Showing 5 results for: February 2018 ×

Multi-Stage Email Word Attack Without Macros

Malware authors often distribute malware through code macros in Microsoft Office documents such as Word, Excel, or PowerPoint. Regardless of the particular Office version, macros can be executed whenever the user opens the file. By default users get warnings from...

Flash Zero Day (CVE-2018-4878)

A zero day Flash exploit caught targeting South Korean users was announced by South Korea's CERT on January 31, 2018. The exploit was embedded in an Excel spreadsheet. Upon opening the spreadsheet the Flash file loads a second stage which...

Microsoft Patch Tuesday, February 2018

February's Patch Tuesday is here and after the light January, it's back with patches for 50 CVEs and two "roll up" advisories. Running down the CVEs, there are 14 rated "Critical", 34 rated "Important" and 2 rated "Moderate". Once again...

Multiple Vulnerabilities in NETGEAR Routers

Last year I discovered multiple vulnerabilities in NETGEAR products. Now that these vulnerabilities have gone through the disclosure process and have been patched we can discuss the technical details. TWSL2018-002: Password Recovery and File Access on Some Routers and Modem...

Multiple Vulnerabilities in WD MyCloud

While performing security research on personal storage I found some vulnerabilities in the WD (Western Digital) MyCloud device. Trustwave reported them to WD back in 2017 and now that patches are available we can discuss the technical details. The first...