Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Microsoft Windows Zero-Day Vulnerability (CVE-2014-4114) Used by Russian Espionage Group “Sandworm”

3151484853

A zero-day vulnerability affectingall supported versions of Microsoft Windows and Windows Server 2008 and 2012 has been discovered and announced today by iSIGHT Partners in collaboration with Microsoft. A patch will be made available for the vulnerability on Tuesday, October 14.

Exploitation of the CVE-2014-4114vulnerability has been reportedly discovered in the wild in connection with a cyber espionage campaign that iSIGHT Partners has attributed to Russia. The zero-day vulnerability is being claimed to have been used in early September in which the attackers used the exploit to infect victims with malicious attachments, primarily PowerPoint files.

Although the attackers used PowerPoint as its attack vector, the vulnerability is in the OLE package manager in Microsoft Windows and Server. TheOLE packager (packager .dll) is able to download and execute external files like INF, allowing the attacker to execute commands.

Known targets for the group targeting the vulnerability...(continued)

View All Trending Stories