Friday, March 14, 2025
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

exploit

QuickHealSecurity
admin

Malspam campaigns exploiting recent MS Office vulnerability ‘CVE-2017-11882’

Credit to Author: Aniruddha Dolas| Date: Mon, 05 Feb 2018 10:12:34 +0000

No wonder malspam campaigns are a major medium to spread malware. Previously, we have written about such campaigns making use of MS Office malware such as malicious macro CVE-2017-0199, CVE-2017-8759 and DDE-based attack. Recently, we have started observing various malspam campaigns exploiting the latest MS Office vulnerability CVE-2018-11882. Let’s take a…

Read More
QuickHealSecurity
admin

CVE-2018-4878 – Adobe Flash Player use after free (Zero Day) vulnerability Alert!

Credit to Author: Pradeep Kulkarni| Date: Sat, 03 Feb 2018 09:39:38 +0000

The recent zero-day vulnerability CVE-2018-4878 in Adobe Flash Player enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSA18-01 on February 2, 2018 to address this issue. According to Adobe the in wild attack is targeted and it impacts limited windows users….

Read More
MalwareBytesSecurity
admin

Use TeamViewer? Fix this dangerous permissions bug with an update

Credit to Author: Malwarebytes Labs| Date: Wed, 06 Dec 2017 19:42:54 +0000

A potentially dangerous permissions bug in TeamViewer grants unauthorised access to either the client or the server—and patches may take up to a week to fully roll out.

Categories:

Tags:

(Read more…)

The post Use TeamViewer? Fix this dangerous permissions bug with an update appeared first on Malwarebytes Labs.

Read More
QuickHealSecurity
admin

An emerging trend of DDE based Office malware – an analysis by Quick Heal Security Labs

Credit to Author: Aniruddha Dolas| Date: Wed, 06 Dec 2017 09:27:30 +0000

For the past few years, we have been seeing macro-based attacks through Object Linking Embedding (OLE)/Microsoft Office files. But, presently, attackers are using a different technique to spread malware through Office files – using a new attack vector called ‘Dynamic Data Exchange (DDE)’. DDE is an authorized Microsoft Office feature that provides several methods for transferring data between applications. Once the communication protocol is established, it doesn’t require user interactions…

Read More
SecuritySophos
admin

Microsoft Office DDE zero-day: are you protected?

Credit to Author: Bill Brenner| Date: Fri, 13 Oct 2017 20:15:34 +0000

Microsoft Office DDE zero-day enables attacks without using macros.<img alt=”” border=”0″ src=”https://pixel.wp.com/b.gif?host=news.sophos.com&#038;blog=834173&#038;post=43455&#038;subd=sophos&#038;ref=&#038;feed=1″ width=”1″ height=”1″ /><img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/lPxny4w09gk” height=”1″ width=”1″ alt=””/>

Read More
MalwareBytesSecurity
admin

Fake IRS notice delivers customized spying tool

Credit to Author: Jérôme Segura| Date: Thu, 21 Sep 2017 15:00:24 +0000

Threat actors leverage a Microsoft Office exploit to spy on their victims. In this blog post, we will review its delivery mechanism and analyze the malware we observed, a modified version of a commercial Remote Administration Tool (RAT).

Categories:

Tags:

(Read more…)

The post Fake IRS notice delivers customized spying tool appeared first on Malwarebytes Labs.

Read More