Trend Micro Zero Day Initiative (ZDI) discovered the MHTML remote code execution (RCE) vulnerability CVE-2024-38112. Trend Micro researchers immediately alerted Microsoft of this vulnerability being used in–the-wild as ZDI-CAN-24433.
CVE-2024-38112 was used as part of an attack chain by the advanced persistent threat (APT) group Void Banshee, which targets North American, European, and Southeast Asian regions for information theft and financial gain. The final payload of this zero-day attack chain is the Atlantida stealer, which was first discovered in January 2024. Variations of the Atlantida campaign have been highly active throughout 2024 and have evolved to use CVE-2024-38112 as part of Void Banshee infection chains.
Read more…
Source: Trend Micro
Related:
- Report: Intel Facing New Spectre-Like Security Flaws
May 4, 2018
Intel may be facing as many as eight new Spectre-level vulnerabilities in its chips, a new report alleges. The report comes months after the Spectre and Meltdown flaws first rocked the silicon industry in early 2018. German magazine c’t reported on Thursday that the new security flaws in Intel CPUs have been reported to the manufacturer by many ...
- GLitch: New ‘Rowhammer’ Attack Can Remotely Hijack Android Phones
May 3, 2018
For the very first time, security researchers have discovered an effective way to exploit a four-year-old hacking technique called Rowhammer to hijack an Android phone remotely. Dubbed GLitch, the proof-of-concept technique is a new addition to the Rowhammer attack series which leverages embedded graphics processing units (GPUs) to carry out a Rowhammer attack against Android smartphones. Rowhammer is a problem ...
- Millions of Home Fiber Routers Vulnerable to Complete Takeover
May 1, 2018
Consumers lucky enough to have blazing-fast 1Gbps internet access in their homes are likely to use the internet more than lower-broadband households; however, millions of them are at risk for hackers to gain wide-ranging access to their internet activities (including being able to view full browsing histories). A comprehensive assessment of various GPON home routers by vpnMentor has ...
- Volkswagen Cars Open To Remote Hacking, Researchers Warn
May 1, 2018
Over the last few years, automakers like Ford, Jeep, Nissan and Toyota have all suffered car-hacking vulnerabilities in their vehicles. Now, it looks like Volkswagen has been pulled into the mix after researchers discovered that in-vehicle infotainment (IVI) systems in certain Volkswagen-manufactured cars could be remotely hacked. Not only that, but it’s possible to pivot to more critical ...
- KRACK Vulnerability Puts Medical Devices At Risk
April 30, 2018
A slew of devices from medical technology company Becton, Dickinson and Company (BD) are vulnerable to the infamous KRACK key-reinstallation attack, potentially enabling hackers to change and exfiltrate patient records. The KRACK vulnerability, discovered last October, is an industry-wide glitch in the WPA and WPA2 protocol for securing Wi-Fi that can cause “complete loss of control over data,” ...
- Faulty Patch for Oracle WebLogic Flaw Opens Updated Servers to Hackers Again
April 30, 2018
Earlier this month, Oracle patched a highly critical Java deserialization remote code execution vulnerability in its WebLogic Server component of Fusion Middleware that could allow attackers to easily gain complete control of a vulnerable server. However, a security researcher, who operates through the Twitter handle @pyn3rd and claims to be part of the Alibaba security team, has now found a ...