IE Zero-Day Adopted by RIG Exploit Kit After Publication of PoC Code

Discussion in '0-day Release' started by silversurfer, Jun 1, 2018.

Tags:
  1. silversurfer

    silversurfer Malware Tester Silver Member

    An Internet Explorer zero-day vulnerability that came to light last month has now been incorporated in the RIG exploit kit, a web-based toolkit that malware authors use to infect a site's visitors with malware.

    The vulnerability in question is CVE-2018-8174. This vulnerability affects VBScript, the Visual Basic scripting engine that's included with Internet Explorer and Microsoft Office.

    On April 20, Bleeping Computer learned from a Chinese security researcher that a cyber-espionage group was using this vulnerability to infect users via Internet Explorer, as part of a series of attacks conducted by what later proved to be a North Korean state-sponsored hacking group.

    Security researchers from Qihoo 360, who first spotted these attacks, reported the vulnerability to Microsoft, and the company patched the bug in the May 2018 Patch Tuesday security updates, released on May 8.

    Full Article: https://www.bleepingcomputer.com/ne...ig-exploit-kit-after-publication-of-poc-code/
     
    Trim and RGiskardR like this.
  2. Google Adsense

Share This Page