Microsoft is warning users that new, critical remote code execution bugs affecting all current versions of Windows is being actively exploited.
The vulnerabilities lies in the Windows Adobe Type Manager Library, and can be exploited with malicious Adobe Type 1 Postscript format multiple master fonts, now superseded by OpenType fonts.
Attackers can exploit the vulnerabilities in several ways, by embedding the Type 1 fonts into documents and convincing users to open them or look at them in the Windows Explorer preview pane, Microsoft said.
Windows version 7, 8.1, RT 8.1, 10 are vulnerable to the remote code execution flaws, along with Windows Server 2008 service pack 2 onwards.
Business email compromise (BEC) scams are low-tech attacks that use social engineering techniques to exploit natural human tendencies.
While they may not get as much attention from the press as high-profile ransomware attacks, BEC scams are considered one of the biggest threats facing companies today. Between June 2016 and July 2019, there were 32,367 successful BEC scams in the U.S., which cost U.S. businesses more than $3.5 billion, according to figures from the FBI.
Fortunately, there are some very effective and easy-to-implement strategies for stopping BEC attacks. In this post, we’ll show you how you can combine staff training, process implementation and authentication technology to protect your organization from BEC attacks.
In the first nine months of 2019, at least 621 government entities, healthcare service providers and school districts, colleges and universities were affected by ransomware. The attacks have caused massive disruption: municipal and emergency services have been interrupted, medical practices have permanently closed, ER patients have been diverted, property transactions halted, the collection of property taxes and water bills delayed, medical procedures canceled, schools closed and data lost.
Email and attachments and RDP continue to be the attack vectors of choice. The latter is vulnerable to ransomware via exploitation on unpatched systems, misconfigured security settings and brute force attacks on weak login credentials.
“There is no reason to believe that attacks will become less frequent in the near future,” said Fabian Wosar, CTO at Emsisoft. “Organizations have a very simple choice to make: prepare now or pay later.”
Is Overpersonalisation Killing the Variety and Interest of Your User Experience?
One user even noted that because the content was boring she continued to scroll looking for something that was interesting, “I don’t find anything interesting on Facebook tonight but what’s funny is that I will keep scrolling until I do; it’s addicting.” This behavior is related to the Vortex phenomenon, which refers to people feeling sucked into the online world almost against their will through sticky design techniques (like continuous content feeds). Users seek the emotional payoff they get from a good piece of content. In these cases, the phone turns into a mini slot machine: they keep pulling the lever coming across dozens of losers in hopes of finally getting a winner.