Trick Or Treat – Do You Dare To Open The Following Link?

ftp://malware.com/crowti.zip Another all-trick, no–treat week, with two new threats that both Windows and Linux admins should be aware of (we guess the Mac hackers are too busy drooling over their lovely new 5k retina screens).  On the Linux side we’ve seen a new vulnerability in the popular command line tool ‘wget’ (CVE-2014-4877). It’s nasty in […]

Olé! Finally, an interesting PowerPoint presentation

After years of boring everyone to tears, the worm has turned, PowerPoint has officially gone rogue. Power with a Point to prove, scary. So scary in fact that Microsoft has released an advisory about a bug in the Object Linking and Embedding (OLE – see what we did there?) library – the code that sometimes […]

Sandworm versus Poodle

Equal opportunities for sysadmins this week as a round of security advisories see just about everyone doing the manic patching dance (twerking optional). Tuesday saw Microsoft patch a handful of nasty zero day vulnerabilities, Wednesday saw another hole in SSLv3 appear, yet more patches to prevent the beleaguered OpenSSL library from spilling your server’s secrets, […]

The ‘ShellShock’ continues…

Recent news indicates that Yahoo servers were breached by a Romanian hacker group along with Lycos and WinZip. Yahoo advises that no user information was exposed and they claim that the servers were not affected by ShellShock. According to the comments by the Yahoo CISO, malicious code was executed on the servers by attackers looking […]

10 Things You Never Knew Could Be Hacked

The idea that it is only our PCs and mobile phones can be hacked into is an outdated one. An increasing number of everyday items come with inbuilt connections that are often left wide open to any hacker looking for a new toy to play with. Here is a list of 10 things that you […]

AfterShock. BASH vulnerability in the wild

As the fallout of last weeks so called ShellShock vulnerability continues, which enables commands to be run on systems via a bug in the BASH (or born again, or needs to be born again) shell, attacks are being seen in-the-wild. We figure that most Apache web servers will either not require patching or will now […]