Zero-day vulnerability could have allowed attackers to hijack a Windows system . Microsoft has patched Vulnerability-related.PatchVulnerability a major zero-day vulnerability in Windows , the second such exploit detected Vulnerability-related.DiscoverVulnerability in just a few weeks . The threat , the second such alert in just a month , was spotted Vulnerability-related.DiscoverVulnerability by security experts at Kaspersky Lab and fixed Vulnerability-related.PatchVulnerability as part of Microsoft 's monthly Patch Tuesday release . Kaspersky Lab says Vulnerability-related.DiscoverVulnerability the exploit had already been utilised for a number of cyberattacks in the Middle East , and was detected Vulnerability-related.DiscoverVulnerability by the company 's Automatic Exploit Prevention technology . The vulnerability , officially named Vulnerability-related.DiscoverVulnerability by Microsoft as CVE-2018-8589 , targeted the 32-bit version of Windows 7 , and could have allowed attackers to gain `` elevated privileges '' and create exploits to gain access to a victim 's system and run malicious code . The news comes just a few weeks after Kaspersky Lab detected Vulnerability-related.DiscoverVulnerability a similar zero-day threat in Microsoft 's system , having alerted Vulnerability-related.DiscoverVulnerability the computing giant to a further Windows vulnerability that had been utilised by state-backed cyber-espionage group known as FruityArmor . “ Autumn 2018 became quite a hot season when it comes to zero-day vulnerabilities , '' said Anton Ivanov , Security Expert at Kaspersky Lab . `` In just a month , we discovered Vulnerability-related.DiscoverVulnerability two of their kind and detected Vulnerability-related.DiscoverVulnerability two series of attacks in one region . Discreteness of cyberthreat actors ’ activities remind us that it is of critical importance for companies to have in their possession all necessary tools and solutions that would be intelligent enough to protect them from such sophisticated threats . Otherwise , they could become a subject to complex targeted attacks that will come out of nowhere . ''

Zero-day vulnerability could have allowed attackers to hijack a Windows system . Microsoft has patched Vulnerability-related.PatchVulnerability a major zero-day vulnerability in Windows , the second such exploit detected Vulnerability-related.DiscoverVulnerability in just a few weeks . The threat , the second such alert in just a month , was spotted Vulnerability-related.DiscoverVulnerability by security experts at Kaspersky Lab and fixed Vulnerability-related.PatchVulnerability as part of Microsoft 's monthly Patch Tuesday release . Kaspersky Lab says Vulnerability-related.DiscoverVulnerability the exploit had already been utilised for a number of cyberattacks in the Middle East , and was detected Vulnerability-related.DiscoverVulnerability by the company 's Automatic Exploit Prevention technology . The vulnerability , officially named Vulnerability-related.DiscoverVulnerability by Microsoft as CVE-2018-8589 , targeted the 32-bit version of Windows 7 , and could have allowed attackers to gain `` elevated privileges '' and create exploits to gain access to a victim 's system and run malicious code . The news comes just a few weeks after Kaspersky Lab detected Vulnerability-related.DiscoverVulnerability a similar zero-day threat in Microsoft 's system , having alerted Vulnerability-related.DiscoverVulnerability the computing giant to a further Windows vulnerability that had been utilised by state-backed cyber-espionage group known as FruityArmor . “ Autumn 2018 became quite a hot season when it comes to zero-day vulnerabilities , '' said Anton Ivanov , Security Expert at Kaspersky Lab . `` In just a month , we discovered Vulnerability-related.DiscoverVulnerability two of their kind and detected Vulnerability-related.DiscoverVulnerability two series of attacks in one region . Discreteness of cyberthreat actors ’ activities remind us that it is of critical importance for companies to have in their possession all necessary tools and solutions that would be intelligent enough to protect them from such sophisticated threats . Otherwise , they could become a subject to complex targeted attacks that will come out of nowhere . ''

Zero-day vulnerability could have allowed attackers to hijack a Windows system . Microsoft has patched Vulnerability-related.PatchVulnerability a major zero-day vulnerability in Windows , the second such exploit detected Vulnerability-related.DiscoverVulnerability in just a few weeks . The threat , the second such alert in just a month , was spotted Vulnerability-related.DiscoverVulnerability by security experts at Kaspersky Lab and fixed Vulnerability-related.PatchVulnerability as part of Microsoft 's monthly Patch Tuesday release . Kaspersky Lab says Vulnerability-related.DiscoverVulnerability the exploit had already been utilised for a number of cyberattacks in the Middle East , and was detected Vulnerability-related.DiscoverVulnerability by the company 's Automatic Exploit Prevention technology . The vulnerability , officially named Vulnerability-related.DiscoverVulnerability by Microsoft as CVE-2018-8589 , targeted the 32-bit version of Windows 7 , and could have allowed attackers to gain `` elevated privileges '' and create exploits to gain access to a victim 's system and run malicious code . The news comes just a few weeks after Kaspersky Lab detected Vulnerability-related.DiscoverVulnerability a similar zero-day threat in Microsoft 's system , having alerted Vulnerability-related.DiscoverVulnerability the computing giant to a further Windows vulnerability that had been utilised by state-backed cyber-espionage group known as FruityArmor . “ Autumn 2018 became quite a hot season when it comes to zero-day vulnerabilities , '' said Anton Ivanov , Security Expert at Kaspersky Lab . `` In just a month , we discovered Vulnerability-related.DiscoverVulnerability two of their kind and detected Vulnerability-related.DiscoverVulnerability two series of attacks in one region . Discreteness of cyberthreat actors ’ activities remind us that it is of critical importance for companies to have in their possession all necessary tools and solutions that would be intelligent enough to protect them from such sophisticated threats . Otherwise , they could become a subject to complex targeted attacks that will come out of nowhere . ''

EdgeWave , Inc.® , a leading provider in cybersecurity and compliance , today revealed Vulnerability-related.DiscoverVulnerability a new , malicious exploit embedded in popular URL shorteners , which are being mistaken as legitimate URLs . URL shorteners may be susceptible to this new exploit when a change is allowed to the long URL after the shortened URL is created . The malicious parties fabricate Attack.Phishing an email that appears to be Attack.Phishing a legitimate marketing email which includes the shortened URL -- - passing by any in-transit virus scanning and potentially other spam checking tools . `` Several days ago , we detected Vulnerability-related.DiscoverVulnerability this new exploit while performing our real-time , human analysis on spam campaigns , '' said Blake Tullysmith , Principal Engineer at EdgeWave . `` With over 100 million URLs being shortened per day , this new exploit can potentially impact billions of users across email and social media campaigns . '' Here is how the EdgeWave ePrism team explains the exploit : Some URL shorteners will allow users to change the long URL after they have already created the shortened URL . The malicious parties will then fabricate Attack.Phishing a seemingly legitimate email and include a shortened URL that passes in-transit virus scanning as well as other filtering solutions , which will allow the shortened URL to be delivered right into the inbox . Once the spam campaign is embedded in the message , the URL is redirected to a site that contains malicious content like a virus or malware . However , the delivered message is already in the inbox ; so unfortunately , there is no protection at this point . Attached is an image of a sample email message extracted from an email campaign while in-transit with a link from http : //tiny.cc pointing to a clean website . After the campaign was delivered , it points to a compromised website including malicious content . The EdgeWave team is still conducting further investigations on this exploit and recommends all URL shortening users utilize services that do not allow the URL to be edited after its creation . EdgeWave customers are being protected by its ePrism Email Security solution . EdgeWave ePrism is an award-winning , hosted cloud email security solution with Zero-Minute Defense against phishing , spam and malware campaigns using our unique combination of automated intelligence and 24/7/365 human analysis in a simple-to-use security suite for all email compliance and business needs .

Microsoft is aware of the zero-day , but it 's highly unlikely it will be able to deliver Vulnerability-related.PatchVulnerability a patch until its next Patch Tuesday , which is scheduled in three days . McAfee researchers , who disclosed Vulnerability-related.DiscoverVulnerability the zero-day 's presence , say Vulnerability-related.DiscoverVulnerability they 've detected Vulnerability-related.DiscoverVulnerability attacks leveraging this unpatched vulnerability going back to January this year . Attacks with this zero-day follow a simple scenario , and start with an adversary emailing a victim a Microsoft Word document . The Word document contains a booby-trapped OLE2link object . If the victim uses Office Protected View when opening files , the exploit is disabled and wo n't execute . If the user has disabled Protected View , the exploit executes automatically , making an HTTP request to the attacker 's server , from where it downloads an HTA ( HTML application ) file , disguised as Attack.Phishing an RTF . The HTA file is executed automatically , launching exploit code to take over the user 's machine , closing the weaponized Word file , and displaying a decoy document instead . According to FireEye , `` the original winword.exe process is terminated in order to hide a user prompt generated by the OLE2link . '' While the attack uses Word documents , OLE2link objects can also be embedded in other Office suite applications , such as Excel and PowerPoint . McAfee experts say Vulnerability-related.DiscoverVulnerability the vulnerability affects Vulnerability-related.DiscoverVulnerability all current Office versions on all Windows operating systems . The attack routine does not rely on enabling macros , so if you do n't see a warning for macro-laced documents , that does n't mean the document is safe .

The saga of CVE-2017-0199 , a recently patched zero-day vulnerability affecting Vulnerability-related.DiscoverVulnerability Microsoft Office and WordPad , just got a little stranger yesterday after cyber-security firm FireEye revealed Vulnerability-related.DiscoverVulnerability the vulnerability was used by both cyber-criminals pushing mundane malware , and also by state-sponsored cyber-espionage groups . This twisted tale starts in July 2016 , when security researcher Ryan Hanson discovered Vulnerability-related.DiscoverVulnerability a flaw in RTF files that he could exploit to execute code on the underlying operating system . After finishing his research , Hanson submitted a write-up Vulnerability-related.DiscoverVulnerability on the three bugs he found Vulnerability-related.DiscoverVulnerability to Microsoft in October 2016 , via the company 's bug bounty program . Uncharacteristic to Microsoft , the company took almost six months to fix Vulnerability-related.PatchVulnerability the three bugs discovered Vulnerability-related.DiscoverVulnerability by Hanson , delivering Vulnerability-related.PatchVulnerability patches for all three ( CVE-2017-0106 , CVE-2017-0199 , and CVE-2017-0204 ) in April 's Patch Tuesday . A few days before Microsoft patched Vulnerability-related.PatchVulnerability the zero-day , news about it broke via blog posts from McAfee and FireEye , both companies revealing Vulnerability-related.DiscoverVulnerability the zero-day was under active exploitation . Unfortunately , this long patching period gave others the time to discover Vulnerability-related.DiscoverVulnerability the same flaw . While initially McAfee and FireEye restrained from revealing Vulnerability-related.DiscoverVulnerability any details about the zero-day , now that a patch is available Vulnerability-related.PatchVulnerability , several security firms are now sharing more behind-the-scenes details . According to FireEye , the zero-day first came on their radar on January 25 , 2017 , when they discovered Vulnerability-related.DiscoverVulnerability a FinSpy module exploiting the flaw . While FireEye discovered only this campaign , the cyber-security firm believes Gamma Group made available this new Microsoft zero-day to all of its clients , meaning it was likely used in other countries where the company sold its `` lawful intercept '' spyware . Two months after this campaign , towards the end of March , FireEye says it detected Vulnerability-related.DiscoverVulnerability the zero-day again , but this time used by a group of cyber-criminals spreading LatentBot , a sophisticated backdoor trojan , usually found Vulnerability-related.DiscoverVulnerability in enterprise environments and used for economic espionage campaigns . This group apparently started a yard sale after McAfee and FireEye disclosed Vulnerability-related.DiscoverVulnerability the zero-day in public . Fearing that a patch was coming Vulnerability-related.PatchVulnerability , this group shared Vulnerability-related.DiscoverVulnerability ( most likely sold ) the zero-day exploit with other crimeware groups . While initially this zero-day was classified Vulnerability-related.DiscoverVulnerability as an Office vulnerability , Microsoft 's security advisory revealed Vulnerability-related.DiscoverVulnerability this vulnerability also affected Vulnerability-related.DiscoverVulnerability WordPad , a free document viewer included by default with all Windows versions . This means that if users did n't have Office installed , they were at risk if they chose to open the booby-trapped files with WordPad . In this case , the exploit packed within the file would execute , download an HTA ( HTML application ) file disguised as an RTF , which in turn would run PowerShell commands that exploited the user 's computer .

Adobe has patched Vulnerability-related.PatchVulnerability two critical flaws in Acrobat and Reader that warrant urgent attention . Officially , Adobe patches Vulnerability-related.PatchVulnerability security vulnerabilities around the middle of each month to coordinate with Microsoft ’ s Patch Tuesday , but recently it ’ s become almost routine for the company to issue Vulnerability-related.PatchVulnerability out-of-band updates in between . APSB19-02 , the first of such updates to reach customers in the new year , addresses Vulnerability-related.PatchVulnerability critical flaws with a priority rating of ‘ 2 ’ . That means that the flaw is potentially serious , but Adobe hasn ’ t detected Vulnerability-related.DiscoverVulnerability any real-world exploits ( the latter would entail issuing Vulnerability-related.PatchVulnerability an ‘ emergency ’ patch with a ‘ 1 ’ rating ) . The first flaw , identified Vulnerability-related.DiscoverVulnerability as CVE-2018-16011 , is described Vulnerability-related.DiscoverVulnerability by Adobe as a use-after-free bug that could be exploited Vulnerability-related.DiscoverVulnerability using a maliciously crafted PDF to take control of a target system with their malware of choice . The second , CVE-2018-16018 ( replacing CVE-2018-19725 ) , is a security bypass targeting JavaScript API restrictions on Adobe Reader DC and seems to have been in the works since before Christmas , affecting Vulnerability-related.DiscoverVulnerability all versions of Window and macOS Acrobat DC/Reader 2019.010.20064 and earlier , the fix in both cases is to update Vulnerability-related.PatchVulnerability to 2019.010.20069 . For the legacy Acrobat/Reader 2017 2017.011.30110 and Acrobat/Reader DC 2015 2015.006.30461 , the updates take those to 2017.011.30113 and 2015.006.30464 respectively . As critical flaws with a ‘ 2 ’ rating , there is a suggested 30-day window within which to apply Vulnerability-related.PatchVulnerability the updates , but it ’ s worth bearing in mind that a new round of patches will likely be offered Vulnerability-related.PatchVulnerability for Adobe products tomorrow as part of Patch Tuesday . In December ’ s Patch Tuesday , Adobe released Vulnerability-related.PatchVulnerability a not inconsiderable 87 patches , including 39 rated critical . Only days before , Adobe issued Vulnerability-related.PatchVulnerability an emergency Flash patch for a zero-day vulnerability that was being exploited Vulnerability-related.DiscoverVulnerability , while in November Flash received Vulnerability-related.PatchVulnerability a separate patch for one whose exploitation was believed to be imminent .

According to web security firm Sucuri , who detected Vulnerability-related.DiscoverVulnerability the attacks after details of the vulnerability became public Vulnerability-related.DiscoverVulnerability last Monday , the attacks have been slowly growing , reaching almost 3,000 defacements per day . Attackers are exploiting a vulnerability in the WordPress REST API , which the WordPress team fixed Vulnerability-related.PatchVulnerability almost two weeks ago , but for which they published public details Vulnerability-related.DiscoverVulnerability last Monday . Exploiting the flaw is trivial , and according to Sucuri , a few public exploits have been published online since last week . Based on data collected from Sucuri 's honeypot test servers , four attackers have been busy in the past week trying to exploit the flaw . Since the attacks have been going on for some days , Google has already started to index some of these defacements . Sucuri 's CTO , Daniel Cid , expects to see professional defacers enter the fold , such as SEO spam groups that will utilize the vulnerability to post more complex content , such as links and images .