Articles for November 2017

Colbalt malware uses legitimate penetration tools to gain access to large swathes of infected systems — but a patch is available.

Source: Hackers are exploiting Microsoft Word vulnerability to take control of PCs | ZDNet

The leak marks at least the fifth exposure of NSA-related data in as many years.

Source: Exclusive: NSA hit by yet another leak

You should be extra careful when opening files in MS Office.

When the world is still dealing with the threat of ‘unpatched’ Microsoft Office’s built-in DDE feature, researchers have uncovered a serious issue with another Office component that could allow attackers to remotely install malware on targeted computers.

The vulnerability is a memory-corruption issue that resides in all versions of Microsoft Office released in the past 17 years, including Microsoft Office 365, and works against all versions of Windows operating system, including the latest Microsoft Windows 10 Creators Update.

Read more here.

Seems that Russian has the same problem with it’s journalists that we do… they don’t check any facts or run down any sources.  A video game… that’s about as good as North Korea using footage from Top Gun to show their new war planes.

Russia’s Ministry of Defense has provoked a torrent of mockery from its own followers after it published “irrefutable evidence” that the U.S. is in league with the Islamic State militant group (ISIS) that turned out to be footage from a 2015 video game. Russia, which has backed Bashar al-Assad during

Source: Russia’s ‘Evidence’ That the U.S. Is Helping ISIS Is Footage From a 2015 Computer Game

Nothing is free in this world.

If you are searching for free hacking tools on the Internet, then beware—most freely available tools, claiming to be the swiss army knife for hackers, are nothing but a scam.

For example, Cobian RAT and a Facebook hacking tool that we previously reported on The Hacker News actually could hack, but of the one who uses them and not the one you desire to hack.

Now, a security researcher has spotted another hacking tool—this time a PHP script—which is freely available on multiple popular underground hacking forums and allows anyone to find vulnerable internet-connected IP Cameras running the vulnerable version of GoAhead embedded web-server.

Read more here.

A new phishing campaign uses invoices and other lures in order to trick victims into downloading malicious software.

Source: This phishing attack pretends to come from someone you trust | ZDNet

So, basically, throw out your old computer and buy something new.  Seems like a crappy recommendation to those of us with expensive hardware that is only a year old.

Microsoft has published a new standard for creating a very secure Windows 10 machine.

Source: Windows 10: If you want a highly secure device, follow these rules, says Microsoft | ZDNet

Some 22 percent of businesses in Singapore use paper-based logbooks to manage privileged account passwords, while 55 percent monitor only some privileged accounts or not at all.

Source: One in five Singapore firms use paper to manage privileged passwords | ZDNet

Felismus malware deployed to steal documents and carry out surveillance on government foreign policy in a previously unknown campaign.

Source: This stealthy cat-and-mouse hacking campaign aims to steal diplomatic secrets | ZDNet

Can you say, “…screw the little guy…”

It’s long been impossible to imagine a family budget that doesn’t include line items like electricity, gas, and groceries.  Today, it’s impossible to omit digital communications services like cable or satellite TV and high-speed broadband — both in your home and on your phone. The typical American

Source: The merger between AT&T and Time Warner is a raw deal for the rest of us