March 15, Softpedia – (International) Recent wave of malware uses macro-enabled Word documents and Windows PowerShell. Security researchers from Palo Alto Networks discovered that attackers were using a new tactic to distribute malicious malware by combining spam campaigns, malicious Word documents, and Window’s PowerShell code. Researchers reported that the macro code, embedded within each malicious Word document, starts a hidden instance of Windows PowerShell to download malicious scripts. Source
March 15, Softpedia – (International) Yahoo fixes ridiculously simple email address spoofing bug. Yahoo! released patches fixing an email spoofing vulnerability after a security researcher from Vulnerability Lab discovered Yahoo! Mail’s Basic interface, also named Classic Mode, allowed attackers to send malicious emails by changing Hypertext Transfer Protocol (HTTP) requests sent to the server and changing the “from address” associated with each new email. Source
March 14, SecurityWeek – (International) Code.org flaw exposes volunteer email addresses. An official from Code.org, a non-profit organization that helps teach computer science, reported that the email addresses of its volunteers were allegedly compromised after a vulnerability was found on its website that allowed an unauthorized recruiting firm to obtain private email addresses. The company patched the flaw, stating that its servers were not vulnerable and the details of its 10 million teachers and students were not exposed. Source
March 14, Softpedia – (International) Vulnerability in torrent portal software exposes user private information. An anonymous security researcher reported that the SceneAccess website, a private torrent portal, was susceptible to a security flaw in the built-in BBcodes (Bulletin Board Code) that allowed attackers to expose details pertaining to the websites’ users including exposing clients’ Internet Protocol (IP) addresses by nesting the BBcode inside an image Universal Resource Language (URL), and sending users the malicious image via open forum threads or private messages. Source
March 14, Reuters – (National) New app aims to thwart crime, attacks at U.S. military bases. A spokesperson for the U.S. Army Material Command stated March 14 that the U.S. Army spent about $145,000 on a new crime reporting app, iWatch Army, for use at 17 U.S. bases, which was created to boost its anti-terrorism and anti-crime efforts. The app remains under evaluation by the U.S. Army. Source