Booby-trapped Word documents in the wild exploit critical Microsoft 0day

Saturday, April 8th, 2017

There's a new zeroday attack in the wild that's surreptitiously installing malware on fully-patched computers. It does so by exploiting a vulnerability in most or all versions of Microsoft Word. The attack starts with an e-mail that attaches a malicious Word document, according to a blog post published Saturday by researchers ...

Fake Font Update on Google Chrome Uses Social Engineering to Infect Users with Ransomware

Friday, February 24th, 2017

We’ve seen social engineering attacks manipulate users time and time again. From phishing emails, to baiting attempts – this breed of cyberthreat has continued to manipulate users for years. And now a new scam has emerged that utilizes a fake update on Google Chrome to trick users into downloading and ...

This ‘invisible’ memory-based malware is infiltrating organisations across the globe

Thursday, February 9th, 2017

Cybercriminals are launching 'invisible' attacks to infiltrate the networks of organisations to steal login credentials and financial data -- and the only tool they're using is legitimate software. It's thought that over 140 organisations including banks, telecommunications companies, and government organisations across the globe have fallen victim to these hidden malware ...

Mozilla and Tor release urgent update for Firefox 0-day under active attack

Wednesday, November 30th, 2016

Developers with both Mozilla and Tor have published browser updates that patch a critical Firefox vulnerability being actively exploited to deanonymize people using the privacy service. "The security flaw responsible for this urgent release is already actively exploited on Windows systems," a Tor official wrote in an advisory published Wednesday afternoon. ...

Moving Beyond EMET

Thursday, November 3rd, 2016

Microsoft’s Trustworthy Computing initiative was 7 years old in 2009 when we first released the Enhanced Mitigation Experience Toolkit (EMET). Despite substantial improvements in Windows OS security during that same period, it was clear that the way we shipped Windows at the time (3-4 years between major releases) was simply ...