Incidents

Another Internet Explorer flaw

It has been a rough year for Microsoft. And for the users who haven’t yet switched to XP, or upgraded using SP2. Almost every month brought a new vulnerability in some version of IE. There were notably fewer in XP+SP2 than in other combinations. For those still using some flavour of 9X, NT or 2000, the wait for a patch has been a long, painful one.

The patch for the infamous IFRAME buffer overflow was posted on December 1st, 2004, almost one month after it was reported, in the form of the MS04-040 security update.

Today, exactly one week after MS04-040, Secunia Research has announced yet another vulnerability in IE, affecting IE 5, 5.5 and 6, on various operating systems, XP+SP2 included. In their own words: “Secunia Research has reported a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to spoof the content of websites.”

Luckily, this vulnerability is not a critical one. But it will be no doubt a nice addition to scammers bag of tricks, trying to lure you into filling out online forms on fake sites which claim to be eBay.com or your e-banking interface.

Because it’s not a critical vulnerability, it means we probably won’t be seeing an epidemic based on this flaw, but beware of scam and phishing e-mails relying on this trick. Moreover, because this is not just an IE vulnerability, many other browsers are affected as well, increasing the potential for abuse.

You can see all vulnerability advisories on the https://threats.kaspersky.com/en/.

Another Internet Explorer flaw

Your email address will not be published.

 

Reports

APT trends report Q1 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

Lazarus Trojanized DeFi app for delivering malware

We recently discovered a Trojanized DeFi application that was compiled in November 2021. This application contains a legitimate program called DeFi Wallet that saves and manages a cryptocurrency wallet, but also implants a full-featured backdoor.

MoonBounce: the dark side of UEFI firmware

At the end of 2021, we inspected UEFI firmware that was tampered with to embed a malicious code we dub MoonBounce. In this report we describe how the MoonBounce implant works and how it is connected to APT41.

Subscribe to our weekly e-mails

The hottest research right in your inbox