FireEye issues guidance on locking down Outlook, claiming that security researchers, at least, are able to work around the patch issued by Microsoft. A 2-year-old vulnerability in Microsoft Outlook continues to cause headaches for companies, as attackers are able to use a specific feature of the program to execute code and persist on previously infected
Crashing honeypots alerted the researcher who found the Bluekeep vulnerability. Bluekeep, a remote code execution vulnerability in Microsoft’s Remote Desktop Services, has been exploited in the wild. The vulnerability, designated CVE-2019-0708, was discovered earlier this year and patched in May. The critical vulnerability was considered so significant that Microsoft took the unusual step of issuing
A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets. “People make mistakes” is a common and relatable phrase, but it’s also a malicious one in the hands of cybercriminals, more of whom are exploiting simple human errors to launch successful attacks. The Information Security Forum (ISF) explored the topic in “Human-Centered
As new Internet of Things products enter the market, speed shouldn’t trump concerns about security. Microsoft made news recently at the annual Black Hat conference in Las Vegas, generating a lot of buzz about its discovery of a malicious Russian hacker group using common Internet of Things (IoT) devices to carry out widespread attacks on
Proof-of-concept, which allows remote code execution, is latest to exploit Dynamic Data Exchange (DDE) and is another reminder why organizations must ensure Office settings are secure. Organizations now have one more reason to pay attention to the security settings of their Microsoft Office applications. Researchers at Mimecast have developed a working proof of concept that
Early information suggests threat actors gained access to the managed service provider’s remote monitoring and management tools and used them to attack the firm’s clients. For the second time in the past few months, systems belonging to customers of a managed service provider have been hit with ransomware because of what may have been a
Data from routines intended to calibrate motion sensors can identify individual iOS and Android devices in a newly released exploit. Attackers can use some of the mechanisms around sensors in smartphones to track devices around the Internet with no special permissions or escalations required, according to researchers. SensorID – the name researchers Jiexin Zhang, Alastair R.
Criminals are taking advantage of Gmail’s ‘dots don’t matter’ feature to set up multiple fraudulent accounts on websites, using variations of the same email address, Agari says. Some cybercriminals are taking advantage of a long-standing feature in Google Gmail designed to enhance account security, to create multiple fraudulent accounts on various websites quickly and at