Geeks for your information

Full Version: Exploit Details Emerge for Unpatched Microsoft Bug
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Quote:New details have emerged about an unpatched security vulnerability in Microsoft’s Internet Explorer that was recently used in a complex campaign against security researchers. A fresh analysis from 0patch offers further insight into where the bug exists and how it can be triggered in real-world attacks — notably, by just visiting a website.
 
In early February, cybersecurity researchers at South Korean consultancy ENKI identified a zero-day exploit that it said was used in the researcher attack. The vulnerability in question exists in Microsoft Internet Explorer, and at the time of writing remains unpatched, though Microsoft said it was looking into the bug report.
 
The attack on researchers had come to light a few days earlier. That campaign, detailed by Google’s Threat Analysis Group (TAG), involved hackers likely linked to North Korea who carried out an elaborate social-engineering effort to set up trusted relationships with security firms. The end goal was infecting these organizations’ systems with custom backdoor malware.
 
The effort included attackers going so far as to set up their own research blog, multiple Twitter profiles and other social-media accounts in order to look like legitimate security researchers themselves who were looking to “collaborate.”
 
At the time, TAG noted that it couldn’t determine the mechanism of compromise, and it asked for help from the greater security community.

Read more: https://threatpost.com/exploit-details-u...ug/164083/