2 min read

US Cyber Command warns nation-state hackers are exploiting old Microsoft Outlook bug. Make sure you're patched!

Graham CLULEY

July 03, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
US Cyber Command warns nation-state hackers are exploiting old Microsoft Outlook bug. Make sure you're patched!

US Cyber Command has issued a warning about an unnamed foreign country’s attempt to spread malware through the exploitation of a vulnerability in Microsoft Outlook.

The alert, posted on Twitter, refers to CVE-2017-11774, a vulnerability in Outlook that if exploited could allow an attacker to bypass security features and execute arbitrary commands on targeted Windows computers.

Microsoft issued a patch for the vulnerability in October 2017, but the security hole has since continued to be used by the Iranian-backed APT33 (also known as Elfin) hacking group.

Clearly US Cyber Command is concerned that some at-risk organisations have still not have applied Microsoft’s patch from 2017, which removes the legacy ‘home page’ feature of Outlook that was vulnerable to attack.

Outlook’s ‘home page’ feature was little used, and most organisations are probably unaware of its existence, meaning they are unlikely to be disadvantaged by applying the patch and only benefit from the increase in security.

Systems can be further better protected by ensuring that layered defences are in place, password best practices are being followed, and multi-factor authentication is enabled.

The latest alert from US Cyber Command comes little more than a week after the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) specifically warned of increased activity by Iranian hacking groups, and urged firms to take protective measures.

On June 22, CISA warned about what they described as “a recent rise” in Iranian-linked cybersecurity threats against the United States, and described some of the typical tactics used:

“Iranian regime actors and proxies are increasingly using destructive “wiper” attacks, looking to do much more than just steal data and money. These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you”ve lost your whole network.”

APT33 is perhaps best known for its use of the destructive Shamoon disk-wiping malware against companies in the energy sector.

The Shamoon malware (also known as Disttrack) first hit the headlines in August 2012 when it was used in an attack against Saudi Arabia’s state-owned oil company Saudi Aramco, overwriting the data stored on over 30,000 Windows computers, before displaying an image of a US flag in flames.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read