The problem: Some email recipients on Mac OS X using Apple Mail and Gmail receive winmail.dat attachments in place of correctly-encoded MIME attachments from users running Outlook 2016/Windows 10/Office 365 hosted mail. They can’t open the faulty attachments and (in my case) the result was some grumpy clients. [Read more…]

In 2017 SEO for businesses  will be revolutionary.

Within the space of 3 years, it has become significantly easier to find businesses, stores or items nearby, creating a shift in user’s intent and search behavior.

Users no longer have to include their location in search queries, such as inputting “coffee shops in Chicago” into Google. [Read more…]

There’s a new zeroday attack in the wild that’s surreptitiously installing malware on fully-patched computers. It does so by exploiting a vulnerability in most or all versions of Microsoft Word.

The attack starts with an e-mail that attaches a malicious Word document, according to a blog post published Saturday by researchers from security firm FireEye. Once opened, exploit code concealed inside the document connects to an attacker-controlled server. It downloads a malicious HTML application file that’s disguised to look like a document created in Microsoft’s Rich Text Format. Behind the scenes, the .hta file downloads additional payloads from “different well-known malware families.” [Read more…]

Contestants at this year’s Pwn2Own hacking competition in Vancouver just pulled off an unusually impressive feat: they compromised Microsoft’s heavily fortified Edge browser in a way that escapes a VMware Workstation virtual machine it runs in. The hack fetched a prize of $105,000, the highest awarded so far over the past three days.

According to a Friday morning tweet from the contest’s organizers, members of Qihoo 360’s security team carried out the hack by exploiting a heap overflow bug in Edge, a type confusion flaw in the Windows kernel and an uninitialized buffer vulnerability in VMware, contest organizers reported Friday morning on Twitter. The result was a “complete virtual machine escape.” [Read more…]

More than 1 million websites running the WordPress content management system may be vulnerable to hacks that allow visitors to snatch password data and secret keys out of databases, at least under certain conditions.

The vulnerability stems from a “severe” SQL injection bug in NextGEN Gallery, a WordPress plugin with more than 1 million installations. Until the flaw was recently fixed, NextGEN Gallery allowed input from untrusted visitors to be included in WordPress-prepared SQL queries. Under certain conditions, attackers can exploit the weakness to pipe powerful commands to a Web server’s backend database. [Read more…]