Security News
Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware. In a new report by HP Wolf Security, researchers illustrate how PDFs are being used as a transport for documents with malicious macros that download and install information-stealing malware on victim's machines.
Security researchers have devised a tool that detects flaws in the way apps like Microsoft Word and Adobe Acrobat process JavaScript, and it's proven so effective they've found 134 bugs - 59 of them considered worthy of a fix by vendors, 33 assigned a CVE number, and 17 producing bug bounty payments totaling $22,000. Making that happen requires the PDF both to define native PDF objects and to parse JavaScript code.
While the details vary by service, the concept is basically the same: you remain responsible for maintaining general security hygiene, ensuring the cloud security controls are properly configured, and protecting your data on the system. Over the course of two decades, cloud computing has transformed the way people use the internet for work and play.
A researcher has demonstrated how he was able to successfully recover text that had been redacted using the pixelation technique. Further, the researcher has released a GitHub tool that can be used by anyone to reconstruct text from obscure, pixelated images.
Why? Hackers are able to use image steganography techniques to conduct malicious activity and ultimately compromise enterprise networks. What is image steganography? Image steganography is the practice of using hidden writing techniques to secretly pass information embedded within images.
88% of malware was delivered by email into users' inboxes, in many cases having bypassed gateway filters. Delivery-themed lures tempting users into letting the RATs in: A new Office malware builder called APOMacroSploit was used to target victims in delivery-themed spam campaigns, tricking them into opening weaponized XLS attachments, ultimately leading to the BitRAT remote access Trojan being deployed on their computers.
Last week, we argued over whether or not the media, including El Reg, should stop using the word hacker as a pejorative. The original meaning of hacker and hacking, in the context of computing, didn't denote criminality nor ill-intent, and referred to an avoidance of a standard solution.
Starting next month, Microsoft Word for Windows will include a new predictive typing feature that automatically suggests new words to use as you are typing. The new feature is called 'Text Prediction,' and Microsoft states that it will go live for all Word for Windows users starting March 2021.
A war of words has erupted between the National Police Chiefs' Council and a British web security pro after a senior cop declared it would be "a waste of public money" to keep discussing security flaws in the body's Cyberalarm product. Paul Moore says he uncovered what he described as a number of serious flaws in Cyberalarm, a distributed logging and monitoring tool intended to be deployed by small public-sector organisations.
New research from CyberNews.com analyzed 15.2 billion passwords based on term categories, with only 2.2 billion being considered "Unique." People, the data showed, choose passwords based, obviously, on what they think they can remember, but can be deciphered by hackers based on the creator, patterns, and personality. About 7% of passwords were either curse words or sex-related.