all InfoSec news
State-sponsored APTs are leveraging WinRAR bug
Help Net Security www.helpnetsecurity.com
A number of government-backed APTs are exploiting CVE-2023-38831, a file extension spoofing vulnerability in WinRAR, a widely used file archiver utility for Windows. CVE-2023-38831 has been patched in August 2023, along with another high-severity RCE vulnerability (CVE-2023-40477). Exploited as a zero-day by cybercriminals since April 2023, the vulnerability is now also being used by state-sponsored hacking groups. “The widespread exploitation of the WinRAR bug highlights that exploits for known vulnerabilities can be highly effective, despite … More
The post …
april apt apts august bug cve cve-2023-38831 cve-2023-40477 cybercriminals don't miss exploit exploited exploiting extension file google government government-backed attacks high hot stuff phishing rce severity spear phishing sponsored spoofing state utility vulnerability windows winrar zero-day