Jump to content

Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites

#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.

LOOKING FOR HIGH QUALITY SEEDBOX? EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | STARTING AT $5.00/MONTH!

Microsoft Windows Zero-Day Vulnerability "CVE-2014-4114" Used to Hack NATO


Crypto

Recommended Posts

 
 

 

Russian-Hacker-sandworm-windows-zero-day
Once again a Russian cyber espionage group has gained media attention by exploiting a Zero-day vulnerability in Microsoft’s Windows operating system to spy on the North Atlantic Treaty Organization (NATO), Ukrainian and Polish government agencies, and a variety of sensitive European industries over the last year.
 
ZERO-DAY VULNERABILITY IN MICROSOFT WINDOWS
Researchers at cyber intelligence firm iSight Partners have discovered a zero-day vulnerability that impacts desktop and server versions of Windows, from Vista and Server 2008 to current versions. They also uncovered a latest cyber-spying campaign - suspected to be based in Russia - that uses this Zero-day vulnerability (CVE-2014-4114) to target government leaders and institutions for nearly five years.
 
The recently detected Russian hacking group is dubbed as "Sandworm Team" by iSIGHT Partners because it found references to the Frank Herbert's "Dune" science fiction series in the malicious software code used by the Russian hackers.
 
 

THE NOTORIOUS ZERO-DAY

 The zero-day vulnerability is "An exposed dangerous method vulnerability exists in the OLE package manager in Microsoft Windows and Server" that "allows an attacker to remotely execute arbitrary code," according to the report.

 "The vulnerability exists because Windows allows the OLE packager (packager .dll) to download and execute INF files," iSight Partners writes. "In the case of the observed exploit, specifically when handling Microsoft PowerPoint files, the packagers allows a Package OLE object to reference arbitrary external files, such as INF files, from untrusted sources. This will cause the referenced files to be downloaded in the case of INF files, to be executed with specific commands."

The Russian hacking group is probably working for the government and has been active since at least 2009 and, according to iSight Partners, the cyber espionage campaign is still ongoing.
 
The intelligence firm began monitoring the hackers’ activity in late 2013 and discovered the zero-day vulnerability in late August. It "discovered a spear-phishing campaign targeting the Ukrainian government and at least one United States organization" during the NATO summit in Wales, where member states discussed Russia’s actions in Ukraine.
MICROSOFT TO RELEASE PATCH SOON"A weaponized PowerPoint document was observed in these attacks. Though we have not observed details on what data was exfiltrated in this campaign, the use of this zero-day vulnerability virtually guarantees that all of those entities targeted fell victim to some degree.""On September 3rd, our research and labs teams discovered that the spear-phishing attacks relied on the exploitation of a zero-day vulnerability impacting all supported versions of Microsoft Windows (XP is not impacted) and Windows Server 2008 and 2012," iSight writes.
The threat intelligence firm said it reported the critical zero-day vulnerability to the Microsoft Corp. and held off on disclosing the problem so that the software maker had time to fix the flaw.
 
Microsoft plans to release a patch for the vulnerability on Tuesday patch in security bulletin MS14-060, as part of its monthly “Patch Tuesday†— an organized release of patches to vulnerabilities in the company’s software. A Microsoft spokesman said the company plans to roll out an automatic update to the affected versions.
 
             Add Rep and Leave a feedback
             Reputation is the green button in the down right corner on my post 

do you understand            if you having fun?                  it's a rising sun                           it's a man killing                              what's that feelin'

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Check out what our members are saying

  • Our picks

×
×
  • Create New...