Robots Can Crack Safes
Robots can crack safes faster than humans — and differently. We’re going to have to start thinking about robot adversaries as we design our security systems. From Wired via Schneier.
[WordPress Security] Ransomware Targeting WordPress – An Emerging Threat
Over the past month, the Wordfence team has been tracking a ransomware campaign that is actively targeting WordPress websites. This is a change in tactic for attackers. Rather than using a hacked WordPress site for spam, they can now encrypt your data and extort money from you directly.
Today on the blog we analyze in depth the ransomware sample we captured. We also identify where the attacks are coming from and describe how you can protect yourself from this emerging threat.
08/21/2017 07:32 AM EDT Original release date: August 21, 2017
Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.3 and apply the necessary update.
This Is a First: Compromised PowerPoint Slide Deck Bypasses Antivirus
Bad guys are exploiting the CVE-2017-0199 vulnerability to bypass endpoint security software and deliver the Remcos remote access Trojan via Microsoft PowerPoint decks.
This particular flaw in the Windows Object Linking and Embedding (OLE) interface is normally used to deliver infected RTF documents, but researchers at Trend Micro have spotted cyber criminals using it to compromise PowerPoint slide show files for the first time.
Critically, since most methods of detecting the CVE-2017-0199 vulnerability focus on the RTF attack method, the use of the PPSX PowerPoint as an attack vector means attackers can code the malware to avoid antivirus detection.
More at the KnowBe4 blog, with links and screenshots: