all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

State-sponsored APTs are leveraging WinRAR bug

Add to bookmarks
Oct. 18, 2023, 3 p.m. | Zeljka Zorz

Help Net Security www.helpnetsecurity.com

A number of government-backed APTs are exploiting CVE-2023-38831, a file extension spoofing vulnerability in WinRAR, a widely used file archiver utility for Windows. CVE-2023-38831 has been patched in August 2023, along with another high-severity RCE vulnerability (CVE-2023-40477). Exploited as a zero-day by cybercriminals since April 2023, the vulnerability is now also being used by state-sponsored hacking groups. “The widespread exploitation of the WinRAR bug highlights that exploits for known vulnerabilities can be highly effective, despite … More


The post …

april apt apts august bug cve cve-2023-38831 cve-2023-40477 cybercriminals don't miss exploit exploited exploiting extension file google government government-backed attacks high hot stuff phishing rce severity spear phishing sponsored spoofing state utility vulnerability windows winrar zero-day

Visit resource

More from www.helpnetsecurity.com / Help Net Security

Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks 17 hours ago | www.helpnetsecurity.com
alto articles attackers attacks +25
Bug hunters can get up to $450,000 for an RCE in Google’s Android apps 2 days, 11 hours ago | www.helpnetsecurity.com
android android apps app apps +17
Trellix Wise automates security workflows with AI, streamlining threat detection and remediation 2 days, 13 hours ago | www.helpnetsecurity.com
artificial artificial intelligence cyber cyber risk +21
Microsoft, Google widen passkey support for its users 2 days, 13 hours ago | www.helpnetsecurity.com
account protection authentication awareness bitwarden +18
Cyble Vision X covers the entire breach lifecycle 2 days, 13 hours ago | www.helpnetsecurity.com
access artificial artificial intelligence aspect +23
BlackBerry CylanceMDR improves cybersecurity defensive strategy 2 days, 14 hours ago | www.helpnetsecurity.com
address advanced ai platform amp +28
FortiGate 200G series boosts campus connectivity for Wi-Fi 7 2 days, 14 hours ago | www.helpnetsecurity.com
ai-powered campus connectivity firewall +15
Nokod Security Platform secures low-code/no-code development environments and apps 2 days, 15 hours ago | www.helpnetsecurity.com
applications apps automations code +23
Lenovo launches AI-based Cyber Resiliency as a Service 2 days, 15 hours ago | www.helpnetsecurity.com
copilot copilot for security cyber cyber protection +24

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Analyst

@ Northwestern Memorial Healthcare | Chicago, IL, United States
View on infosec-jobs.com

GRC Analyst

@ Richemont | Shelton, CT, US
View on infosec-jobs.com

Security Specialist

@ Peraton | Government Site, MD, United States
View on infosec-jobs.com

Information Assurance Security Specialist (IASS)

@ OBXtek Inc. | United States
View on infosec-jobs.com

Cyber Security Technology Analyst

@ Airbus | Bengaluru (Airbus)
View on infosec-jobs.com

Vice President, Cyber Operations Engineer

@ BlackRock | LO9-London - Drapers Gardens
View on infosec-jobs.com
View more jobs