Dridex, the latest descendent of the banking Trojan lineage has been a constant source of attacks using the malware since its release in July. To date, Dridex has centered on sending executable attachments via e-mail.
That seems to have changed this week, as we’ve seen a tactical shift to sending those executable attachments via Microsoft Word documents loaded with macros that download and execute the malware. Like its precursors, Dridex is a sophisticated Banking Trojan, similar to the infamous Zeus malware. Its core functionality is to steal credentials of online banking websites and allow a criminal to use those credentials to initiate transfers and steal funds.
Read moreMicrosoft is aware of a vulnerability affecting all supported releases of Microsoft Windows, excluding Windows Server 2003. The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object.
An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. The attack requires user interaction to succeed on Windows clients with a default configuration.
Read moreChinese authorities are attacking users who are connecting to Apple's iCloud website in what appears to be a surveillance push to steal users' login credentials, according to a Chinese censorship monitoring group.
After the new iPhone 6 went on sale in China, connections to iCloud.com were hijacked and stripped of the usual encryption that prevents hackers and government spies from intercepting the username and password typed by someone connecting to the site. This is another example of what is technically known as a "man-in-the-middle" (MITM) attack. China has been accused of intercepting connections with a MITM attack against Github, Google, and, more recently, Yahoo.
Read moreA highly advanced adversary dubbed Hurricane Panda is targeting major infrastructure companies with a zero-day exploit—and it has been since last spring. The timestamp of the attack suggests that the vulnerability has been actively exploited in the wild for at least five months.
CrowdStrike first detected suspicious activity on a 64-bit Windows Server 2008 R2 machine that was attributed to a compromise by the group. It uncovered that the attacks begin with compromising web servers and deploying Chopper webshells, and then escalating privileges using the newly discovered Local Privilege Escalation tool, which exploits a previously unknown vulnerability.
Read moreThe reason why Microsoft has launched Windows Technical Preview is the collection of user feedback, in order to issue a new final Windows 10 version, which is planned to release in 2015.
Windows 10 beta version asks to register in Windows Insider Program and then a user must send the reviews about the new system at a specific time. But as it turned out they are not interested in your mind only. If you read the rules of Windows Insider Program attentively, we can see that Microsoft is interested not only in your point of view. With the help of Windows Technical Preview, Microsoft collects information about...
Read moreSecurity researcher Will Dormann of the US Computer Emergency Response Team (CERT) has reported this week that over 350 apps from the Google Play and Amazon App stores have been compromised due to a flaw that fails to validate certificates over a secure socket layer.
The bug, which opens up many popular mobile applications such as the eBay mobile shopper and the Microsoft Tech Companion to fairly rudimentary man-in-the-middle attacks, has been tracked and logged by the CERT team for only about a week now. But instead of waiting the standard 45-days to silently communicate the problem to the affected companies in order to give them a chance to get out in front of the issue with appropriate patches.
Read moreChina is looking to launch its own operating system, an initiative that the government reportedly hopes will make its information systems more secure. Ni Guangnan, of the Chinese Academy of Engineering, the country's state-run engineering arm, says the new Chinese operating system could be launched as early as October.
Details regarding the underpinnings of the operating system have yet to be revealed, but the move was reportedly spurred by the end of support of Windows XP and the ban on Windows 8 in China. The government also launched an anti-monopoly probe against Microsoft earlier this year.
Read moreGoogle’s handling of “right to be forgotten” requests from European citizens will come under fire from the continent’s privacy watchdogs on Thursday, after the search engine restricted the removal of Internet links to European sites only.
European data protection authorities are meeting representatives of Google, Microsoft, which operates the Bing search engine, and Yahoo to discuss the implementation of the landmark ruling from Europe’s top court upholding people’s right to request that outdated links be removed from Internet search results. European Union privacy watchdogs have several concerns on the way the ruling, which has pitted privacy advocates against free speech defenders, is being implemented, particularly by Google, according to a person familiar with the matter.
Read moreOver six weeks after Google launched their form for Europeans who want to make their Right To Be Forgotten request, Microsoft Bing has launched theirs over here.
The form does differ from Google’s but both Google and Bing, as well as other search engines, have the obligation to follow the mandate and review each request submitted to them. The form gives Microsoft enough details to make a decision on if they will remove content from their search listings or leave it, based on the EU mandate established about two months ago. If you are a European resident and want to request that Microsoft block search results on Bing in response to searches on your name, please use this form.
Read moreState experts believe that the operating system is used to grab data about Chinese citizens.
Chinese experts have prepared a state-backed news report that Microsoft’s Windows 8 has been branded a threat to China’s cybersecurity. The report was prepared by China’s CCTV specialists and Chinese government supports them completely.China’s CCTV broadcast a strongly critical story in which experts suggested Windows 8 was being used to grab data about Chinese citizens. It should be recalled that only days after China banned the use of Windows 8 on many government computers.“Microsoft would no longer open its Windows 8 source code to the Chinese government.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland