest patches to Microsoft Office, now is the time to do so – and while you’re at it, check that you’re not running Office with admin rights more…Google’s Android hacking contest fails to attract exploits
Six months ago, Google offered to pay US$200,000 to any researcher who could remotely hack into an Android device by knowing only the victim’s phone number and email address. No one stepped up to the challenge. While that might sound like good news and a testament to the mobile operating system’s strong security, that’s likely […] more…Potent LastPass exploit underscores the dark side of password managers
Developers of the widely used LastPass password manager are scrambling to fix a serious vulnerability that makes it possible for malicious websites to steal user passcodes and in some cases execute malicious code on computers running the program. Tags: Industry News more…Apple: Macs and iPhones are safe from newly revealed CIA exploits
The Mac and iPhone exploits described in new documents attributed to the U.S. Central Intelligence Agency were patched years ago, according to Apple. WikiLeaks released a new set of files Thursday that supposedly came from the CIA. They contain details about the agency’s alleged malware and attack capabilities against iPhones and Mac computers. The documents, […] more…Windows Zero-Day Exploited by AdGholas, Neutrino EK
One of the Windows zero-day vulnerabilities patched by Microsoft this month has been exploited by cybercriminals since last summer, Trend Micro said on Friday. read more more…More information
- DLL Hijacking Flaw Impacts Symantec Endpoint Protection
- Known Error impacting Adobe ETLA products, Investigation Underway
- Firefox’s Private Relay service tests anonymous email alias feature
- Are you ready for International Kill A Zombie Day, 2012?
- Anthropic’s Claude Opus 4.5 pricing cut signals a shift in the enterprise AI market
- Acai Berry scammers $2 million lighter after FTC settlement
- The Web’s 10 shadiest neighborhoods
- Google used Microsoft’s monopoly playbook to crush Bing — now Microsoft cries foul
- Black Hat panel: Which do you trust less with your data, the U.S. government or Google?
- Microsoft Patch Tuesday: Critical Spoofing and Remote Code Execution Flaws