Updated A booby-trapped .RTF file is doing the rounds that combines two publicly available Microsoft Office exploits. Opening the document in a vulnerable installation of Office is supposed to lead to arbitrary execution of any malicious code within the file. Cisco's security outfit Talos believes "the attackers used the combination …

WikiLeaks' dump of CIA hacking tool documents on Tuesday has kicked off a debate among security vendors about whether intel agencies are stockpiling vulnerabilities, and the effect this is having on overall security hygiene. The leaked documents purport to show how the intel agency infiltrates smartphones, PCs, routers, IoT …

Some Linux distros will need to be updated following the discovery of an easily exploitable flaw in a core system management component. The CVE-2016-10156 security hole in systemd v228 opens the door to privilege escalation attacks, creating a means for hackers to root systems locally if not across the internet. The …

Updated Vulnerabilities in a network attached storage (NAS) devices made by QNAP Systems create a potential means for hackers to steal data and passwords, execute commands or drop malware on vulnerable kit, say security researchers. Researchers at F-Secure claim they have found a series of weaknesses in the firmware update process of …

Updated Vulnerabilities in Panasonic in-flight entertainment systems create a possible mechanism for attackers to control in-flight displays, PA systems and lighting, say researchers. Ruben Santamarta, principal security consultant at IOActive, said it had found vulnerabilities in Panasonic Avionic In-Flight Entertainment (IFE) …

A smartphone app flaw has left Tesla vehicles vulnerable to being tracked, located, unlocked, and stolen. Security experts at Norwegian app security firm Promon were able to take full control of a Tesla vehicle, including finding where the car is parked, opening the door and enabling its keyless driving functionality. A lack …

Black Hat EU Security researchers have come up with another way to hack Programmable Logic Controllers (PLCs) at industrial plants. Ali Abbasi, a PhD student at the University of Twente, and Majid Hashemi, a research engineer at Quarkslab, have developed an attack that involves tweaking the PIN configuration of a system chip in order to …

Attackers are already exploiting a dangerous privileged account creation hole in the Joomla! content management system attempting, with attempts made on about 30,000 sites in the days days after a patch for the flaw landed. The vulnerability, which allows anyone to create privileged accounts on Joomla! sites, was first flagged …

Security researchers have demonstrated how to gain root privileges from a normal Android app without relying on any software bug. The unprivileged application is able to gain full administrative permissions by exploiting the Rowhammer vulnerability present in modern RAM chips. Essentially, malicious code can change the content …

Security researchers have shone fresh light on the allegedly Russian state-sponsored hacking crew blamed for ransacking the US Democratic National Committee's computers. Sednit – also known as APT28, Fancy Bear and Sofacy – has been operating since 2004. The cyber-mob has reportedly infiltrated machines operated by targets as …

US researchers have pinpointed a vulnerability in Intel chips – and possibly other processor families – that clears the way for circumventing a popular operating-system-level security control. ASLR (address space layout randomization) is widely used as a defense against attempts by hackers to exploit software vulnerabilities …

BT is urging folks to patch the firmware in its Wi-Fi Extender following the discovery of multiple security flaws. Security researchers at Pen Test Partners discovered vulnerabilities with the consumer-grade kit, including cross-site scripting and the ability to change a password without knowing it. Pen Test Partners found it …

Crooks have once again targeted users downloading Ammyy's remote access software as a conduit for spreading malware. The tactic – which has been witnessed before, specifically in the infamous Lurk banking trojan – has been in play since early February, 2016. Ammyy Admin is a legitimate software package (used by top …

Security researchers have discovered a means to use previously unknown vulnerabilities found in in-memory deduplication to attack otherwise well-defended systems. The well-known standard compression technique, which is ubiquitous as a way of reducing the memory footprint across virtual machines, is also a by-default feature …

Hackers collectively tripled the production of Proof-of-Concept exploits last year, according to a new study out on Thursday. Researchers and black hats develop proof-of-concept (PoC) exploits for research or demonstration purposes. These PoCs are developed for a various reasons – to demonstrate that software is vulnerable, …

Security researchers have discovered a vulnerability that creates a means for hackers to circumvent Apple’s newest protection feature, System Integrity Protection (SIP). SIP is designed to prevent potentially malicious software from modifying protected files and folders. The technology is designed to protect the system from …

The myth that Macs are inherently more secure than Windows PCs has taken another hit. Patrick Wardle, a former NSA staffer who now heads up research at crowdsourced security intelligence firm Synack, has found a new route around Apple's defensive Gatekeeper technology. Apple's Gatekeeper utility is built into OS X, and is …

FireEye researchers Genwei Jiang and Josiah Kimble say attackers from North Korea exploited a zero day vulnerability in a word processor popular with the South Korea's government. The attackers went after the vulnerability (CVE-2015-6585) in the Hangul Word Processor prior to a patch issued last Monday. Accurate attribution …