October 20, 2024 at 09:07PM APT37, a North Korea-backed group, exploited a zero-day vulnerability in Internet Explorer to launch a zero-click attack on South Korean targets via a compromised ad program, delivering malware instead of ads. The malware is known as RokRAT, and Microsoft has since patched the vulnerability. Legacy applications remain at risk. ### … Read more
October 16, 2024 at 10:08AM North Korean hacking group ScarCruft executed a large-scale attack in May using an Internet Explorer zero-day vulnerability (CVE-2024-38178) to disseminate the RokRAT malware via deceptive toast ads. A joint report from South Korea’s NCSC and AhnLab highlights the threat, with Microsoft releasing a security update in August 2024. **Meeting Notes … Read more
September 16, 2024 at 09:36PM Microsoft has confirmed that a recently patched Internet Explorer vulnerability, CVE-2024-43461, was exploited as a zero-day before it was fixed. The flaw allowed malicious actors to hide the true file-type extension of a downloaded file, enabling the execution of malicious code. This exploit was used by the Void Banshee gang … Read more
July 24, 2024 at 03:04AM The U.S. CISA has added two security flaws to its Known Exploited Vulnerabilities catalog, including a decade-old use-after-free vulnerability in Internet Explorer and an information disclosure bug in Twilio Authy. CISA advised FCEB agencies to remediate the vulnerabilities by August 13, 2024, to protect against active threats. From the meeting … Read more
July 16, 2024 at 12:09PM Void Banshee, an APT actor, used the CVE-2024-38112 Windows zero-day to exploit the disabled Internet Explorer and deliver the Atlantida stealer malware. By crafting URLs in internet shortcut files, the APT leveraged the MHTML protocol handler and x-usc directive to execute code via the disabled IE, posing a significant threat … Read more
July 10, 2024 at 04:29PM Threat actors exploited a zero-day bug (CVE-2024-38112) patched by Microsoft in July for over 18 months. The vulnerability impacts Internet Explorer’s Trident engine and affects newer Windows systems, like Windows 10 and 11. It allows attackers to run ransomware and spyware. Check Point discovered concurrent campaigns targeting individuals in Vietnam … Read more
July 10, 2024 at 12:08PM Microsoft fixed a Windows zero-day vulnerability (CVE-2024-38112) used to exploit Internet Explorer and launch malicious scripts. Threat actors distributed Windows Internet Shortcut Files to spoof legitimate-looking files, tricking users into downloading and running HTA files disguised as PDFs. The flaw is fixed in July 2024 Patch Tuesday updates, directing mhtml: … Read more