Wednesday, January 17, 2018

Have you patched MS office - Zyklon Malware might be looking to exploit it

Have you patched MS office - Zyklon Malware might be looking to exploit it

Remember:
Patching is one solution that is MOST EFFECTIVE against MALWARE


Dubbed Zyklon, the fully-featured malware has resurfaced after almost two years and primarily found targeting telecommunications, insurance and financial services.


 Zyklon is an HTTP botnet malware that communicates with its command-and-control servers over Tor anonymising network and allows attackers to remotely steal keylogs, sensitive data, like passwords stored in web browsers and email clients.

Vulnerabilities being exploited

1) .NET Framework RCE Vulnerability (CVE-2017-8759)—this remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, allowing an attacker to take control of an affected system by tricking victims into opening a specially crafted malicious document file sent over an email. Microsoft already released a security patch for this flaw in September updates.

2) Microsoft Office RCE Vulnerability (CVE-2017-11882)—it’s a 17-year-old memory corruption flaw that Microsoft patched in November patch update allows a remote attacker to execute malicious code on the targeted systems without requiring any user interaction after opening a malicious document.

3) Dynamic Data Exchange Protocol (DDE Exploit)—this technique allows attackers to leverage a built-in feature of Microsoft Office, called DDE, to perform code execution on the targeted device without requiring Macros to be enabled or memory corruption


For More Info:
https://thehackernews.com/2018/01/microsoft-office-malware.html

No comments:

Post a Comment