Security Alerts & News
by Tymoteusz A. Góral

History
#1640 Windows Atom tables can be abused for code injection attacks
Researchers have identified a way attackers could use atom tables in all versions of Windows to inject malicious code into a computer and bypass detection by security products at the same time.

The technique has been nicknamed AtomBombing by researchers at enSilo, and opens the door to perform man-in-the-browser attacks, access encrypted passwords, or remotely take screenshots of targeted systems.

AtomBombing does not exploit a Windows vulnerability and cannot be fixed with a patch. EnSilo urges security professionals to monitor for code injection in API calls to fend off possible attacks.
Read more
#1645 Don’t Skype and Type! Acoustic eavesdropping in VOIP (PDF)
#1644 The Dyn report: What we know so far about the world's biggest DDoS attack
#1643 Remote code execution vulnerabilities plague LibTIFF library
#1642 Lawmakers asking what ISPs can do about DDoS attacks
#1641 Paypal fixes 'worrying' security bug
#1640 Windows Atom tables can be abused for code injection attacks
#1639 Microsoft Office malware: Now more users get anti-hacker, macro-blocking features
#1638 Flash Player zero-day being exploited in targeted attacks
#1637 Joomla update fixes two critical issues, 2FA error
#1636 Dyn DDoS could have topped 1 Tbps
#1635 Cisco patches critical vulnerability in facility events response system
#1634 Could your 'smart' home be a weapon of web destruction?
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12