Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Recently Patched WinRAR Flaw Exploited in APT Attacks

A recently patched WinRAR vulnerability has been exploited by several threat groups, including advanced persistent threat (APT) actors.

The flaw, tracked as CVE-2018-20250, impacts the unacev2.dll library used by WinRAR for unpacking ACE archives. Starting with WinRAR 5.70, the problematic library has been removed to prevent abuse, but many users have failed to update the application, allowing malicious actors to continue launching attacks.

The WinRAR security hole can be exploited via specially crafted ACE archives to extract a harmless file to the destination folder selected by the user, while also extracting a malicious file to a location specified by the attacker. An attacker can achieve arbitrary code execution by extracting a piece of malware to the Windows Startup folder, ensuring that it would get executed the next time the operating system boots.

Technical details of the vulnerability, which is believed to have existed for 19 years, were made public by Check Point...(continued)

View All Trending Stories