Embedded videos in Office docs can hide embedded nasties

Posted by & filed under Security Alerts.

Microsoft Word documents can potentially smuggle in malicious code using embedded web videos, it is claimed. Opening a booby-trapped file, and clicking on the vid, will trigger execution of the code. In summary, miscreants can leverage this weakness to potentially trick marks into installing malware on their PCs. It’s useful for hackers preying on non-savvy… Read more »

Simple Authentication and Security Layer (SASL) vulnerabilities

Posted by & filed under Security Alerts.

Simple Authentication and Security Layer (SASL) is an authentication layer used in Internet protocols. SASL is not a protocol, but rather a framework that provides developers of applications and shared libraries with mechanisms for authentication, data integrity–checking, and encryption. Within the framework and a few of its plugins, there are a couple of known vulnerabilities that… Read more »

Hidden Cobra malware infects Android devices with RAT, turns Windows machines into proxies

Posted by & filed under Security Alerts.

Hidden Cobra malware infects Android devices with RAT, turns Windows machines into proxies The Department of Homeland Security (DHS) and FBI on Tuesday jointly released two new reports analyzing trojan malware attributed to Hidden Cobra, aka Lazarus Group — a threat actor widely believed to be sponsored by the North Korean government. The two malware packages, referred to… Read more »