Date:23/04/18
Chinese cyber-security company Qihoo 360 says it has discovered that an ‘advanced persistent threat (APT)’ is using a zero-day vulnerability in the Internet Explorer kernel code to infect ‘targeted’ victims with malware. The company described the vulnerability as a ‘double kill’ bug, and said that it affects the latest version of the Internet Explorer and any other application that use the IE kernel.
The vulnerability has apparently been exploited already via Office documents sent to selected targets. “After the target opens the document, all exploit code and malicious payloads are loaded from a remote server”, said the researchers, who posted the results of their findings on Chinese social media site, Weibo.
It’s worth noting here that the term APT is often used by cyber-security experts to describe state-backed cyber-espionage teams, although, it isn’t clear right now if that’s the case here. Qihoo 360 says that it is not detailing everything about the bug because it has just reported about it to Microsoft, and in line with standard industry practice, is giving the Redmond company the requisite time to patch it up.
Meanwhile, this is hardly the only major security problem that Microsoft is having to deal with right now. Only last week, Google’s Project Zero (GPZ) researchers detailed a Windows 10 exploit that can potentially allow users to run arbitrary code to jailbreak what is essentially a locked-down operating system. There seems to be no remote code to exploit the flaw right now, which means potential hackers will need physical access to the devices to unlock the OS.
China’s Qihoo 360 Warns Microsoft of Zero-Day Vulnerability in Internet Explorer
Chinese cyber-security company Qihoo 360 says it has discovered that an ‘advanced persistent threat (APT)’ is using a zero-day vulnerability in the Internet Explorer kernel code to infect ‘targeted’ victims with malware. The company described the vulnerability as a ‘double kill’ bug, and said that it affects the latest version of the Internet Explorer and any other application that use the IE kernel.The vulnerability has apparently been exploited already via Office documents sent to selected targets. “After the target opens the document, all exploit code and malicious payloads are loaded from a remote server”, said the researchers, who posted the results of their findings on Chinese social media site, Weibo.
It’s worth noting here that the term APT is often used by cyber-security experts to describe state-backed cyber-espionage teams, although, it isn’t clear right now if that’s the case here. Qihoo 360 says that it is not detailing everything about the bug because it has just reported about it to Microsoft, and in line with standard industry practice, is giving the Redmond company the requisite time to patch it up.
Meanwhile, this is hardly the only major security problem that Microsoft is having to deal with right now. Only last week, Google’s Project Zero (GPZ) researchers detailed a Windows 10 exploit that can potentially allow users to run arbitrary code to jailbreak what is essentially a locked-down operating system. There seems to be no remote code to exploit the flaw right now, which means potential hackers will need physical access to the devices to unlock the OS.
Views: 486
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
