A newly discovered security hole in Office could allow remote code execution
Microsoft has discovered a vulnerability in the graphics component of its Windows, Office, and Lync software that could allow hackers to execute malicious code from a remote location. The software giant said it is aware of targeted attacks that attempt to exploit the vulnerability in Office and has suggested a series of workarounds until it can issue a permanent patch. In the meantime, Microsoft has made available a piece of "Fix it" software to automatically apply the workaround procedures in affected products.
Adobe suffered a major security breach last month that compromised at least 38 million user accounts. In the wake of that attack, however, the top 100 passwords used by milliions of Adobe account holders have come to light, and it doesn't look pretty. If you're in a scolding mood, you could say that many Adobe users compromised themselves by using lazy passwords that are easy to guess.
Tech savvy users know that it's not necessary to pay for antivirus protection. The question is, how reliable is Microsoft's own Security Essentials software? In our own tests, Security Essentials has performed fairly well in terms of protection, though its slow scan speed and limited feature-set don't put it at the front of the pack when compared with other free (and paid) AV solutions. What's confusing, however, is Microsoft's own opinion on the matter.
If you're in the business of offering free antivirus protection, beware of hackers mucking up your website. The Palestinian hacker group known as KDSM Team recently targeted several well known companies, including AVG and Avira, makers of popular free (and paid) security solutions, and defaced their homepages (sort of). Whatsapp, a cross-platform messaging app for mobile devices, was also tagged.
Professional networking site LinkedIn recently found itself the recipient of a class action lawsuit alleging that the company has been hacking into its users' email accounts and downloading their contacts, which it would then use to send out marketing materials. Furthermore, the lawsuit alleges that LinkedIn essentially impersonates its users. Blake Lawit, Senior Director of Litigation at LinkedIn, denied the accusations in a blog post.
IE flaw could allow hackers to wreak havoc remotely
Be advised that if you're running Internet Explorer version 8 or 9, you could be a sitting duck for a remote code execution attack. Microsoft is aware of the zero day flaw and has issued an emergency Band-Aid as a temporary fix as it continues to investigate the issue. Applying Microsoft's "CVE-2013-3893 MSHTML Shim Workaround" prevents attackers from being able to exploit the security flaw until a permanent fix is rolled out.
One of the wonders of the human body is that it heals itself. The damage might be self-inflicted, like an accidental fall, or it could be caused by an attacker. Either way, the human body is tremendously adept at repairing cuts, scrapes, bruises, and other ailments. HP is taking that same concept and applying it to the PC's Basic Input/Output System, otherwise known as the BIOS.
Microsoft is planning to cut off support for Windows XP in April 2014, just a few months shy of the legacy operating system's 13th birthday. Many computers have long moved on from Windows XP and are now rocking Windows 7 or Windows 8 (or even Vista), though it's estimated that between 20 percent (StatCounter) and 33 percent (NetMarketShare) of PCs around the world haven't yet upgraded. What happens to all those users come April?
For malware writers, everything's a numbers a game. So, the more popular a platform becomes, the more attention cybercriminals will pay to finding vulnerabilities they can exploit. It's really no wonder, then, that McAfee's Threat Report for the second quarter of 2013 noted a rebound in mobile threats, including a 35 percent growth rate in Android-based malware, the likes of which have not been seen since early 2012, the security firm reports.
Syrian Electronic Army continues its hacking rampage
The latest news outlet to fall victim to hack attacks by the Syrian Electronic Army (SEA) is The Washington Post, which earlier today posted a short message confirming a security breach that redirected readers of certain stories to the SEA's website. The Washington Post didn't say which specific stories were affected by the breach, adding that it's working to resolve the issue. Since then, more information has been made available.