301-571-5040    Get SUPPORT

Washington Works Blog

WARNING: A New Zero-Day Threat is On the Loose

WARNING: A New Zero-Day Threat is On the Loose

Zero-day threats are some of the most dangerous ones out there. What we mean by “zero day” threats are those that have been discovered by hackers before an official patch has been released by the developers, giving them exactly zero days before they are actively exploited in the wild. One of the more dangerous zero-day threats out there at the moment is one that takes advantage of Internet Explorer.

Before we start making Internet Explorer jokes, we want to mention that there is nothing funny about online threats--particularly those that haven’t been addressed yet by the developers. This newly discovered zero-day threat is called the “Double Kill” Internet Explorer vulnerability. Unfortunately, the Chinese developers who discovered this vulnerability--a computer security company called Qihoo--have been quiet about the details regarding the double-kill IE bug. It’s also difficult to tell if your organization is under threat, as they aren’t revealing any of the warning signs of such an attack.

The only thing known for sure about this threat is that it takes root by using Word documents. It’s likely that this is done through email attachments as well, as email is a major method of transporting threats of all kinds. When the document is opened up, Internet Explorer is opened in the background via some kind of shellcode that downloads an executable file. The vulnerability does all this without showing anything of note to the user, making it a difficult threat to identify, but the effects are well-known. Apparently, the downloaded executable file installs a Trojan horse malware on the user’s device which creates a backdoor into the system.

There are a lot more unknowns than anything else with this vulnerability, though. In particular, professionals aren’t sure if all Word documents are affected by this vulnerability, or if the threat even needs Microsoft Office in order to function as intended. It’s not even known what role Internet Explorer plays in the attack, or if the documents that can trigger this attack are identifiable. All we can tell you is that you need to keep security best practices in mind to keep these kinds of zero-day threats from becoming a problem for your organization.

To start, you should never download an unexpected file from an unexpected sender. This can come in the form of a resume, receipt, or other online document. You can never know for sure what you’re actually downloading, as criminals have been able to spoof email addresses to a dangerous degree in recent years. Just be cautious about everything you can, and augment caution with powerful security tools that can identify potential risks before they become major problems.

To get started with network security, reach out to Washington Works at 301-571-5040.

How to Automate the Protection of Your Business
Tip of the Week: How to Reduce the Use of Paper in...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, January 18 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Best Practices Cloud Business Computing Malware Privacy Hackers Productivity Business Network Security Email Software Tech Term Hosted Solutions Internet Mobile Devices Data Backup Computer Data Ransomware Managed IT Services Backup IT Support Data Recovery Microsoft Google User Tips Hardware Efficiency Productivity Outsourced IT Innovation Managed Service Provider Small Business IT Services Cloud Computing Smartphone Social Media Workplace Tips Android Paperless Office Encryption Business Management Business Continuity Smartphones Collaboration Windows 10 Managed IT Services Communication Data Management Browser Remote Monitoring Save Money Windows 10 Office 365 Holiday Server Disaster Recovery Bandwidth Government Infrastructure Tip of the week Antivirus Scam VoIP Vulnerability Healthcare Wi-Fi IT Management Passwords Unified Threat Management Phishing Communications BYOD Artificial Intelligence Employer-Employee Relationship BDR Internet of Things Work/Life Balance App Facebook Cybersecurity Virtual Reality Compliance Blockchain Managed Service Risk Management Information How To Two-factor Authentication Politics SaaS File Sharing Maintenance Document Management Quick Tips Apps Hosted Solution Word Office Customer Relationship Management Password Applications Big Data Network Chrome Windows Mobile Device Money Upgrade Saving Money Chromebook Telephone Systems Company Culture Patch Management Wireless G Suite Automation Vendor Management Gmail Mobile Device Management Private Cloud Computer Care Alert Firewall Regulations Data loss IoT Downtime Health Storage Taxes Training Samsung How To VPN Tech Support Electronic Medical Records Websites Physical Security Twitter Data Security Access Control HIPAA Computing Business Technology Hacker Meetings Server Management Virtual Private Network Mobile Security Microsoft Office Botnet Robot Smart Technology Automobile Social Recovery Remote Computing Remote Monitoring and Management Website Machine Learning Identity Theft Employees Router Remote Workers Point of Sale Relocation Cleaning Upgrades Processors WPA3 RMM Procurement Spyware Address Language Internet Exlporer Travel Search Comparison Monitors Spam Connectivity Supercomputer Utility Computing Features Avoiding Downtime Multi-Factor Security Mirgation Zero-Day Threat Managed IT Service Modem GPS User Error Geography Instant Messaging Fleet Tracking Operating System Security Cameras Computing Infrastructure Value Motion Sickness Managing Stress Help Desk Disaster Heating/Cooling Specifications Permissions IT Budget Electronic Health Records Time Management Google Calendar Cortana Black Market Backup and Disaster Recovery Break Fix Cookies Office Tips Tracking Professional Services Crowdsourcing Monitoring Networking Printer Wearable Technology Web Server Emoji High-Speed Internet Finance Social Networking Augmented Reality Error Asset Tracking Tech Terms Printing Alerts Enterprise Content Management Bookmarks Uninterrupted Power Supply Servers Black Friday Human Error YouTube Fraud Star Wars Digital Payment Management Cyberattacks Network Management Legislation Chatbots IT Consultant MSP Managed IT Dark Web IBM Nanotechnology Personal Information USB Consulting Cameras Development Authentication Cyber Monday The Internet of Things Motherboard Staffing OneNote Theft Remote Worker Analytics Licensing Update Unified Communications Favorites Proactive Permission Settings Gadgets Budget Cost Management Cybercrime Legal Enterprise Resource Planning Files IT Support Touchscreen Mouse Identity Corporate Profile Outlook Microsoft Excel Screen Reader Administrator Dongle Managed Services Provider Google Drive SharePoint Law Enforcement CCTV Cables Authorization Statistics Notifications Employee-Employer Relationship ROI Lenovo Cooperation Webcam Bring Your Own Device Project Management Solid State Drive Education IT Solutions Test Financial Digital Mail Merge Users Hotspot Assessment Sports Mobile Read Only Cabling Tablet WannaCry Shortcut Customer Service Smart Tech Computer Repair Service Level Agreement E-Commerce VoIP Techology Downloads IT Technicians Gadget Virtualization Wires Hard Disk Drive Bluetooth Distributed Denial of Service WiFi Firefox Superfish Unified Threat Management Staff Vulnerabilities Conferencing Printers Domains CrashOverride Public Speaking Presentation Regulation Lithium-ion battery Emergency Wireless Technology 5G Safety Hiring/Firing Marketing Fun Competition IP Address Miscellaneous Mobile Office Hard Drives