Check Point Research recently discovered that threat actors have been using novel (or previously unknown) tricks to lure Windows users for remote code execution.
Specifically, the attackers used special Windows Internet Shortcut files (.url extension name), which, when clicked, would call the retired Internet Explorer (IE) to visit the attacker-controlled URL. An additional trick on IE is used to hide the malicious .hta extension name. By opening the URL with IE instead of the modern and much more secure Chrome/Edge browser on Windows, the attacker gained significant advantages in exploiting the victim’s computer, although the computer is running the modern Windows 10/11 operating system.
Read more…
Source: Check Point
Related:
- Ransomware group Lockbit appears to have been hacked
May 8, 2025
The ransom-seeking cybercriminals behind the extortion group Lockbit appear to have suffered a breach of their own, according to a rogue post to one of the group’s websites and security analysts who follow the gang. On Wednesday one of Lockbit’s darkweb sites was replaced with a message saying, “Don’t do crime CRIME IS BAD xoxo from ...
- Cyber criminals impersonate payroll, HR and benefits platforms to steal information and funds
May 8, 2025
The relentless battle against online fraud is a constant evolution, a digital chase where security teams and malicious actors continually adapt. The increasing sophistication of attacks is blurring the lines between legitimate user behavior and impersonation attempts. The campaign we are exposing today is a reminder that even the most advanced security technologies do not dissuade ...
- A timeline of South Korean telco giant SKT’s data breach
May 8, 2025
In April, South Korea’s telco giant SK Telecom (SKT) was hit by a cyberattack that led to the theft of personal data on approximately 23 million customers, equivalent to almost half of the country’s 52 million residents. At a National Assembly hearing in Seoul on Thursday, SKT chief executive Young-sang Ryu said about 250,000 users have ...
- Proof-of-Concept Released for SysAid On-Premise
May 7, 2025
In March 2025, SysAid released updates addressing XML (extensible markup language) external entity vulnerabilities and an OS command injection vulnerability in its on-premise platform. SysAid is an IT service management platform. Cyber Security firm watchTowr Labs has released proof-of-concept exploit code for four vulnerabilities, which were addressed in SysAid’s March 2025 release. The first two vulnerabilities, ...
- Android fixes 47 vulnerabilities, including one zero-day – update as soon as you can!
May 6, 2025
Google has patched 47 vulnerabilities in Android, including one actively exploited zero-day vulnerability in its May 2025 Android Security Bulletin. Zero-days are vulnerabilities that are exploited before vendors have a chance to patch them—often before they even know about them. The May updates are available for Android 13, 14, and 15. Android vendors are notified of ...
- MicroDicom Releases DICOM Viewer Software Update
May 6, 2025
The US Cybersecurity and Infrastructure Security Agency (CISA) released an Industrial Control Systems (ICS) Medical Advisory for a vulnerability found in MicroDicom DICOM Viewer. DICOM Viewer is an application for primary processing and preservation of medical images in DICOM format. CVE-2025-35975 has a CVSSv3 base score of 8.8 and is an ‘out-of-bounds write’ vulnerability, which means ...