Tag: Microsoft

EverNote Latest Site Hacked In Coordinated Attack

EverNote Latest Site Hacked In Coordinated Attack

The online personal and business productivity service Evernote.com said on Saturday that it is the victim of a hack that exposed encrypted user password information, forcing password resets across a broad swath of the service’s 50 million registered users. The Redwood City, California-based firm revealed in a blog post that its internal security team discovered “suspicious activity on the Evernote network” that “appears to have been a coordinated attempt to access secure areas of the Evernote Service.” The company said it sent password reset messages to its users as a “precaution” but didn’t believe that stored information in users’ accounts or payment information had been exposed. The hack is just the latest of a prominent online firm. In recent weeks, Twitter, Facebook, Apple and Microsoft have all reported compromises of their internal networks. Those intrusions were linked to attacks aimed at developers and relied on exploits of previously unknown “zero day” […]

Adobe Pushes Fix For Flash Player, Cites Attacks On Windows, Mac, Android

Adobe released an urgent fix on Thursday for recent versions of Flash Player, citing ongoing attacks against both Windows, Apple Mac, Linux and Android systems. Adobe released the security updates to fix a vulnerability, CVE-2013-0633 in Flash Player, noting that the vulnerability is being exploited “in the wild” (that is: on the public Internet) in targeted attacks. The attacks involve both web based attacks via malicious or compromised web sites and e-mail based attacks. The web based attacks use malicious Flash (SWF-format) content and target vulnerable versions of the Flash Player for the Firefox and Safari web browsers. The e-mail attacks use a malicious Microsoft Word document delivered as an e-mail attachment. The document contains malicious Flash (SWF) content and the email tries to trick the recipient into opening it. The vulnerability in question, CVE-2013-0633 is described as a buffer overflow in Adobe Flash Player that “allows remote attackers to execute […]

Wealthy Countries Better At Protecting Citizens…From Malware

Wealthy Countries Better At Protecting Citizens…From Malware

To paraphrase a quote attributed to the great American novelist F. Scott Fitzgerald: ‘Rich countries aren’t like you and me. They have less malware.’ That’s the conclusion of a special Security Intelligence Report released by Microsoft on Wednesday, which found that the rate of malware infections was relatively lower in countries that were wealthy than those with lower gross income per capita. The study, “Linking Cybersecurity Policy and Performance” investigated the links between rates of computer infections and a range of national characteristics including the relative wealth of a nation, observance of the rule of law and the rate of software piracy. The conclusion: wealthier nations, especially in Europe, do a better job preventing malware infections than poorer and developing nations. The report marks an effort by Microsoft to dig into some of the underlying causes of cyber insecurity globally. Using data gathered from its Malicious Software Removal Tool (MSRT) […]

Microsoft Rushes Fix for IE Hole Used in Attacks on DC’s Elite

Microsoft Rushes Fix for IE Hole Used in Attacks on DC’s Elite

Microsoft issued an emergency fix for its Internet Explorer web browser on Monday, just days after security researchers reported finding a previously unknown (zero day) vulnerability in IE that was being used in targeted attacks against members of Washington D.C.’s media, government and policy elite. Microsoft’s Security Response Center (MSRC) released the fix for IE versions 6, 7 and 8 on Monday following reports of sophisticated and targeted attacks using the vulnerability were detected on the web site of the Council of Foreign Relations, a leading think tank whose members include senior government officials. In a Security Advisory (#2794220), Microsoft described the flaw as a “remote code execution vulnerability” in code that governs the way that “Internet Explorer accesses an object in memory that has been deleted or (improperly) allocated.” The vulnerability could allow a malicious attacker to create a malicious web page that would exploit the vulnerability to corrupt memory in […]

Microsoft: Freeware, Pirate Software Supply Chain Leads to Infections

Microsoft: Freeware, Pirate Software Supply Chain Leads to Infections

The Internet is a dangerous place, in general. And, depending on what you’re looking for online, it might be very dangerous, indeed, according to Microsoft. Writing in the company’s latest Security Intelligence Report, Microsoft said that its Malware Protection Center (MMPC) has observed an increase in malicious code infections that emanate from what it calls the “unsecure supply chain”  – the informal network of legitimate and underground web sites that distribute freeware and pirated software. Freeware that promises to generate registration keys for popular products like Adobe’s Photoshop, Microsoft Windows and games such as Call of Duty were among the most commonly associated with malicious programs, Microsoft said.  Internet users hoping to unlock pirated software download the key generators believing that they will produce a valid registration key, but often end up infecting their system in the process. But malware authors and cyber criminal groups will also wrap their creations in with […]