Microsoft is warning of an innovative new technique attackers are using to sneak macro malware past virus detection engines and add to the already huge uptick in reported macro attacks. According to researchers at Microsoft’s Malware Protection Center, they stumbled upon the macro technique in a file containing VBA project scripts with a sample of well-known malicious...

Facebook on Thursday patched a pair of vulnerabilities that enabled brute-force attacks against Instagram passwords, and also hardened its password policy. Researcher Arne Swinnen privately disclosed the flaws in December and in February respectively. One bug was patched in February, while the other went through two rounds of fixes before the issue was resolved on...

LinkedIn is striking back against a website attempting to monetize the 117 million usernames and passwords stolen from the company as part of a 2012 data breach. Website LeakedSource is reporting lawyers representing LinkedIn have served the company a cease and desist order on Wednesday alleging the company is in violation of California’s Computer Fraud...

When it comes to cloud computing, APIs more or less drive everything, but in the eyes of some researchers, existing security controls around them haven’t kept pace. While individual components of a system can be secure, when that system gets deployed in the cloud it can often become insecure – and get worse at scale, according to Erik...

A flaw in mobile chip maker Qualcomm’s mobile processor, used in 60 percent of Android devices, allows attackers to take control over a targeted phone or tablet under specific conditions. Researchers at Duo Labs said the vulnerability is tied to Android’s problem-plagued mediaserver, coupled with a security hole in Qualcomm’s Secure Execution Environment (QSEE). This...

ISP equipment maker Ubiquiti Networks is fending off a stubborn worm targeting its networking equipment running outdated AirOS firmware. According to security experts, the worm is already being blamed for crippling networking gear in the Argentina, Brazil, Spain and the United States. Ubiquiti confirmed the infection via a user forum, notifying customers that there are...

Security researchers at Skycure are upping the ante on a vulnerability that it says now leaves 95.4 percent of Android devices vulnerable to an attack that hands over control of a phone or tablet to an attacker. First reported at the RSA Conference in March, Skycure discovered a theoretical attack that involves the exploitation of...

Google Play’s first line of defense against malware was circumvented by attackers who managed to sneak a malicious app called “Black Jack Free” into the official app store. The app was discovered by Lookout Security and removed by Google last week. Lookout estimates that 5,000 people downloaded the app that can siphon financial data from...

Apple on Monday rolled out a series of patches for nearly all of its operating systems, OS X, iOS, its smart watch operating system, watchOS, and Apple TV’s tvOS, along with fixes for both iTunes and Safari. OS X received the lion’s share of the updates, 67 in total, bringing Apple’s operating system El Capitan to...

Pen-testing engagements are generally a breeze for most red-teamers; roadblocks are few, despite the ones in place being expensive and often paid for by very large companies. Chris Nickerson has been running such engagements for 15 years and he sees companies that throw more money and more servers at security solutions as having far less...