Latest World News. Find every day short and brief information composed of titles and subtitles and continue reading if interested.
Enlarge / A screenshot of the malicious Excel document spreading a Flash zeroday. (credit: Talos) An increasingly sophisticated hacking group is exploiting a zero-day vulnerability in Adobe’s Flash Player that lets them take full control of infected machines, researchers said Friday. The critical, use-after-free vulnerability, which is indexed as CVE-2018-4877, resides in the latest version […]
Attackers have used an advanced new strain of the Mirai Internet-of-things malware to quietly amass an army of 100,000 home routers that could be used at any moment to wage Internet-paralyzing attacks, a researcher warned Monday. Botnet operators have been regularly releasing new versions of Mirai since the source code was openly published 14 months […]
(credit: Koichi Taniguchi) There’s a vulnerability in High Sierra and earlier versions of macOS that allows rogue applications to steal plaintext passwords stored in the Mac keychain, a security researcher said Monday. That’s the same day the widely anticipated update was released. The Mac keychain is a digital vault of sorts that stores passwords and […]
Enlarge / The WSDL parser, where the zero-day was located. (credit: FireEye) On Tuesday, Microsoft patched a previously unknown vulnerability that researchers say was actively exploited by an undisclosed nation to install surveillance malware on one or more vulnerable computers. The exploit, according to a blog post published Tuesday by security firm FireEye, was embedded […]
Enlarge / Gambling. (credit: Jamie Adams) The mysterious group that over the past nine months has leaked millions of dollars’ worth of advanced hacking tools developed by the National Security Agency said Tuesday it will release a new batch of tools to individuals who pay a $ 21,000 subscription fee. The plans, announced in a […]
Cisco Systems has patched a critical flaw that even novice hackers could exploit using Central Intelligence Agency attack tools that were recently leaked to the Internet. As previously reported, the zero-day exploit allowed attackers to issue commands that remotely execute malicious code on 318 models of Cisco switches. The attack code was published in early […]
Enlarge / An identical artifact in two exploits, one installing Finspy and the other Latenbot. (credit: FireEye) A critical Microsoft Word zero-day that was actively exploited for months connected two strange bedfellows, including government-sponsored hackers spying on Russian targets and financially motivated crooks pushing crimeware. That assessment, made Wednesday with “moderate confidence” from researchers at […]
Enlarge / A sample e-mail from Dridex campaign exploiting Microsoft Word zero-day. (credit: Proofpoint) Booby-trapped documents exploiting a critical zeroday vulnerability in Microsoft Word have been sent to millions people around the world in a blitz aimed at installing Dridex, currently one of the most dangerous bank fraud threats on the Internet. As Ars reported […]
(credit: Rob Enslin) There’s a new zeroday attack in the wild that’s surreptitiously installing malware on fully-patched computers. It does so by exploiting a vulnerability in most or all versions of Microsoft Word. The attack starts with an e-mail that attaches a malicious Word document, according to a blog post published Saturday by researchers from […]
Enlarge (credit: Jonny Hunter) As the second Tuesday of the month, Valentines Day should have been a day for patches in addition to lovers; there’s a known and widely publicized crashing flaw in Microsoft’s SMB file-sharing protocol, and a fix for this bug (and, no doubt, several others) is widely anticipated. A few hours before […]
