Tag Archive for: hacking

Microsoft warns Windows users of hacking attack through MS Office, shares tips on how to be safe

/in




a screen shot of an open laptop computer sitting on top of a table


Those using any version from Windows 7 to Windows 10 are at risk of a cyber-attack that uses malicious Office files. Exploiting a security loophole, attackers are able to download malware onto a victim’s computer through corrupt Office files. Microsoft has now acknowledged the security risk in a recent report and is investigating it.

In its report, Microsoft acknowledged the vulnerability to be a level – 0, meaning that it is being actively exploited by attackers and is considered as a “highest priority” risk for the users. As for what it is, the security risk lies with Microsoft HTML that allows remote code execution by an attacker.

This works because an attacker can share a specially crafted Microsoft Office file with a potential target. These files contain a malicious ActiveX control and automatically open the attacker’s web page on Internet Explorer. Once opened, the website downloads malware onto the victim’s computer.

Therefore, all an attacker has to do is convince the user to open the malicious document. Since these documents are Office files like Word or Excel, users can easily get tricked into opening them, assuming they have something important to share. Microsoft explains that users whose accounts have fewer user rights on the system could be less impacted, but users who operate with administrative user rights can have major implications from an attack.

The vulnerability has been termed CVE-2021-40444. In its report, Microsoft notes that the risk runs on all Windows Servers from 2008 and on all Windows versions from 7 to 10.

Microsoft is currently investigating the reports of the vulnerability and its exploitation and is yet to roll out a security patch. However, it shares some mitigation methods to prevent an attack that exploits the vulnerability.

It mentions that Microsoft Defender Antivirus and Microsoft Defender for Endpoint can both detect and prevent the said attack. It advises users to keep them updated and running. For those users who have automatic updates enabled need not worry.

It also explains that Microsoft Office opens documents from the internet in Protected View or Application Guard for Office by default. Both the applications can…

Source…

American View: New Texas Legislation Encourages Hacking, Extortion, and Intimidation

/in


Texas recently did something catastrophically ill-advised on 1st September 2021. No, I’m not talking about making it illegal to discuss America’s history of racism and how it affected (and still affects) law, society, and justice. That was idiotic and makes us look like terrified bigots on the international stage. I’m also not talking about Texas making it legal for everyone to stroll around in public with loaded firearms even if they have no idea how to use them safely or properly whilst also being violent, unhinged, and/or committed to overthrowing the government. That, too, was staggeringly imprudent and will scare off tourists, transplants, and new corporate headquarters. Those self-owns were fully on-brand for Texas’s burn-in-all-down politicians but are dreary topics for another time.

No, today I want to talk about the inevitable ramifications of Texas making all abortion procedures illegal after six weeks from gestation – effectively ending legal abortion in Texas – while empowering private citizens to rat out their friends, family, co-workers, and neighbours that they believe had an abortion. But wait, there’s mote! Under the new law, private citizens are allowed to “turn in” literally anyone else they believe helped a pregnant woman get an abortion … even if it waws just to find a clinic’s phone number, get a ride, or buy painkillers … and get a $10,000 (about € 8,200) cash pay-out as a reward for being a volunteer state snitch.

That right there was some world class political hubris. The point of Texas’s blatantly unconstitutional legislation was to get the inevitable challenge to it taken up by the Supreme Court so that Roe vs. Wade, the landmark case that made abortion legal across the USA, could finally be overturned. It worked: on 1st September, the underqualified justices that the previous president packed into the court refused to hear the appeal, allowing Texas’s new law to stand.

To be clear, I’m not interested into getting into a faux debate with the attention addicted social media crowd on either side of the abortion issue. Chanting slogans and levying death threats isn’t my thing. As a security awareness person,…

Source…

Hacking attack on website as Bulgaria’s 2021 census gets underway

/in


A hacking attack disrupted the website of Bulgaria’s 2021 census as the online phase of the process began on September 7, the National Statistical Institute said.

“We expect such attacks and we have taken action. This attack is a good test of the security system we have built. Most likely, such attacks are not even malicious, but an opportunity for someone to show off their ability to fight such systems,” the National Statistical Institute said.

From September 7 until midnight on September 17, residents of Bulgaria may participate in the census by filling in an online form.

The second stage is from September 18 to October 3, when enumerators will visit households, between 8am and 8pm.

A warning has been issued that enumerators will not visit homes between September 7 and 17, and anyone claiming to be one during this time is likely a fraudster.

Failure to participate in the census means a fine of 160 leva (about 80 euro).

The deputy head of the National Statistical Institute, Diana Yancheva, said that everyone in Bulgaria who usually resides in the country must participate in the census. “We do not care whether they are Bulgarian or foreign citizens, they will have to be counted,” she said.

Caretaker Deputy Prime Minister Atanas Pekanov called on the public to participate in the census online, as this was easier and safer given the Covid-19 pandemic.

Enumerators are obliged to visit every household, even those who have participated online. However, such visits may be avoided by posting on your door the unique 15-digit code that the system will generate when the electronic form is filled in correctly.

You should have your Bulgarian identity documents to hand when you prepare to participate online. To register, you must have a valid e-mail address, and provide your personal identity number, and the number and date of issue of your identity document.

You will receive a verification link at the e-mail address, which – as often happens in such cases – can go directly to the spam folder, so if you do…

Source…

Hacker Explains One Concept in 5 Levels of Difficulty | WIRED

/in