Share Blog post
Microsoft has released new updates for a combo exploit campaign. The malicious campaign exploited the vulnerabilities of CVE-2017-0199 and CVE-2012-0158. The hackers apparently used the combo to drop the Lokibot banking Trojan.
Hackers encrypt phishing page with AES
Cybercriminals are sending malicious files camouflaged as an Apple invoice. The attackers have launched a phishing page encrypted with AES and the malicious files sent to the victims lead them to it. The encrypted page asks for users’ Apple credentials, once the victims enter them their personal and financial data would be compromised.
Patch released for Windows WSearch Service Vulnerability
Microsoft’s Windows operating system has been plagued with a search vulnerability. This flaw leverages the SMB vulnerability jeopardizing several machines hosting Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2 and more. Users should disable WSearch temporarily to mitigate the risk.
Posted on: August 16, 2017
Get the Daily Threat Briefing delivered to your email!
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.