Microsoft has issued a security advisory warning of a remote code execution vulnerability that is being exploited in "limited, targeted attacks directed at Microsoft Word 2010." The vulnerability affects all supported version of Word.
A German website of French automaker CitroŽn is the latest of the wide array of higher-profile webshop sites that have been compromised by a hacker gang leveraging Adobe ColdFusion vulnerabilities.
DNS and NTP servers are not the only publicly accessible resources that can be misused to amplify DDoS attacks.
Websense researchers have been following several recent email spam campaigns targeting users of popular services such as Skype and Evernote, and believe them to be initiated by the infamous ru:8080 gang, which a history of similar spam runs impersonating legitimate Internet services such as Pinterest, Dropbox, etc.
Microsoft's Enhanced Mitigation Experience Toolkit (EMET) is a good piece of software and helpful for protecting non-kernel Microsoft applications and third-party software, but the protection it offers can also be bypassed completely if the attackers know what they are doing, claim researchers from security firm Bromium.