Attackers are exploiting a previously undisclosed vulnerability in Microsoft Word, which security researchers say can be used to quietly install different kinds of malware -- even on fully-patched computers.
"Upon successful access to the device, the PDoS bot performed a series of Linux commands that would ultimately lead to corrupted storage, followed by commands to disrupt Internet connectivity, device performance, and the wiping of all files on the device," Radware said.
CyberX has confirmed at least 70 victims successfully targeted by the operation in a range of sectors including critical infrastructure, media, and scientific research. The operation seeks to capture a range of sensitive information including audio recordings of conversations, screen shots, documents and passwords.
There's a crafty new way hackers are trying to get inside your computer: By tricking you into installing a fake "missing font."
A Google researcher has uncovered what may be the most worrying web leak of 2017 so far, possibly exposing passwords, private messages and other sensitive data from a vast number of sites, including major services like Uber, FitBit and OKCupid.