July 25, 2024 at 04:05PM Check Point discovered CVE-2024-38112, a remote code execution vulnerability affecting Microsoft Windows and Windows Server. Threat actors exploit this via Internet Shortcut files and by disguising .hta applications as PDFs. CISA has categorized it as a high-severity risk and mandated updates for federal Windows systems by July 30. Organizations with … Read more
July 16, 2024 at 12:09PM Void Banshee, an APT actor, used the CVE-2024-38112 Windows zero-day to exploit the disabled Internet Explorer and deliver the Atlantida stealer malware. By crafting URLs in internet shortcut files, the APT leveraged the MHTML protocol handler and x-usc directive to execute code via the disabled IE, posing a significant threat … Read more
July 16, 2024 at 09:41AM A Trend Micro blog post reveals new details about the exploit of a Microsoft zero-day flaw by an APT group known as Void Banshee, spreading the Atlantida Stealer in a spear-phishing campaign targeting victims in North America, Europe, and Southeast Asia. The attackers use unpatched vulnerabilities in the now-retired Internet … Read more
July 15, 2024 at 11:10AM Microsoft released a patch to fix a zero-day exploit, CVE-2024-38112, in its proprietary browser engine for Internet Explorer, without crediting Trend Micro’s Zero Day Initiative (ZDI) which had reported the vulnerability to Redmond in May. ZDI contends that the flaw is a critical remote code execution issue, while Microsoft deems … Read more
July 15, 2024 at 10:55AM CVE-2024-38112, exploited by APT group Void Banshee, allowed them to use a zero-day to access and execute files via the disabled Internet Explorer using MSHTML. The vulnerability was promptly reported to Microsoft and patched. Void Banshee lured victims using zip archives with malicious files disguised as PDFs, targeting North America, … Read more
July 10, 2024 at 04:29PM Threat actors exploited a zero-day bug (CVE-2024-38112) patched by Microsoft in July for over 18 months. The vulnerability impacts Internet Explorer’s Trident engine and affects newer Windows systems, like Windows 10 and 11. It allows attackers to run ransomware and spyware. Check Point discovered concurrent campaigns targeting individuals in Vietnam … Read more
July 10, 2024 at 12:08PM Microsoft fixed a Windows zero-day vulnerability (CVE-2024-38112) used to exploit Internet Explorer and launch malicious scripts. Threat actors distributed Windows Internet Shortcut Files to spoof legitimate-looking files, tricking users into downloading and running HTA files disguised as PDFs. The flaw is fixed in July 2024 Patch Tuesday updates, directing mhtml: … Read more
July 10, 2024 at 08:09AM Microsoft has released patches for 143 security flaws, including two actively exploited vulnerabilities. The flaws affect Windows, Edge browser, Hyper-V, and Office, among others. One of the exploited flaws is a remote code execution bug impacting .NET and Visual Studio. Other vendors have also issued security updates. [Word Count: 49] … Read more