Tag Archive for: explorer

North Korean hackers exploited Internet Explorer zero-day to spread malware

/in


North Korean state-sponsored hackers exploited a previously unknown zero-day vulnerability in Internet Explorer to target South Korean users with malware, according to Google’s Threat Analysis Group.

Google researchers first discovered the zero-day flaw on October 31 when multiple individuals uploaded a malicious Microsoft Office document to the company’s VirusTotal tool. These documents purported to be government reports related to the Itaewon tragedy, a crowd crush that occurred during Halloween festivities in the Itaewon neighborhood of Seoul. At least 158 people were killed and 196 others were injured.

“This incident was widely reported on, and the lure takes advantage of widespread public interest in the accident,” Google TAG’s Clement Lecigne and Benoit Stevens said on Wednesday.

The malicious documents were designed to exploit a zero-day vulnerability in Internet Explorer’s Script engine, tracked as CVE-2022-41128 with a CVSS severity rating of 8.8. Once opened, the document would deliver an unknown payload after downloading a rich text file (RTF) remote template that would render remote HTML using Internet Explorer. Although Internet Explorer was officially retired back in June and replaced by Microsoft Edge, Office still uses the IE engine to execute the JavaScript that enables the attack.

“This technique has been widely used to distribute IE exploits via Office files since 2017,” Lecigne and Stevens said. “Delivering IE exploits via this vector has the advantage of not requiring the target to use Internet Explorer as its default browser.”

The researchers added that Google reported the vulnerability to Microsoft on October 31 before it was fixed a week later as part of Microsoft’s November 2022 Patch Tuesday security updates.

Google has attributed the activity to a North Korean-backed hacking group known as APT37, which has been active since at least 2012 and has been previously observed exploiting zero-day flaws to target South Korean users, North Korean defectors, policymakers, journalists and human rights activists. Cybersecurity company FireEye previously said it assessed with “high confidence” that APT37 activity is carried out on behalf of the North…

Source…

Internet Explorer is coming to end… Must use the latest web browser

/in


Security update done… Extremely vulnerable to hacking
Automatic conversion to MS Edge from the 15th
There will be no problems for general users
Key points are financial sites and apps optimization

Photo Image

The official end of support for the Internet Explorer (IE) 11 desktop application is imminent.
After technical support ends, security updates will not be supported, and security problems such as hacking may occur, so users should use the latest web browser, including MS Edge.

According to MS Korea, IE 11 desktop application will be deactivated if a Windows update is performed after the 15th. When the user tries to access it with a shortcut icon, etc., it will automatically take you to MS Edge.

To access a website that requires IE 11, it needs to opened on Edge’s ‘IE Mode’. To set the IE mode, click the three-dot menu (…) on the upper right corner of the Edge browser and select ‘Settings,’ then select ‘Default Browser’ on the settings page, and change the “Allow sites to be reloaded in Internet Explorer mode’ setting to Allow.

After that, if you run MS Edge again, an IE mode button is added to the right side, and you will be able to access IE sites if you press the button on the desired site. There is also a function that automatically registers all IEs when connected, but the validity period is 1 month. IE mode support in Edge runs until 2029.

“Edge provides a faster, safer, and more modern browser experience than IE,” said Sean Lyndersay, Microsoft Edge program manager. “MS Edge is the only browser that provides native compatibility for legacy IE-based sites and apps.”

Photo Image

IE, introduced in 1995, once dominated the Internet by occupying more than 90% of the web browser market share. It continued its high usage with the fact that it was a Windows bundled program and ease of use.

However, as security issues arose and competing web browsers such as Google Chrome grew, the market share decreased rapidly.

According to traffic analysis site StatCounter, as of March, IE’s share of domestic web browsers was only 1.15%. Only the desktop market was analyzed, and the combined desktop and mobile markets accounted for only 0.9%.

MS announced the end of IE support in May last year,…

Source…

Internet Explorer 11 zero-day vulnerability gets a free micropatch

/in


Internet Explorer

An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation.

Last month, Google and Microsoft disclosed that the North Korean state-sponsored hacking group known as Lazarus was conducting social engineering attacks against security researchers.

As part of these attacks, the threat actors would contact security researchers via social media and ask if they wanted to collaborate on vulnerability and exploit research. Those interested were sent links to blog posts containing exploit kits, malicious Visual Studio projects, or MHTML files that would install a custom backdoor.

While investigating these attacks, though, the command and control servers were down, so it was impossible to see what exploits were used in these attacks.

Internet Explorer zero-day used in attacks

This month, South Korean cybersecurity firm ENKI disclosed that Lazarus targeted their security researchers with MHTML files in the same social engineering campaign.

Malicious MHTML file sent to researchers
Malicious MHTML file sent to researchers

An MHT file, or MIME HTML, is a special file format used by Internet Explorer to store a web page and its resources in a single archive file.

When an MHT file is launched, Windows will automatically use Internet Explorer to open the file as it is configured as the default file handler.

ENKI states that their researchers were not infected and were able to analyze the payloads to discover an Internet Explorer 11 zero-day used in the attack.

Free IE 11 micropatch released

At this time, Microsoft has not publicly acknowledged the Internet Explorer zero-day or assigned a CVE identifier to the vulnerability.

Furthermore, Mitja Kolsek, CEO of ACROS Security and co-founder of the 0patch micropatching service, has confirmed that the vulnerability has not been fixed during the February Patch Tuesday.

Today, 0Patch announced that they have begun to push out a micropatch for the Internet Explorer 11 vulnerability as it was actively used in attacks.

“Our approach to patching was to break an obscure browser functionality allowing an HTML Attribute value (normally a string) to be an object, which we assess to be…

Source…

DPRK hackers used an unknown Internet Explorer bug to attack security analysts

/in


News Highlights: DPRK hackers used an unknown Internet Explorer bug to attack security analysts

.

Days after Google disclosed a cyber campaign, South Korean company finds criminals who used zero-day in Internet Explorer

Hackers previously linked to North Korea by Google researchers used an unknown vulnerability in Internet Explorer to target cybersecurity experts, a South Korean company said.

Two weeks ago, Google’s Threat Analysis Group (TAG) shocked the cybersecurity community by revealing a month-long social engineering campaign in which hackers posed as fellow security researchers, tricking targets into collaborating on projects and viewing their blog. When researchers visited the website, a previously undiscovered zero-day vulnerability in Chrome infected some users with malware.

The same hackers Google attributed to the Lazarus Group linked to North Korea, too

Read more from Source
Copyright @ www.nknews.org

  • Check the latest Hacking news updates and information.
  • Please share this news DPRK hackers used an unknown Internet Explorer bug to attack security analysts with your friends and family to support us your one share helps us a lot.
  • Follow us on Facebook and Twitter if you need more updates like this.
Compsmag is supported by its audience. When you buy through links on our website, we may earn an affiliate commission fee. Learn more

Source…