A security advisory published by Microsoft on Wednesday provides information on how users can protect themselves against recent attacks abusing the Dynamic Data Exchange (DDE) protocol. DDE is designed for data exchanges between Office and other Windows applications. Researchers warned recently that the way DDE fields are processed could be abused by hackers to create […]
Bucharest – DefCamp 2017- Intrusion detection system (IDS) signatures can be used as an evasion technique to bypass the IDS itself, a security researcher claims. During a presentation at the DefCamp 2017 security conference in Bucharest, Romania, Kirill Shipulin, a security researcher atPositive Technologies, explained that available IDS signatures can be turned against the system […]
Oracle informed customers on Friday that its Identity Manager product is affected by a critical vulnerability that can be easily exploited by malicious actors. Part of the company’s Oracle Fusion Middleware offering, Identity Manager is an enterprise identity management system that automatically manages user access privileges across all of the organization’s resources. Oracle Identity Manager […]
Researchers at Cisco Talos have discovered three vulnerabilities in Apache OpenOffice that can be exploited by malicious actors for remote code execution using specially crafted document files. Talos has classified the flaws as “high severity” with a CVSS score of 8.3, but the open source software’s developers have assigned them a severity rating of only […]
The number of attacks aimed at websites has increased considerably in the past months, according to a new report published on Monday by SiteLock. SiteLock’s Website Security Insider report, which is based on the analysis of more than 6.3 million sites, shows that there were, on average, 63 attack attempts per day on websites in […]
Microsoft’s Patch Tuesday updates for October 2017 address a total of 62 vulnerabilities, including a critical Office zero-day flaw that has been exploited in targeted attacks. The actively exploited vulnerability, tracked as CVE-2017-11826 and classified by Microsoft as “important,” is caused by a memory corruption issue. It allows a remote attacker to execute arbitrary code […]
There is a discrepancy between the frequency and thoroughness of Apple’s Mac Operating System (OS X) and app security updates, and updates for the underlying firmware (EFI) on Mac computers. Researchers have found that on a sample of 73,324 Macs deployed in production settings, 4.2% are running outdated EFI — leaving them potentially vulnerable to […]
Siemens has started releasing patches to address a high severity access control vulnerability that can be exploited to remotely hack some of its industrial communications devices. The flaw, discovered by Siemens itself and tracked as CVE-2017-12736, affects SCALANCE X industrial ethernet switches, and Ruggedcom switches and serial-to-ethernet devices running the Rugged Operating System (ROS). The […]
A notorious hacking firm, probably best described as greyhats rather than white or blackhats, briefly breached the PlayStation Facebook and Twitter accounts on Sunday. OurMine, a Saudi-based security firm, specializes in breaching high-profile accounts in order to advertise its ‘prowess’ and sell its security services. Yesterday, it got into PlayStation’s Twitter and Facebook accounts, and […]
Touchscreens and other components that are often replaced in smartphones and tablets can hide malicious chips capable of giving attackers complete control over the device, warned researchers at the Ben-Gurion University of the Negev. Researchers conducted their experiments on two Android devices: a Huawei Nexus 6P smartphone which uses a touchscreen controller from Synaptics, and […]
