A Microsoft Office vulnerability patched six months ago continues to be a valuable tool for APT gangs operating primarily in Southeast Asia and the Far East. Researchers at Kaspersky Lab today published a report describing how attackers continue to flourish exploiting CVE-2015-2545, a remote code execution vulnerability where an attacker crafts an EPS image file...

The obvious takeaway from last week’s LinkedIn data breach revelation where we learned hackers were selling 117 million LinkedIn usernames, email addresses and passwords from a 2012 breach is, change your passwords-and often. The not so obvious takeaways come from noted security expert Troy Hunt, creator of the cyber-breach service Have I Been Pwned? and...

A private industry notification sent by the FBI in late April to its business partners warns of the risks associated with KeySweeper, a tool released in January 2015 by noted hardware hacker and researcher Samy Kamkar. Sixteen months ago, Kamkar released the source code and instructions on how to build the device, which looks like...

A two-year-old EITest malware campaign is still going strong, fueled by the fact it has shifted its distribution technique over time. Now, researchers at the SANS Institute’s Internet Storm Center, are reporting EITest is morphing again based on analysis of the malware campaign conducted earlier this month. According to researcher Brad Duncan, the EITest malware...

Microsoft is warning of an innovative new technique attackers are using to sneak macro malware past virus detection engines and add to the already huge uptick in reported macro attacks. According to researchers at Microsoft’s Malware Protection Center, they stumbled upon the macro technique in a file containing VBA project scripts with a sample of well-known malicious...

LinkedIn is striking back against a website attempting to monetize the 117 million usernames and passwords stolen from the company as part of a 2012 data breach. Website LeakedSource is reporting lawyers representing LinkedIn have served the company a cease and desist order on Wednesday alleging the company is in violation of California’s Computer Fraud...

A flaw in mobile chip maker Qualcomm’s mobile processor, used in 60 percent of Android devices, allows attackers to take control over a targeted phone or tablet under specific conditions. Researchers at Duo Labs said the vulnerability is tied to Android’s problem-plagued mediaserver, coupled with a security hole in Qualcomm’s Secure Execution Environment (QSEE). This...

Over 117 million LinkedIn user logins are for sale on the black market “The Real Deal” by hacker “Peace” for five Bitcoins ($2,280). The breach is tied to an earlier hack on LinkedIn in 2012, when the company originally said 6.5 million accounts had been compromised. The hacker, identified as Peace, claims the the data...

Google Play’s first line of defense against malware was circumvented by attackers who managed to sneak a malicious app called “Black Jack Free” into the official app store. The app was discovered by Lookout Security and removed by Google last week. Lookout estimates that 5,000 people downloaded the app that can siphon financial data from...

An underground forum called Nulled.io that helped users share stolen credentials, software cracks, and leaked content was hacked earlier this month, spilling a glut of information, including users’ email addresses, encrypted passwords, and IP addresses, among other details. According to researchers at Risk Based Security who reported the breach last week, a 1.3 GB tar.gz...