Bredy Network Management Corporation Blogs

2 minutes reading time (445 words)

WARNING: A New Zero-Day Threat is On the Loose

WARNING: A New Zero-Day Threat is On the Loose

Zero-day threats are some of the most dangerous ones out there. What we mean by “zero day” threats are those that have been discovered by hackers before an official patch has been released by the developers, giving them exactly zero days before they are actively exploited in the wild. One of the more dangerous zero-day threats out there at the moment is one that takes advantage of Internet Explorer.

Before we start making Internet Explorer jokes, we want to mention that there is nothing funny about online threats--particularly those that haven’t been addressed yet by the developers. This newly discovered zero-day threat is called the “Double Kill” Internet Explorer vulnerability. Unfortunately, the Chinese developers who discovered this vulnerability--a computer security company called Qihoo--have been quiet about the details regarding the double-kill IE bug. It’s also difficult to tell if your organization is under threat, as they aren’t revealing any of the warning signs of such an attack.

The only thing known for sure about this threat is that it takes root by using Word documents. It’s likely that this is done through email attachments as well, as email is a major method of transporting threats of all kinds. When the document is opened up, Internet Explorer is opened in the background via some kind of shellcode that downloads an executable file. The vulnerability does all this without showing anything of note to the user, making it a difficult threat to identify, but the effects are well-known. Apparently, the downloaded executable file installs a Trojan horse malware on the user’s device which creates a backdoor into the system.

There are a lot more unknowns than anything else with this vulnerability, though. In particular, professionals aren’t sure if all Word documents are affected by this vulnerability, or if the threat even needs Microsoft Office in order to function as intended. It’s not even known what role Internet Explorer plays in the attack, or if the documents that can trigger this attack are identifiable. All we can tell you is that you need to keep security best practices in mind to keep these kinds of zero-day threats from becoming a problem for your organization.

To start, you should never download an unexpected file from an unexpected sender. This can come in the form of a resume, receipt, or other online document. You can never know for sure what you’re actually downloading, as criminals have been able to spoof email addresses to a dangerous degree in recent years. Just be cautious about everything you can, and augment caution with powerful security tools that can identify potential risks before they become major problems.

To get started with network security, reach out to BNMC at 978-482-2020.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, June 25 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Technology Cloud Email Malware Privacy Business Computing Hackers Software Internet Google Business Hosted Solutions Ransomware Network Security Microsoft Computer Android Mobile Devices IT Services Smartphone Windows Backup Tech Term Managed IT Services Data Management Small Business Internet of Things Cloud Computing Browser Cybersecurity Innovation App Business Continuity Hardware User Tips Windows 10 Data Server Gmail Artificial Intelligence Remote Monitoring Saving Money Data Recovery IT Support Encryption Business Management Productivity Tip of the week Smartphones Outsourced IT Chrome Word Managed Service Provider Facebook Data Backup Phishing Vulnerability Productivity Office 365 Efficiency IT Support Windows 10 Disaster Recovery Infrastructure Passwords Big Data Upgrade Robot Analytics Antivirus communications Settings Communication Data storage YouTube Government Applications Money IT Management Social Media Risk Management Office Tips Google Drive Managed IT Services Bandwidth Miscellaneous Monitors Vendor Management Two-factor Authentication VoIP Save Money Avoiding Downtime Maintenance Firewall Apple Storage Automation Scam End of Support Virtual Reality HIPAA Workplace Tips Employer-Employee Relationship Network SaaS VPN Mobile Security Mobile Device Data Security Outlook Server Management Spam Computing Business Technology Paperless Office Holiday WiFi Website Virtual Private Network Microsoft Office BYOD Alert LiFi Hosted Solution Data loss Administration Unified Threat Management Telephone Systems Content Filtering Mouse The Internet of Things Tech Support Augmented Reality K-12 Schools Cryptocurrency Bluetooth Comparison Digital Payment Cookies Apps Firefox Superfish desktop Google Docs Digital Chromebook Social Networking Managing Stress IT solutions Going Green Address Permissions Disaster Computing Infrastructure Professional Services Cybercrime User Error Chatbots eWaste Education Hacks Downtime Patch Management Collaboration Managed IT Service Social Engineering Star Wars Websites Wearable Technology Network upgrade Bitcoin Marketing Specifications Nanotechnology Google Wallet Customer Relationship Management Business Growth Gadgets Heating/Cooling Multi-Factor Security Document Management Spyware Motherboard Cables Printing Uninterrupted Power Supply Alerts USB Time Management Printer Computer Care IBM Identity Continuity Password File Sharing Break Fix Safety Fraud Cost Management Legal Smart Office Windows 8 Search Black Friday Wireless Remote Computing Screen Reader Unified Communications Drones Networking Solid State Drive Dongle Hacker Users Halloween Servers Google Calendar Identity Theft Network Congestion Wires Emergency Licensing Network Management Access Control Training Corporate Profile Solar Dark Web Assessment Deep Learning Hard Disk Drive Wi-Fi Work Automobile Cyber Monday Writing Smart Tech Cooperation Service Level Agreement Alt Codes Scary Stories Legislation Computers Router Voice over Internet Protocol Dell Running Cable Touchscreen SharePoint WannaCry Dark Data Compliance Business Intelligence Microsoft Excel Cabling Hotspot Internet Exlporer Bring Your Own Device Operating System Techology IT Technicians Optimization Social Buisness Managed IT Smart Technology Google Maps Retail Connectivity Budget Quick Tips Staff Leominster Typing Humor Sports Statistics Tablet Display Modem Information Technology Virtual Desktop How To Lenovo Politics Laptop Downloads Customer Service Regulations Company Culture Current Events Mail Merge Blockchain Language Value Best Practice VoIP Unified Threat Management Mirgation Recycling Shortcut Distributed Denial of Service Office Samsung IoT Black Market Cameras Tracking Meetings Law Enforcement Cleaning Electronic Medical Records Notifications Physical Security Twitter CCTV Emoji Webcam Upgrades Gadget Crowdsourcing Personal Information Botnet Error Cortana BDR Point of Sale Ben McDonald shares 3D Printing Mobile Device Management Travel Machine Learning Processors G Suite Supercomputer CrashOverride Virtualization Unsupported Software Staffing Update Mobile Computing Motion Sickness Taxes Computer Repair Relocation Administrator IT Budget FinTech Web Server what was your? Mobile Data GPS Recovery How To Work/Life Balance IT Consultant Health Private Cloud

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *

      What Our Clients Say

      • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
      • 1
      • 2
      • 3