Beware of an Unpatched Microsoft Word 0-Day Flaw being Exploited in the Wild
There is a Zero-Day attack that works on all versions of Windows, even fully patched machines. The attack happens by opening up a Microsoft Word RTF file. The vulnerability is present in all versions of installed Microsoft Word.
Attackers gain full code execution on the victims machine. Since discovery, it doesn’t look like a patch for this flaw will be available in the next round of Microsoft patches that are released in April. So, current recommendations to protect yourself against this flaw are to not open any suspicious Word Documents, always view documents sent to you in Office Protected View, and disable macros from automatically executing.
Symantec API Flaws reportedly let attackers steal Private SSL keys and Certs
This is an interesting article. Many users install software like Symantec to help keep them safe, and here, there was a flaw that would allow an unauthenticated attacker to retrieve SSL Certificates, but not only that, reissue or revoke those certificates.
The flaw was discovered by an IT consultant from Cloud Harmonics, and Symantec asked the consultant not to disclose the flaw as it would take Symantec almost two years to fix the issue.
The Scrap Value of a Hacked PC, Revisited
Article Link: Click Here
I found this article very interesting. As an IT professional, I preach to people all the time about the safety of their data, and what they are doing on a PC. This is a great article that visualizes what is vulnerable and available to a hacker.
Hacking WordPress 4.7.0-1 – Exploiting the Exploitable
This article details a vulnerability in WordPress 4.7.0-1 that allows a user to change any blog post. The article takes you step by step through the process of exploiting the vulnerability.
I found this article intriguing since we are using WordPress for this course. Rest assured, the version we are on is version 4.7.2, and my research says that this vulnerability has been addressed in this release.
Metasploit Analysis
Ransomware Hijacks Hotel Smart Keys to Lock Guests Out of their Rooms
Link to Article: Click Here
An Australian Hotel was hacked and their electronic key card system was compromised. The hotel admitted to paying $1,600 US in bitcoins to unlock doors. The hackers gained access to the system and locked guests out of their rooms.
The hotel admits that is has a very robust IT system and this is not the first hacking attempt. Beyond access to the keycard system, the hackers gained access to the general computing systems in the hotel, shutting down several hotel computers.
After the ransom was paid, the system was returned to normal, but the hotel did find a backdoor that was left by the hackers, allowing the hackers access back into the system. Fortunately the backdoor was found and measure were taken to prevent this from happening in the future.
It’s scary to think what hackers can do and what they will attack. We look at technology as a way of making our lives easier, but hackers view them as an opportunity to make money. Needless to say, nothing is safe in this digital world today!