301-571-5040    Get SUPPORT

Washington Works Blog

WARNING: A New Zero-Day Threat is On the Loose

WARNING: A New Zero-Day Threat is On the Loose

Zero-day threats are some of the most dangerous ones out there. What we mean by “zero day” threats are those that have been discovered by hackers before an official patch has been released by the developers, giving them exactly zero days before they are actively exploited in the wild. One of the more dangerous zero-day threats out there at the moment is one that takes advantage of Internet Explorer.

Before we start making Internet Explorer jokes, we want to mention that there is nothing funny about online threats--particularly those that haven’t been addressed yet by the developers. This newly discovered zero-day threat is called the “Double Kill” Internet Explorer vulnerability. Unfortunately, the Chinese developers who discovered this vulnerability--a computer security company called Qihoo--have been quiet about the details regarding the double-kill IE bug. It’s also difficult to tell if your organization is under threat, as they aren’t revealing any of the warning signs of such an attack.

The only thing known for sure about this threat is that it takes root by using Word documents. It’s likely that this is done through email attachments as well, as email is a major method of transporting threats of all kinds. When the document is opened up, Internet Explorer is opened in the background via some kind of shellcode that downloads an executable file. The vulnerability does all this without showing anything of note to the user, making it a difficult threat to identify, but the effects are well-known. Apparently, the downloaded executable file installs a Trojan horse malware on the user’s device which creates a backdoor into the system.

There are a lot more unknowns than anything else with this vulnerability, though. In particular, professionals aren’t sure if all Word documents are affected by this vulnerability, or if the threat even needs Microsoft Office in order to function as intended. It’s not even known what role Internet Explorer plays in the attack, or if the documents that can trigger this attack are identifiable. All we can tell you is that you need to keep security best practices in mind to keep these kinds of zero-day threats from becoming a problem for your organization.

To start, you should never download an unexpected file from an unexpected sender. This can come in the form of a resume, receipt, or other online document. You can never know for sure what you’re actually downloading, as criminals have been able to spoof email addresses to a dangerous degree in recent years. Just be cautious about everything you can, and augment caution with powerful security tools that can identify potential risks before they become major problems.

To get started with network security, reach out to Washington Works at 301-571-5040.

How to Automate the Protection of Your Business
Tip of the Week: How to Reduce the Use of Paper in...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, October 22 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Cloud Privacy Business Computing Malware Email Hackers Software Business Network Security Tech Term Productivity Internet Computer Hosted Solutions Managed IT Services Backup Mobile Devices Microsoft Ransomware Data User Tips IT Support Data Recovery Google Productivity Data Backup IT Services Smartphone Efficiency Managed Service Provider Encryption Cloud Computing Outsourced IT Innovation Workplace Tips Android Communication Small Business Browser Business Continuity Data Management Office 365 Business Management Social Media Hardware Windows 10 Paperless Office Remote Monitoring Disaster Recovery Save Money Collaboration Government Unified Threat Management Phishing BYOD Work/Life Balance Facebook Artificial Intelligence Server Windows 10 Bandwidth Cybersecurity Smartphones App Infrastructure Tip of the week Politics Vulnerability Hosted Solution IT Management Passwords Managed IT Services Office Password Employer-Employee Relationship Managed Service Apps File Sharing Document Management Healthcare Word Money Chromebook Customer Relationship Management Virtual Reality Big Data Windows Network Chrome Risk Management Mobile Device Saving Money How To Applications BDR Holiday SaaS Internet of Things VoIP Antivirus Wi-Fi Compliance Two-factor Authentication Remote Workers Taxes Data loss Blockchain Gmail Robot Training Regulations How To Tech Support Information Websites Recovery Storage VPN IoT Quick Tips Data Security Hacker Maintenance Remote Computing Meetings Server Management Business Technology Botnet Virtual Private Network HIPAA Website Automobile Automation Mobile Security Machine Learning Identity Theft Alert Point of Sale Health Smart Technology Telephone Systems G Suite Patch Management Samsung Vendor Management Scam Physical Security Twitter Router Firewall Computer Care Computing Time Management Update Multi-Factor Security Mirgation Vulnerabilities Conferencing Downtime IT Budget Connectivity WPA3 Networking Web Server Legal User Error Company Culture Augmented Reality Office Tips Tracking Managed IT Service Modem Computing Infrastructure Value Utility Computing Features Uninterrupted Power Supply Servers Error Specifications Network Management IT Consultant Google Calendar Geography Instant Messaging YouTube IBM Digital Payment Social Notifications Permissions Fleet Tracking Cameras Sports Printer Wearable Technology Managing Stress Help Desk Managed IT The Internet of Things IT Solutions Break Fix Cookies Computer Repair Alerts Electronic Health Records Microsoft Office Communications Staffing Virtualization Black Friday Social Networking Analytics Gadgets Budget Fraud Star Wars Professional Services Monitoring IT Support Touchscreen Legislation Chatbots High-Speed Internet Settings Cybercrime Asset Tracking Google Drive Law Enforcement CCTV Search Access Control Enterprise Content Management Bookmarks Corporate Profile Outlook Administrator Upgrades Processors Dark Web Nanotechnology Webcam Licensing Management Cyberattacks Solid State Drive Statistics Cyber Monday Motherboard MSP Lenovo Cost Management USB Consulting Cabling Education Mouse Identity Development Digital Mail Merge OneNote VoIP Techology Gadget SharePoint Unified Communications Favorites WannaCry Shortcut Upgrade Microsoft Excel Screen Reader Firefox Superfish Cooperation Enterprise Resource Planning Files Hard Disk Drive Bluetooth WiFi Cortana Black Market Proactive Crowdsourcing Hotspot Assessment Dongle Managed Services Provider Wireless Relocation Cleaning Emoji Tablet Cables Spyware Address Spam Travel Employee-Employer Relationship Avoiding Downtime Mobile Device Management Downloads IT Technicians Bring Your Own Device Project Management Monitors Supercomputer Smart Tech Electronic Medical Records Unified Threat Management Staff Mobile Read Only GPS Distributed Denial of Service Remote Monitoring and Management Motion Sickness Personal Information Language Internet Exlporer Service Level Agreement E-Commerce Disaster Heating/Cooling Private Cloud Comparison Wires Lithium-ion battery Fun Printers Wireless Technology 5G Emergency Safety Marketing Regulation Competition Hard Drives Finance IP Address Users Miscellaneous Customer Service Mobile Office Domains Public Speaking Presentation Hiring/Firing CrashOverride