Fake Font Update on Google Chrome Uses Social Engineering to Infect Users with Ransomware

Friday, February 24th, 2017

We’ve seen social engineering attacks manipulate users time and time again. From phishing emails, to baiting attempts – this breed of cyberthreat has continued to manipulate users for years. And now a new scam has emerged that utilizes a fake update on Google Chrome to trick users into downloading and ...

This ‘invisible’ memory-based malware is infiltrating organisations across the globe

Thursday, February 9th, 2017

Cybercriminals are launching 'invisible' attacks to infiltrate the networks of organisations to steal login credentials and financial data -- and the only tool they're using is legitimate software. It's thought that over 140 organisations including banks, telecommunications companies, and government organisations across the globe have fallen victim to these hidden malware ...

Mozilla and Tor release urgent update for Firefox 0-day under active attack

Wednesday, November 30th, 2016

Developers with both Mozilla and Tor have published browser updates that patch a critical Firefox vulnerability being actively exploited to deanonymize people using the privacy service. "The security flaw responsible for this urgent release is already actively exploited on Windows systems," a Tor official wrote in an advisory published Wednesday afternoon. ...

Moving Beyond EMET

Thursday, November 3rd, 2016

Microsoft’s Trustworthy Computing initiative was 7 years old in 2009 when we first released the Enhanced Mitigation Experience Toolkit (EMET). Despite substantial improvements in Windows OS security during that same period, it was clear that the way we shipped Windows at the time (3-4 years between major releases) was simply ...

Google warns of actively exploited Windows zero-day

Tuesday, November 1st, 2016

Google has disclosed to the public the existence of a Windows zero-day vulnerability (CVE-2016-7855) that is being actively exploited in the wild. According to Neel Mehta and Billy Leonard, of the Google Threat Analysis Group, it’s a local privilege escalation in the Windows kernel that can be used as a security ...