Security Alerts & News
by Tymoteusz A. Góral

History
#2205 Dridex campaigns hitting millions of recipients using unpatched Microsoft 0day
This weekend saw multiple reports of a new zero-day vulnerability that affected all versions of Microsoft Word. Today, Proofpoint researchers observed the document exploit being used in a large email campaign distributing the Dridex banking Trojan. This campaign was sent to millions of recipients across numerous organizations primarily in Australia.

This represents a significant level of agility and innovation for Dridex actors who have primarily relied on macro-laden documents attached to emails. While a focus on exploiting the human factor - that is, the tendency of people to click and inadvertently install malware on their devices in socially engineered attacks - remains a key trend in the current threat landscape, attackers are opportunists, making use of available tools to distribute malware efficiently and effectively. This is the first campaign we have observed that leverages the newly disclosed Microsoft zero-day.
Read more
#2214 The iCloud hackers' bitcoin ransom looks like a fake
#2213 Matrix ransomware spreads to other PCs using malicious shortcuts
#2212 How to get admin credentials from TPLink M5350 3G/WiFi modem with a text message
#2211 Hacker caused panic in Dallas by turning on every emergency siren at once
#2210 Thousands of fake Google Maps listings redirect users to fraudulent sites each month
#2209 ShadowBrokers fails to collect 1M bitcoins – releases stolen information
#2208 How criminals can steal your PIN by tracking the motion of your phone
#2207 Adobe publishes security updates for Flash, Reader, Photoshop and Creative Cloud
#2206 If you’re somehow still on Windows Vista, upgrade right now
#2205 Dridex campaigns hitting millions of recipients using unpatched Microsoft 0day
#2204 Critical Word 0day is only 1 of 3 Microsoft bugs under attack
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12