The email rar attachment contains an exe file: the first malware, which downloads the second. The stolen data is exfiltrated via SMTP.
Microsoft released a new bunch of security updates. They cover 55 issues in different products. Six of them are critical and have already been exploited by cybercrime actors
Microsoft released a new bunch of cybersecurity updates, which fix several zero-day exploits. The patches solve 55 issues for Edge, Office, Visual Studio, Exchange Server, Kernel, and Defender, of which six re critical:
- CVE-2021-43209 and CVE-2021-43208 – both deal with flaws in the 3D Viewer in Windows and are Remote Code Execution vulnerabilities, that a hacker can run any code on the affected system;
- CVE-2021-38631 and CVE-2021-41371 – correct a problem with the Windows Remote Desktop Protocol (RDP). Attackers can use the flaw to extract personal information or locally force the leaking of information;
- CVE-2021-42292 – impacts Excel and has already been exploited by cybercrime as an entry point to bypass security controls;
- CVE-2021-42321 – actively used by threat actors and is present in Exchange Server. While hackers need to be authenticated, a flaw in the command validation can lead to a Remote Code Execution.