Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Flood of exploits targetting ancient WinRAR flaw continues

Winrar-1

Identified as CVE-2018-20250, an ancient WinRAR vulnerability made public in February is now well on its way to becoming one of the most widely and rapidly-exploited security flaws of recent times.

The latest evidence is a report from Microsoft’s Office 365 Threat Research team which identified it as being used by the ‘MuddyWater’ APT group to target organizations in the satellite and communications industry.

For those unfamiliar with WinRAR, it’s a hugely popular Windows compression utility dating back to the 1990s which, a security company discovered, had a serious RCE flaw that had been sitting inside it for 19 years.

WinRAR was far too tempting for cybercriminals to ignore, within days stirring up a hornet’s nest of exploits to the tune of 100 or more.

Exploiting the vulnerability depended on a defunct file format called ACE, support for which was dropped by the utility’s developers with the release of version 5.71 beta after they were told of the issue in advance of its...(continued)

View All Trending Stories