Security News

PDF smuggles Microsoft Word doc to drop Snake Keylogger malware
2022-05-22 16:15

Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware. In a new report by HP Wolf Security, researchers illustrate how PDFs are being used as a transport for documents with malicious macros that download and install information-stealing malware on victim's machines.

Researchers find 134 flaws in the way Word, PDFs, handle scripts
2022-05-13 07:54

Security researchers have devised a tool that detects flaws in the way apps like Microsoft Word and Adobe Acrobat process JavaScript, and it's proven so effective they've found 134 bugs - 59 of them considered worthy of a fix by vendors, 33 assigned a CVE number, and 17 producing bug bounty payments totaling $22,000. Making that happen requires the PDF both to define native PDF objects and to parse JavaScript code.

The two words you should never forget when you’re securing a cloud
2022-04-14 05:30

While the details vary by service, the concept is basically the same: you remain responsible for maintaining general security hygiene, ensuring the cloud security controls are properly configured, and protecting your data on the system. Over the course of two decades, cloud computing has transformed the way people use the internet for work and play.

Researcher 'reverses' redaction, extracts words from pixelated image
2022-02-16 11:45

A researcher has demonstrated how he was able to successfully recover text that had been redacted using the pixelation technique. Further, the researcher has released a GitHub tool that can be used by anyone to reconstruct text from obscure, pixelated images.

A picture is worth a thousand words, but to hackers, it’s worth much more
2021-05-10 04:45

Why? Hackers are able to use image steganography techniques to conduct malicious activity and ultimately compromise enterprise networks. What is image steganography? Image steganography is the practice of using hidden writing techniques to secretly pass information embedded within images.

Years-old MS Office, Word flaws most exploited to deliver malware
2021-03-18 04:30

88% of malware was delivered by email into users' inboxes, in many cases having bypassed gateway filters. Delivery-themed lures tempting users into letting the RATs in: A new Office malware builder called APOMacroSploit was used to target victims in delivery-themed spam campaigns, tricking them into opening weaponized XLS attachments, ultimately leading to the BitRAT remote access Trojan being deployed on their computers.

So it appears some of you really don't want us to use the word 'hacker' when we really mean 'criminal'
2021-03-09 11:00

Last week, we argued over whether or not the media, including El Reg, should stop using the word hacker as a pejorative. The original meaning of hacker and hacking, in the context of computing, didn't denote criminality nor ill-intent, and referred to an avoidance of a standard solution.

Microsoft Word for Windows is finally getting predictive typing
2021-02-22 21:22

Starting next month, Microsoft Word for Windows will include a new predictive typing feature that automatically suggests new words to use as you are typing. The new feature is called 'Text Prediction,' and Microsoft states that it will go live for all Word for Windows users starting March 2021.

Bitter war of words erupts between UK cops and web security expert over alleged flaws in Cyberalarm monitoring tool
2020-12-09 09:30

A war of words has erupted between the National Police Chiefs' Council and a British web security pro after a senior cop declared it would be "a waste of public money" to keep discussing security flaws in the body's Cyberalarm product. Paul Moore says he uncovered what he described as a number of serious flaws in Cyberalarm, a distributed logging and monitoring tool intended to be deployed by small public-sector organisations.

Most used passwords for 2020: The internet's favorite curse word, name, food, and team
2020-12-04 17:38

New research from CyberNews.com analyzed 15.2 billion passwords based on term categories, with only 2.2 billion being considered "Unique." People, the data showed, choose passwords based, obviously, on what they think they can remember, but can be deciphered by hackers based on the creator, patterns, and personality. About 7% of passwords were either curse words or sex-related.