Incidents

Another Internet Explorer flaw

It has been a rough year for Microsoft. And for the users who haven’t yet switched to XP, or upgraded using SP2. Almost every month brought a new vulnerability in some version of IE. There were notably fewer in XP+SP2 than in other combinations. For those still using some flavour of 9X, NT or 2000, the wait for a patch has been a long, painful one.

The patch for the infamous IFRAME buffer overflow was posted on December 1st, 2004, almost one month after it was reported, in the form of the MS04-040 security update.

Today, exactly one week after MS04-040, Secunia Research has announced yet another vulnerability in IE, affecting IE 5, 5.5 and 6, on various operating systems, XP+SP2 included. In their own words: “Secunia Research has reported a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to spoof the content of websites.”

Luckily, this vulnerability is not a critical one. But it will be no doubt a nice addition to scammers bag of tricks, trying to lure you into filling out online forms on fake sites which claim to be eBay.com or your e-banking interface.

Because it’s not a critical vulnerability, it means we probably won’t be seeing an epidemic based on this flaw, but beware of scam and phishing e-mails relying on this trick. Moreover, because this is not just an IE vulnerability, many other browsers are affected as well, increasing the potential for abuse.

You can see all vulnerability advisories on the https://threats.kaspersky.com/en/.

Another Internet Explorer flaw

Your email address will not be published. Required fields are marked *

 

Reports

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Subscribe to our weekly e-mails

The hottest research right in your inbox