Avecto researchers say removing admin rights from users would mitigate many of the threats.
One of the bugs could allow a successful attack simply by a user viewing an email in Outlook’s Preview pane.
A recently discovered Dridex campaign had a few peculiar characteristics, including the use of FTP instead of HTTP.
Thanks to Meltdown and Spectre, January has already been an extremely busy month of patching for Microsoft.
Artificial intelligence-powered computers can already beat the best mankind has to offer when it comes to chess and Go. But how did it get that way? And what can’t the best of AI do? Taking a look at how AI has developed its game-playing prowess can give us a few clues as to the next […]
The post What’s the game plan with AI? Limits and opportunities in AI appeared first on Avira Blog.
Artificial Intelligence (better known now as AI) and machine learning are trendy terms these days – but few people agree on what the terms really mean. AI is tossed about by Elon Musk, mentioned in the movies, and is attached to a growing number of personal, business, and government products. What is Artificial Intelligence Artificial […]
The post Fast developing uses for Artificial Intelligence you might not have thought of appeared first on Avira Blog.
A permissions flaw in Microsoft’s Azure AD Connect software could allow a rogue admin to escalate account privileges and gain unauthorized universal access within a company’s internal network.
A recently disclosed severe 17-year-old vulnerability in Microsoft Office that lets hackers install malware on targeted computers without user interaction is now being exploited in the wild to distribute a backdoor malware.
First spotted by researchers at security firm Fortinet, the malware has been dubbed Cobalt because it uses a component from a powerful and legitimate penetration testing tool, called Cobalt Strike.
Cobalt Strike is a form of software developed for Red Team Operations and Adversary Simulations for accessing covert channels of a system.
The vulnerability (CVE-2017-11882) that Cobalt malware utilizes to deliver the backdoor is a memory-corruption issue that allows unauthenticated, remote attackers to execute malicious code on the targeted system when opened a malicious file and potentially take full control over it.
This vulnerability impacts all versions of Microsoft Office and Windows operating system, though Microsoft has already released a patch update to address the issue. You can read more details and impact of the vulnerability in our previous article.
Since cybercriminals are quite quick in taking advantage of newly disclosed vulnerabilities, the threat actors started delivering Cobalt malware using the CVE-2017-11882 exploit via spam just a few days after its disclosure.
According to Fortinet researchers, the Cobalt malware is delivered through spam emails, which disguised as a notification from Visa regarding rule changes in Russia, with an attachment that includes a malicious RTF document, as shown.
The email also contains a password-protected archive with login credentials provided in the email to unlock it in order to trick victims into believing that the email came from the legitimate financial service.
“This is [also] to prevent auto-analysis systems from extracting the malicious files for sandboxing and detection,” Fortinet researchers Jasper Manual and Joie Salvio wrote.
“Since a copy of the malicious document is out in the open… so it’s possible that this is only to trick the user into thinking that securities are in place, which is something one would expect in an email from a widely used financial service.”
Once the document is opened, the user has displayed a plain document with the words “Enable Editing.” However, a PowerShell script silently executes in the background, which eventually downloads a Cobalt Strike client to take control of the victim’s machine.
With control of the victim’s system, hackers can “initiate lateral movement procedures in the network by executing a wide array of commands,” the researchers said.
According to the researchers, cybercriminals are always in look for such vulnerabilities to exploit them for their malware campaigns, and due to ignoring software updates, a significant number of users out there left their systems unpatched, making them vulnerable to such attacks.
The best way to protect your computer against the Cobalt malware attack is to download the patch for the CVE-2017-11882 vulnerability and update your systems immediately.
This month, Microsoft’s Patch Tuesday updates tackle fixes for 53 security bugs in Windows, Office, Internet Explorer, Edge, ASP.NET Core, .NET Core, and its Chackra Core browser engine.
Microsoft published guidance for Windows admins on how to safely disable Dynamic Data Exchange (DDE) fields in Office that are being used to spread malware in email-based attacks.