Top 10 Stories

Microsoft released a security update for a flaw in the OLE API that affects most versions of Microsoft Word. Microsoft today patched a critcial zero-day vulnerability in Microsoft Office/WordPad that attackers had been exploiting in the wild for months. CVE-2017-0199 is a remote code execution vulnerability in the Windows Object Linking and Embedding (OLE) application programming interface. The vulnerability already had been weaponized in attacks to distribute the Dridex banking Trojan, as a botnet payload, and in a...

Symantec matches tools exposed in Vault 7 documents leak reportedly from the CIA with those used by cyber espionage group that has been targeting governments and private businesses. Researchers at Symantec have established a connection between the Vault 7 documents released by WikiLeaks and a cyberespionage group with a multi-year history of targeting governments and private companies. WikiLeaks says the tools in Vault 7 are from the CIA. View full story ORIGINAL SOURCE: Dark Reading

Now that the sulky Shadow Brokers gang has leaked its archive of stolen NSA exploits, security experts are trawling Uncle Sam's classified attack code – and the results aren't good for anyone using Oracle's Solaris. Matthew Hickey, cofounder of British security shop Hacker House, has been going through the dumped files, which once belonged to the spy agency's Equation Group and are now handily mirrored on GitHub. Hickey today identified two key programs – EXTREMEPARR...

A team of researchers at Newcastle University in the UK has published a paper highlighting some troubling findings linking on-board sensors with privacy issues. Using data collected by mobile device’s hardware tracking systems, the team was able to crack four digit PINs with 70-percent accuracy on the first try, with 100-percent accuracy by try number five. While some applications alert users to specific on-board monitoring, it’s certainly not universal – nor, for that matter, is...

Booby-trapped documents exploiting a critical zeroday vulnerability in Microsoft Word have been sent to millions people around the world in a blitz aimed at installing Dridex, currently one of the most dangerous bank fraud threats on the Internet. As Ars reported on Saturday, the vulnerability is notable because it bypasses exploit mitigations built into Windows, doesn't require targets to enable macros, and works even against Windows 10, which is widely considered Microsoft's most secure operating...

More than three-quarters of U.S. citizens (79 percent) are concerned about the privacy and security of their personal digital data, and 63 percent say they would feel more confident if the government agencies and service providers with which they interact had stronger data-privacy and security policies, according to an Accenture survey of nearly 3,500 U.S. citizens. View full story ORIGINAL SOURCE: Help Net Security

Payday lender Wonga has advised 270,000 customers of a data breach and offered inconsistent advice about the severity of the incident and how to respond. An “incident FAQ” on the company's site says “We believe there may have been illegal and unauthorised access to the personal data of some of our customers.” The Reg understands 270,000 customers are potentially at risk, 245,000 of them in the UK. View full story ORIGINAL SOURCE: The Register

A new zero-day flaw affecting all versions of Microsoft Office is being exploited in attacks in the wild, and no user is safe – not even those who use a fully patched Windows 10 machine. Even worse: targets do not have to anything except run a malicious file in order to get compromised, as the exploit doesn’t require them to enable macros or do anything else. View full story ORIGINAL SOURCE: Help Net Security

The hackers said President Donald Trump is deserting the base that supported him Annoyed with the U.S. missile strike last week on an airfield in Syria, among other things, hacker group Shadow Brokers resurfaced on Saturday and released what they said was the password to files containing suspected National Security Agency tools they had earlier tried to sell. “Is appearing you are abandoning ‘your base’, ‘the movement’, and the peoples who getting you elected,” the...

A torrent file is being used to infect unsuspecting users with malware that conducts a distributed password attack against WordPress-powered websites. The dangers of torrenting are by no means new. In this particular campaign, a user searches to download a movie or software without paying for it. Their favorite search engine yields some relevant files. But the sites hosting them don't have anything to do with seeding torrent files. View full story ORIGINAL SOURCE: Graham...