target

now browsing by tag

 
 

#deepweb | HMS and Huawei app store target Google, Apple: When it all changed

Source: National Cyber Security – Produced By Gregory Evans

The year 2020 will prove to the world just how ready Huawei is to live in a world without Google on Android. Huawei was blocked last year from working with Google directly, leading them to seek an alternative to GMS: Google Mobile Services, aka official license from Google to include Google apps and the Google Play digital content store on Android devices. Here in 2020, Huawei’s about to release their first phone with both the Huawei app store and HMS: Huawei Mobile Services, and it won’t be the last.

The launch

Honor President Zhao Ming spoke in an interview with WEMP/ Tencent Deep Web via author Ma Guanxia, confirming the release of the Honor V30 for an event in Barcelona “next week.” That’ll probably be on or after the 24th of February, 2020. At that time, though MWC 2020 was cancelled due to NCoV-2019 (novel coronavirus), local European Huawei/Honor employees will take up the mantle and hold a Huawei conference / press event via the web.

Huawei will reveal the Huawei V30 series smartphone line as well as at least one new Huawei smartwatch and Huawei notebook / laptop computer. This will be the first time a smartphone is released anywhere in the world with HMS, Huawei Mobile Services, the Huawei-made alternative to GMS, Google Mobile Services, on Android OS.

Development and growth

“Our solid hardware capabilities and distributed operating system capabilities, as well as our ability to share future-oriented industry development with the industry, will help the rapid development of the entire Huawei Mobile Services,” said Zhao Ming [roughly translated]. “Because of this,” said Zhao Ming, “[HMS deployment] may exceed many original pre-judgments and expectations.”

Zhao Ming went on to state that at some point in the future, Huawei expects HMS to have one massive set of their own apps that exist within their own app store, or “app gallery” as he put it. “The app gallery will be the third largest application platform,” said Zhao Ming, “after Apple and GMS.”

Ditching Google or not

At the end of January, 2020, Huawei leadership had some differing opinions – or some messaging that ended up a bit lost in translation. A report in Der Standard suggested that a Huawei official* stated they’d no longer be working with Google services.

“Even if the United States trade ban were cancelled, Huawei will no longer return to Google-Diensten (Google services), the company stressed when asked by Der Standard,” wrote Andreas Proschofsky for Der Standard. “The reason for this is simple: After all, one can not rely on the possibility that a new ban will not be enacted soon afterwards. We want to get rid of this dependence on US politics.”

*UPDATE: The official’s name: Fred Wangfei, Huawei Country Manager for Austria.

Huawei Germany went on to make a statement with the publication T3N. “An open Android system and ecosystem are still Huawei’s first choice,” said a Huawei Germany representative. “However, if we are prevented from using it, we will be able to develop our own operating and ecosystem.”

At the same time, journalist Arnoud Wokke of the publication Tweakers spoke with a Huawei Netherlands general manager, who said that Huawei would go back to using Google Services saying, “Google has been a partner for many years and is a priority for us. We believe in choice for consumers in services on their devices.”

Added once other statements were made, Proschofsky wrote the following: “Just as a note for others who read this. There was no wiggle room in what Huawei told me, I asked them several times (as I was rather surprised myself) and they insisted on not going back to Google – even if the US ban falls.”

Clear as mud

One way or the other, events that took place in 2019 between Huawei and the United States government affected the course of the entire mobile smart device industry from this point forward. We’ll get our next big update on how this is all going to play out next week, as Huawei reveals their hand in Barcelona.

Source link
——————————————————————————————————

The post #deepweb | <p> HMS and Huawei app store target Google, Apple: When it all changed <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Warning as bogus KCOM workers target Hull homes in new ‘spoofing’ scam

Source: National Cyber Security – Produced By Gregory Evans

Several people have been preyed on by bogus callers claiming to work for a major communications company.

The fraudsters have been targeting homes in the region posing as staff from KCOM in order to con unsuspecting individuals into handing over banking information.

The calls have been showing as local numbers in the practice known as “spoofing” but the IT provider made clear that they never ask individuals for card details.

A spokesperson for KCOM urged customers to be vigilant and said: “We’ve been made aware of a spate of scam calls recently from people posing as KCOM, calling from what appear to be local Hull phone numbers.

“This is known as ‘spoofing’ where the scammer can make it look as if they are calling from a 01482 number when in reality they are probably calling from abroad.

Watch: How to protect yourself from text message and cold call scams

Video Loading

Video Unavailable

“We have already blocked several numbers that have been reported to us by our customers. Fortunately, those customers we’ve spoken to have realised something is not quite right and ended the call – and have avoided losing money as a result.

“If you’re ever suspicious about a call, we recommend you hang up immediately and call us to check. Never give out any personal information or bank details and never allow anyone to take remote control of your computer.

“We never ask for customers’ credit or debit card details over the phone and will always transfer customers who wish to make a payment over to our secure, automated payment line.

“As well as calling KCOM on 01482 602555 anyone who believes they have been targeted by a scam caller should report it to Action Fraud, the National Fraud and Cyber Crime Reporting Centre, by calling 0300 123 2040 or by visiting www.actionfraud.police.uk.”

Providing Action Fraud with this information enables it to track and fight cyber crime.

Source link

The post #cyberfraud | #cybercriminals | Warning as bogus KCOM workers target Hull homes in new ‘spoofing’ scam appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Daily Inter Lake – Politics & Government, The big lesson from the Bezos hack: Anyone can be a target

Source: National Cyber Security – Produced By Gregory Evans

PROVIDENCE, R.I. (AP) — You may not think you’re in the same league as Jeff Bezos when it comes to being a hacking target. Probably not, but you — and just about anyone else, potentially including senior U.S. government figures — could still be vulnerable to an attack similar to one the Amazon founder and Washington Post owner apparently experienced.

Two U.N. experts this week called for the U.S. to investigate a likely hack of Bezos’ phone that could have involved Saudi Arabian Crown Prince Mohammed bin Salman. A commissioned forensic report found with “medium to high confidence” that Bezos’ iPhone X was compromised by a video MP4 file he received from the prince in May 2018.

Bezos later went public about the hack after the National Enquirer tabloid threatened to publish Bezos’ private photos if he didn’t call off a private investigation into the hacking of his phone. It’s not clear if those two events are related. The Saudis have denied any involvement in the purported hack.

The events could potentially affect U.S.-Saudi relations. On Friday, Sen. Ron Wyden, an Oregon Democrat, said he is asking the National Security Agency to look into the security of White House officials who may have messaged the crown prince, particularly on personal devices. Jared Kushner, a White House aide and President Donald Trump’s son-in-law, is known to have done so using WhatsApp.

Wyden called reports of the Bezos hack “extraordinarily ominous” and said they may have “startling repercussions for national security.”

But they could resonate at the personal level as well. As the cost of hacking falls while opportunities to dig into peoples’ online lives multiply, more and more people are likely to end up as targets, even if they’re not the richest individuals in the world.

Ultimately, that boils down to a simple lesson: Be careful who you talk to — and what you’re using to chat with them.

“People need to get out of the mindset that nobody would hack them,” said Katie Moussouris, founder and CEO of Luta Security. “You don’t have to be a specific target or a big fish to find yourself at the mercy of an opportunistic attacker.”

WhatsApp, owned by Facebook, is generally considered a secure way of trading private online messages due to the fact that it scrambles messages and calls with encryption so that only senders and recipients can understand them. What many people may not have realized is that it, like almost any messaging service, can act as a conduit for malware.

That encryption, however, is no help if a trusted contact finds a way to use that connection to break into the phone’s operating system. In fact, an infected attachment can’t be detected by security software while it’s encrypted, and apps like WhatsApp don’t scan for malware even once files are decrypted.

WhatsApp users can disable the automatic downloading of photos, videos and other media, which happens by default unless the user takes action.

Other messaging apps are likely also vulnerable. “It just so happens that this one was a vulnerability in WhatsApp,” said JT Keating, of Texas-based security firm Zimperium. “It could have been in any one of any number of apps.”

Prince Mohammed exchanged numbers with Bezos during a U.S. trip in spring 2018. On the same visit, the prince also met with other tech executives, including the CEOs of Google, Apple and Palantir, as well as sports and entertainment celebrities and academic leaders. Virgin Group founder Richard Branson gave the Saudi delegation a tour of the Mojave Air and Space Port in the desert north of Los Angeles.

Google and Apple didn’t respond to emailed requests for comment this week on whether their executives shared personal contacts after that trip. Palantir Technologies confirmed that its CEO Alex Karp met with the prince but said they never shared personal messages. Virgin Group said it was looking into it.

UC Berkeley cybersecurity researcher Bill Marczak cautioned that there’s still no conclusive evidence that the Saudi video was malicious, adding that it might be premature to jump to broader conclusions about it. Many other security experts have also questioned the forensics report upon which U.N. officials are basing their conclusions.

But Marczak said it is generally good advice to “always be on the lookout for suspicious links or messages that sound too good to be true.”

Even caution about avoiding suspicious links might not be good enough to ward off spyware — especially for high-profile targets like dissidents, journalists and wealthy executives. Hackers-for-hire last year took advantage of a WhatsApp bug to remotely hijack dozens of phones and take control of their cameras and microphones without the user having to click anything to let them in.

In such cases, said Marczak, “there doesn’t need to be any interaction on the part of the person being targeted.”

  

Source link

The post #hacking | Daily Inter Lake – Politics & Government, The big lesson from the Bezos hack: Anyone can be a target appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Turkish hackers target Greek government websites, stock exchange

Source: National Cyber Security – Produced By Gregory Evans Turkish hackers claimed on Friday to have hijacked for more than 90 minutes the official websites of the Greek parliament, the foreign affairs and economy ministries, as well as the country’s stock exchange. On their Facebook page, the hackers group, Anka Neferler Tim, justified their actions […] View full post on AmIHackerProof.com

Facebook will target ads based on your Oculus VR data – Naked Security

Source: National Cyber Security – Produced By Gregory Evans Exploring District 06 in Boneworks with your Oculus virtual reality (VR) rig? WATCH OUT!!!!! It’s jam-packed with traps, obstacles, Nullmen zombies who’ll attack you on sight, and now, thanks to the zuckerborgians, you’re going to be stalked: followed right out of the virtual experience and into […] View full post on AmIHackerProof.com

5 Tips for Keeping Your Security Team on Target

Source: National Cyber Security – Produced By Gregory Evans In nearly every security environment, competing priorities are a constant battleground. Here’s how to keep the focus on what’s important. When I sit down to write an article, I encounter any number of distractions. Each distraction seems to want nothing more than to keep me from […] View full post on AmIHackerProof.com

#cyberfraud | #cybercriminals | Farms a cyber-crime target | Farm Weekly

Source: National Cyber Security – Produced By Gregory Evans

DO you think you’re cyber safe?

Cyber security expert and lecturer at Edith Cowan University David Cook said that people in regional areas were common targets for cyber crime.

And as farm business became more invested in technology and utilised data, Dr Cook said that in the next five years, rural businesses were going to become increasingly at risk.

“I think one of the big issues when I come to rural and remote places is that regional people are so nice and trust people,” Dr Cook said.

“They have a different way of life from city people.”

Dr Cook said that cyber crime was perhaps more prevalent than other crime, such as theft, but doesn’t have the same awareness.

“Cyber crime is one of the fascinating things where you never get to meet the criminal, compared to say a home break-in, where you might see the person or at least realise that you’ve been robbed,” he said.

“In general, our police do a lot better job of tracking down people breaking into houses, than people breaking into computers.

“It’s very easy for people to do things you are unaware of.”

According to Dr Cook, the criminals who were most interested in stealing agricultural data were from governments and organisations in other countries.

As more data begins to come from farms, with the rise of technology being used, “interest from multi-nationals and other countries’ governments will access our data and steal it so they can influence the price of commodities”.

“Three years ago, in the State’s north west, the price of iron ore plummeted and largely that was on the back of people infiltrating data and stealing it, and they worked out they could lower the price of iron ore – I’m talking about China because in that case, they basically influenced the market.

“So that’s the future for us, we have to be careful about what we share.

“Farmers are the way in into multi-million dollar data systems and in a few years when more data is coming from farms, I can guarantee that being relaxed on things like passwords, storage and emails will come back to haunt them.”

Passwords

Dr Cook said one of the easiest ways that people could increase their cyber security was through passwords, but they have to be secure.

Using passwords such as the name of a loved one, pet, place of birth, maiden name, birthday or year of birth, address, favourite sporting team are all unsafe as they can be found by cyber criminals on social media or even government websites like Births, Deaths and Marriages and the electoral role.

Dr Cook suggested a method that he has used for 10 years and in that time, has never written a password down.

“I have a passphrase that I carve up into four passwords,” he said.

“It doesn’t mean anything to anyone, or make any sense but it’s my little thing and something I remember – Bye bye Rosie off you go Birmingham western.

“We all have mnemonics in our head that mean nothing at all, so just think of something from the past because they work best.”

Dr Cook does use numbers but not his date of birth, address or the number one.

For six months his passwords for all his accounts might be bye bye Rosie!2 and then six months later changes all his accounts to Off you go!3 etc.

“I change my passwords every six months, guaranteed,” he said.

“Sometimes it won’t let you use the same password more than once but in almost all of our systems, that lasts for up to 24 months.

The cloud

Nowadays many people store their files and photos in ‘the cloud’, but how safe is it?

“The cloud (that is free) literally means a run down shed somewhere cheap in the world, like India or The Philippines, and it’s low security,” Dr Cook said.

“If it’s data about your farm, then it is critical that it’s stored securely.

“The question is how much is your information worth?

“If you use the free cloud for data from your farm, then you are likely putting your security at risk.”

Dr Cook said it was only a matter of time until someone hacked into that run down shed, where ever it is, and everyone’s data is shared on the dark web, especially if you’re password is not secure enough.

“It’s important to remember that it’s your information on someone else’s system somewhere,” he said.

“If you want protection, if you want security, the best protection is with yourself and when you don’t share everything.”

Cyber security risks that are more of a concern to everyone, and less so to farm businesses in particular include:

Baseline security

One of the common issues that impacts baseline security is when people unknowingly give their information to third parties by entering competitions.

Often there are raffles being held by local clubs to win a car or holiday and the entry asks for your name, address, email address and mobile number.

But in the fine print on the ticket, it will read something like ‘Please be advised we may use this information and pass it on to a third party’.

The club or charity passes all the ticket stubs onto a third party where the names and information become harvested and are sold to other third parties.

As a result, the club or charity gets paid about $50,000 for doing that and can buy the prize.

So the club is able to make a profit, thinking they are doing it out of goodwill.

But because so many people don’t read the fine print, they are then placed on various email lists and that they can’t truly unsubscribe from and their data is harvested and sold.

Dr Cook said another issue with baseline security is using free Wi-Fi.

Although it’s convenient, especially when travelling overseas, free Wi-Fi that either has no password or the same password for everyone is on a “pancake network”.

“It means everyone is on it and can see what everyone else is looking at,” Dr Cook said.

He advised to not use free Wi-Fi when overseas to check accounts such as emails and banking and instead find somewhere where you can pay for it.

“The amount of people that target people this way is on the rise, because when you’re travelling is when you’re vulnerable,” he said.

Facebook

“Sometimes people put things up on Facebook that gives up so much information about them,” Dr Cook said.

He said cyber criminals would follow what other people put on Facebook about people, as more often than not, that gives away more information, such as comments and tagged photos.

Dr Cook suggested to avoid posting photos while overseas, as cyber criminals will know that’s an ideal time to hack your accounts.

Photos taken on your property have a geo-location so criminals can find out where you live.

He also recommended caution when posting photos of children, as there was a chance of them being found by online predators and circulating the dark web.

Online shopping

When targeting people via online shopping, Dr Cook said cyber criminals wait for you to be on an unsecure network or website.

To ensure you’re buying something securely, at the point where the money is handed over, the web address should read: https:// – noting the ‘s’, which changes the website to a secure version for making the payment.

If the web address does not have an ‘s’, as some websites might bypass the secure version, simply type it into the address box and click refresh.

Dr Cook said to also check for the padlock which was pictured in the same text box where the web address was, as it acted as another level of security.

“But be careful because some criminals have worked out how to put a picture of a padlock on websites but it’s not where it should be,” he said.

Dr Cook said PayPal was the most trustworthy method of online payment where the person on the other end can’t see your card details.

Emails

“We share a lot of information in emails and spam emails are harvesting data,” Dr Cook said.

He recalled an example where a woman responded to an email from an ‘African prince’, which is a common scam.

She replied to the email asking that the emails be stopped and signed it with her name and location.

“The thieves are only waiting for the last three or four words in her email, because they know a lot about her now and they start to aggregate data about her,” he said.

“This is called email harvesting and they will harvest information about farmers of significant properties and businesses are of immense interest to cyber thieves.”

Dr Cook also advised to be aware of scam PayPal emails, which ask you to update your PayPal details via a link in the email.

“The only way to do that is to login to the PayPal website, not from a link in an email,” he said.

Another key for spotting PayPal email scams, or scams impersonating other organisations for that matter, is to look at the email address it came from.

If it’s a scam, it won’t be the correct email address.

Telephone

Telephone scams have been around a long time and Dr Cook said most people think they know a phone scam when they hear one.

But he said criminals were becoming savvier, smarter and sneakier about scamming people and stealing their money.

“It’s important to not stay on the line with them,” Dr Cook said.

“Some people like to joke around or mess with them, but it’s best to just hang up.”

Dr Cook referred to a common current phone scam, known as the ‘Telstra scam’.

It goes something along the lines of a woman operating out of Queensland, she has an Australian accent and there is no delay on the phone line.

“She rings and says your Telstra bill is $11.15 overdue and asks you to pay it how you normally would, be it at the Post Office, BPay etc,” he said.

“Then she talks to you, which is so clever and the new way of telephone scams in rural and remote areas and organisations because people talk back and fall for it, apparently they like a yarn.

“It’s what we call social engineering, which is the cleverest way to get information out of people and they are experts at it.”

Dr Cook said it’s more common against women, as they were more likely to have a chat.

“They will agree with whatever you say and massage your ego and make you feel like you’ve made a friend,” he said.

“Then at the end of about five minutes, the conversation will change and she’ll get flustered and say ‘I was meant to have rung all these other people and now I’m going to be in big trouble with my boss’, which will last about 30 seconds.

“The she’ll hit you with the punch line: ‘If you give me your credit card details, I will put this $11.15 through and I can tell my boss I’ve moved onto the next one’.”

On bank statements the transaction won’t read Telstra but something similar like Telstrasoc or Telstracomnet.

“It’s just enough to make you think it’s Telstra, then every month you will be charged some amount under $15 for the rest of your life,” Dr Cook said.

“People have certain limit when it comes to money, they notice being billed for $500 but not $11.15 every month, because we have a certain mindset when it comes to small numbers because we see so many of them in our statements.

“So we know the golden rule for criminals is under $15 and after a while people normalise it.”

Dr Cook said the statistics showed about one in 10 people fell for this scam but one in five people in regional locations fell for it.

“It’s because they are nice to people, like a yarn and trust people and when they are nice to them on the phone, they like to help them out,” he said.

Dr Cook said there was a version of this scam for every utility.

Source link

The post #cyberfraud | #cybercriminals | Farms a cyber-crime target | Farm Weekly appeared first on National Cyber Security.

View full post on National Cyber Security

The #Olympics are an #irresistible #target for #cybercriminals

Source: National Cyber Security News

The Olympic Games are a massive draw, not only for sports fans, but also for cybercriminals.
It’s a high-profile event taking place in a concentrated location that attracts large numbers of visitors, many of whom will be spending a lot of money.

The Winter Games kicking off Friday in Pyeongchang, South Korea, are no exception.

Billed as a sports extravaganza, the Olympics are also infused with politics as governments and activists seek to take advantage of the global stage. That’s especially true in Pyeongchang, where tensions have built up over North Korea’s involvement.

All of this makes the Games a prime target for cyberattacks — from thieves or spies.

Here’s what hackers are going after — and how fans can protect themselves:

Hacking the Games themselves

Computer systems connected to the Olympics have been compromised in the past.

In 2016, Russian hackers broke into a World-Anti Doping Agency database through an account created by the International Olympic Committee (IOC) for the Summer Games in Rio. The group stole information about star American athletes like Simone Biles and Venus Williams.

“Some attackers have a political intent — they can attack the organization,” said Seongsu Park, a researcher with cybersecurity firm Kaspersky.

Read More….

advertisement:

View full post on National Cyber Security Ventures

BlackBerry #Mobile site the #latest #target of #cryptocurrency mining #hackers

Source: National Cyber Security – Produced By Gregory Evans

TCL Communication Technology Holding Ltd., the operator of the BlackBerry Mobile site, is the latest victim of cryptocurrency-loving hackers in the latest of a rash of cryptomining hijacking cases.

The website for BlackBerry Mobile was discovered by a Reddit user last week to be serving up code to visitors from Coinhive, the notorious Monero mining script service. The same person who discovered the code did note that it was only the global TCL- owned Blackberrymobile.com site that was affected, not country-specific sites or those owned by BlackBerry Ltd.

Coinhive itself chimed in on Reddit, saying that one of its users had hacked the Blackberry Mobile website using a vulnerability in the Magento webshop software. “We’re sorry to hear that our service has been misused,” the company said. “This specific user seems to have exploited a security issue in the Magento webshop software (and possibly others) and hacked a number of different sites. We have terminated the account in question for violating our terms of service now.”

TCL is far from the first company to be targeted by cryptomining code, and it won’t be the last. The first outbreaks of cryptomining-related hacking occurred in September, when The Pirate Bay and then Showtime were exposed as using the method. As cryptocurrencies boomed, so instances of hackers and site owners trying to cash in on Monero mining. A RiskIQ report Sept. 26 found that more than 1,000 sites were now hijacking the computing power of site visitors to mine for cryptocurrencies.

By October, leading content delivery network Cloudflare Inc. was the first major provider to crack down on the method, banning all sites from its network that have cryptocurrency mining code installed.

The method spread to apps later the same month, when the first reports emerged of Coinhive scripts appearing in Android apps, and the new attack vector has seemingly continued to grow. Only this weekend, a security researcher discovered 291 apps across third-party Android stores that included the miming code, although they appear to be the same app and code with 291 different names.

Commenting on the Android outbreak, HackRead noted that though the biggest victims of cryptocurrency miners were previously website owners and unsuspecting visitors, now Android users are also at risk. The advice, as always, is to practice safe internet: Do not download unknown apps from Android stores, make sure they have up-to-date antivirus software installed and keep an eye on their processor usage because cryptocurrency miners trigger high usage.

The post BlackBerry #Mobile site the #latest #target of #cryptocurrency mining #hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers #target Office as #Microsoft warns of new #vulnerability being #exploited by Russia-linked #hackers

Source: National Cyber Security – Produced By Gregory Evans

Cyber crooks are taking advantage of a recently discovered vulnerability in Microsoft Office to hide malicious code in Word documents, the software giant has warned.

Furthermore, the flaws are being taken advantage of by a Russia-linked hacking group called APT28, who are expoiting a vulnerability in the Dynamic Data Exchange (DDE) component of Office.

According to the researchers, the hackers have been exploiting the flaw for around a month.

This is responsible for transporting data and messages between applications. The exploit affects Outlook email accounts, Word documents and Excel spreadsheets.

The hackers, also known collectively as Fancy Bear and linked with the Russian government, have benefited from the protocol because it doesn’t warn users to enable macros. However, pop-ups asking users to update files may sometimes appear.

Security firm McAfee claimed that the hacking group has been taking advantage of the recent New York terror attack to propagate its malicious code, inserting malware into a document talking about the incident.

“McAfee Advanced Threat Research analysts identified a malicious Word document that appears to leverage the Microsoft Office Dynamic Data Exchange (DDE) technique that has been previously reported by Advanced Threat Research,” it claimed.

“This document likely marks the first observed use of this technique by APT28. The use of DDE with PowerShell allows an attacker to execute arbitrary code on a victim’s system, regardless whether macros are enabled.

“APT28, also known as Fancy Bear, has recently focused on using different themes. In this case it capitalised on the recent terrorist attack in New York City.

“The document itself is blank. Once opened, the document contacts a control server to drop the first stage of the malware, Seduploader, onto a victim’s system.”

Microsoft has since released a specialist advisory detailing the vulnerability and how it affects users. It is now working on a patch, but the Advisory effectively serves notice to other hacking groups of a glaring flaw in Office that others will now seek to exploit.

“In an email attack scenario, an attacker could leverage the DDE protocol by sending a specially crafted file to the user and then convincing the user to open the file, typically by way of an enticement in an email,” it said.

“The attacker would have to convince the user to disable Protected Mode and click through one or more additional prompts. As email attachments are a primary method an attacker could use to spread malware, Microsoft strongly recommends that customers exercise caution when opening suspicious file attachments.

“Microsoft strongly encourages all users of Microsoft Office to review the security-related feature control keys and to enable them. Setting the registry keys described in the following sections disables automatic update of data from linked fields.”

The post Hackers #target Office as #Microsoft warns of new #vulnerability being #exploited by Russia-linked #hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures