New remote code execution Windows zero days actively exploited

Adobe Opentype

Microsoft is warning users that new, critical remote code execution bugs affecting all current versions of Windows is being actively exploited.

The vulnerabilities lies in the Windows Adobe Type Manager Library, and can be exploited with malicious Adobe Type 1 Postscript format multiple master fonts, now superseded by OpenType fonts.

Attackers can exploit the vulnerabilities in several ways, by embedding the Type 1 fonts into documents and convincing users to open them or look at them in the Windows Explorer preview pane, Microsoft said.

Windows version 7, 8.1, RT 8.1, 10 are vulnerable to the remote code execution flaws, along with Windows Server 2008 service pack 2 onwards.

https://www.itnews.com.au/news/new-remote-code-execution-windows-zero-days-actively-exploited-539730

This new Android malware comes disguised as a chat app

A new form of mobile malware designed to snoop on calls, texts and other communications is targeting Android users by duping them into downloading a fake chat application.

The trojan malware, dubbed CallerSpy, has been discovered and detailed by cybersecurity researchers at Trend Micro, who believe the malware attacks are part of a cyber espionage campaign.

https://www.zdnet.com/article/this-new-android-malware-comes-disguised-as-a-chat-app

How to prevent business email compromise attacks

How-to-prevent-business-email-compromise-attacks.png

Business email compromise (BEC) scams are low-tech attacks that use social engineering techniques to exploit natural human tendencies.

While they may not get as much attention from the press as high-profile ransomware attacks, BEC scams are considered one of the biggest threats facing companies today. Between June 2016 and July 2019, there were 32,367 successful BEC scams in the U.S., which cost U.S. businesses more than $3.5 billion, according to figures from the FBI.

Fortunately, there are some very effective and easy-to-implement strategies for stopping BEC attacks. In this post, we’ll show you how you can combine staff training, process implementation and authentication technology to protect your organization from BEC attacks.

State of Ransomware in the U.S.: 2019 Report for Q1 to Q3

In the first nine months of 2019, at least 621 government entities, healthcare service providers and school districts, colleges and universities were affected by ransomware. The attacks have caused massive disruption: municipal and emergency services have been interrupted, medical practices have permanently closed, ER patients have been diverted, property transactions halted, the collection of property taxes and water bills delayed, medical procedures canceled, schools closed and data lost.

Email and attachments and RDP continue to be the attack vectors of choice. The latter is vulnerable to ransomware via exploitation on unpatched systems, misconfigured security settings and brute force attacks on weak login credentials.

“There is no reason to believe that attacks will become less frequent in the near future,” said Fabian Wosar, CTO at Emsisoft. “Organizations have a very simple choice to make: prepare now or pay later.”

Peace!

Peace!

Wishing you the peace and serenity of the countryside, the patience of nature, the drive of the rivers and oceans and the wisdom to know when to apply each.

The Dangers of Overpersonalisation

Is Overpersonalisation Killing the Variety and Interest of Your User Experience?

One user even noted that because the content was boring she continued to scroll looking for something that was interesting, “I don’t find anything interesting on Facebook tonight but what’s funny is that I will keep scrolling until I do; it’s addicting.” This behavior is related to the Vortex phenomenon, which refers to people feeling sucked into the online world almost against their will through sticky design techniques (like continuous content feeds). Users seek the emotional payoff they get from a good piece of content. In these cases, the phone turns into a mini slot machine: they keep pulling the lever coming across dozens of losers in hopes of finally getting a winner.

https://www.nngroup.com/articles/overpersonalization/