Recently, MalwareBytes posted a story about a new macro-less technique attackers can use to booby-trap an Office document with malware. Turns out the story was based on research from the SpecterOps team from over a month ago. By leveraging a lesser known file type, an attacker can create a malicious Office document that could execute malware, and even bypass some of Windows' … [Read more...]
IE Doc 0day – Daily Security Byte
Late last week, researchers from a Chinese company called Qihoo 360 disclosed a new zero day Internet Explorer (IE) vulnerability. According to their report, attackers can exploit the flaw by sending you a Word document with specially embedded content. If you open such a document, it may execute code on your computer with your privileges. At the time of the video, Microsoft … [Read more...]
Microsoft MMPE Vulnerable – Daily Security Byte
Microsoft recently released an out of cycle update to fix a critical flaw in the Microsoft Malware Protection Engine (MMPE). Due to a vulnerability in an open source archive package, a Google research found that by sending a maliciously crafted file to a computer running MMPE, you can exploit this flaw to execute code and gain complete control of computers running unpatched … [Read more...]
Shady iOS QR Codes – Daily Security Byte
If you're flown recently, and checked in with a mobile app, you probably know what a QR code is—the digital looking square graphic used to represent some specific data. These digital codes replace the UPC bar codes from yesteryear (or really, yester-decade?). In any case, most mobile devices now come with built in QR code readers so your mobile devices can interpret these codes … [Read more...]
Mysterious AMD Chip Vulnerabilities – Daily Security Byte
This week, a security research lab called CTS disclosed a warning about 13 serious vulnerabilities that affect most of AMD's processors. The researchers make pretty bold and possibly overstated claims, suggesting these flaws are a huge deal, and in some cases potentially unpatchable. However, there are some suspicious aspects of this release as well. First, the researchers only … [Read more...]