BNMC Blog

WARNING: A New Zero-Day Threat is On the Loose

WARNING: A New Zero-Day Threat is On the Loose

Zero-day threats are some of the most dangerous ones out there. What we mean by “zero day” threats are those that have been discovered by hackers before an official patch has been released by the developers, giving them exactly zero days before they are actively exploited in the wild. One of the more dangerous zero-day threats out there at the moment is one that takes advantage of Internet Explorer.

Before we start making Internet Explorer jokes, we want to mention that there is nothing funny about online threats--particularly those that haven’t been addressed yet by the developers. This newly discovered zero-day threat is called the “Double Kill” Internet Explorer vulnerability. Unfortunately, the Chinese developers who discovered this vulnerability--a computer security company called Qihoo--have been quiet about the details regarding the double-kill IE bug. It’s also difficult to tell if your organization is under threat, as they aren’t revealing any of the warning signs of such an attack.

The only thing known for sure about this threat is that it takes root by using Word documents. It’s likely that this is done through email attachments as well, as email is a major method of transporting threats of all kinds. When the document is opened up, Internet Explorer is opened in the background via some kind of shellcode that downloads an executable file. The vulnerability does all this without showing anything of note to the user, making it a difficult threat to identify, but the effects are well-known. Apparently, the downloaded executable file installs a Trojan horse malware on the user’s device which creates a backdoor into the system.

There are a lot more unknowns than anything else with this vulnerability, though. In particular, professionals aren’t sure if all Word documents are affected by this vulnerability, or if the threat even needs Microsoft Office in order to function as intended. It’s not even known what role Internet Explorer plays in the attack, or if the documents that can trigger this attack are identifiable. All we can tell you is that you need to keep security best practices in mind to keep these kinds of zero-day threats from becoming a problem for your organization.

To start, you should never download an unexpected file from an unexpected sender. This can come in the form of a resume, receipt, or other online document. You can never know for sure what you’re actually downloading, as criminals have been able to spoof email addresses to a dangerous degree in recent years. Just be cautious about everything you can, and augment caution with powerful security tools that can identify potential risks before they become major problems.

To get started with network security, reach out to BNMC at 978-482-2020.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, September 23 2018

Captcha Image

Subscribe to Our Blog!

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Best Practices Technology Cloud Email Privacy Malware Hackers Business Computing Microsoft Network Security Software Internet Hosted Solutions Tech Term Google Computer IT Services Ransomware Business Mobile Devices Backup User Tips Smartphone Small Business Managed IT Services Android Efficiency Data Management Saving Money Business Continuity Hardware Cloud Computing Windows Data Recovery Innovation Internet of Things IT Support App Data Data Backup Windows 10 Productivity Cybersecurity Browser Communication Business Management Managed IT Services Gmail Artificial Intelligence Encryption Remote Monitoring Passwords Server Facebook Windows 10 Infrastructure Microsoft Office Tip of the week Analytics Word communications Outsourced IT Vulnerability Disaster Recovery Network Applications Employer-Employee Relationship Productivity Smartphones IT Support Money Office 365 Chrome Managed Service Provider Phishing BYOD Google Drive Bandwidth YouTube Content Filtering Upgrade Social Media Risk Management Website Maintenance Antivirus Office Tips Save Money Robot Data storage Big Data IT Management Settings Government Unified Threat Management Administration Data loss Telephone Systems Managing Stress Alert Mouse Miscellaneous desktop Two-factor Authentication Information Firewall Apple Avoiding Downtime Monitors Storage Vendor Management Scam HIPAA Laptop Automation Mobile Security The Internet of Things Wireless End of Support VPN VoIP Virtual Reality Data Security Mobile Device Business Intelligence Outlook Server Management Paperless Office Spam Computing Business Technology Touchscreen WiFi Virtual Private Network SaaS LiFi Company Culture Hosted Solution Holiday Workplace Tips Downloads Users Cookies Halloween MSP Managed Service Current Events Mail Merge Blockchain Augmented Reality K-12 Schools Dark Data Best Practice Social Networking Retail Shortcut Distributed Denial of Service Computing Infrastructure Professional Services VoIP Unified Threat Management Display Cryptocurrency Bluetooth Comparison Star Wars PowerPoint Apps Politics Firefox Superfish Chatbots Digital Payment eWaste Nanotechnology Scary Stories Disaster Development IT solutions Going Green Address Permissions Wearable Technology Network upgrade Digital Customer Service Google Docs Collaboration Motherboard Running Cable Cables Education Office Hacks Samsung Patch Management Managed IT Service Alerts USB User Error Bitcoin Specifications Fraud Cost Management Buisness Onboarding Google Wallet Tech Support Customer Relationship Management Identity Continuity Business Growth Chromebook Heating/Cooling Multi-Factor Security Screen Reader Sports Uninterrupted Power Supply Charging Slack Printing Document Management Smart Office Virtual Desktop Spyware File Sharing Wires Social Engineering Password Break Fix Licensing Computer Care Dongle IBM Legal Time Management Printer Windows 8 Search Black Friday Assessment Solid State Drive Digital Signage Unified Communications Drones Websites Networking Solar Hacker Servers Google Calendar Smart Tech Monitoring Emergency Identity Theft Work Access Control Router Voice over Internet Protocol Safety Dark Web Cooperation Training Service Level Agreement Corporate Profile Deep Learning Network Management Remote Computing Cyber Monday Hotspot Internet Exlporer Downtime Hard Disk Drive Troubleshooting Automobile Compliance Cybercrime Network Congestion Alt Codes Legislation Marketing Connectivity Dell Spying IT Technicians Optimization SharePoint Gadgets Modem Cabling FinTech Analysis Microsoft Excel Staff Leominster WannaCry Bring Your Own Device Operating System Writing Social Managed IT Smart Technology Language Value Wi-Fi Budget Quick Tips Techology Regulations Google Maps Computers Typing Humor Statistics Tablet IoT Employee-Employer Relationship Information Technology How To Lenovo Mirgation Recycling GPS Update IT Consultant Computer Repair Relocation Cameras Mobile Data Meetings How To Work/Life Balance Tracking Recovery Cleaning Health Private Cloud Black Market CCTV Webcam Law Enforcement BDR Notifications Electronic Medical Records Twitter Physical Security Error Emoji Point of Sale Ben McDonald shares Regulation Upgrades Gadget Travel Mobile Device Management Crowdsourcing G Suite Personal Information Botnet Cortana 3D Printing Supercomputer CrashOverride Motion Sickness Mobile Computing Staffing Processors Taxes Printers Machine Learning Administrator Virtualization Web Server what was your? Unsupported Software IT Budget

What Our Clients Say

  • BNMC has provided us with nothing less than outstanding service and results for all of our IT needs for the past few years. Every member of their staff is professional, knowledgeable, friendly and eager to solve any problem...
  • 1
  • 2
  • 3