FinSpy – Page 2 – WindowsTechs.com

New Microsoft Word zero day used in Russian-language spyware campaign, analysts say

Posted on September 12, 2017 by Chris Bing

A well-funded spy group appears to have recently acquired a highly sophisticated zero day vulnerability and used it to deploy a remote access trojan against a Russian-speaking “entity,” according to evidence discovered by U.S. cybersecurity firm FireEye. Researchers with FireEye found the disruptive software vulnerability, which affects recent versions of Microsoft Word, in July. The trojan, known as FinSpy, is made by infamous surveillance technology firm FinFisher, a blog post by FireEye says. The Word flaw remained unpatched until Tuesday afternoon, when Microsoft issued its monthly security update. This vulnerability, labeled CVE-2017-8759, was used as recently as late August to hack into systems, FireEye analyst Ben Read told CyberScoop. Analysts originally uncovered CVE-2017-8759 while examining a highly targeted phishing email that was written in Russian. The email contained an attachment that when opened exploited a software flaw in the word processor to remotely download FinSpy from a computer server controlled by the attacker. […]

The post New Microsoft Word zero day used in Russian-language spyware campaign, analysts say appeared first on Cyberscoop.

Continue reading New Microsoft Word zero day used in Russian-language spyware campaign, analysts say→

Microsoft Patches .NET Zero Day Vulnerability in September Update

Posted on September 12, 2017 by Tom Spring

Microsoft fixes 25 critical vulnerabilities including one zero day under attack and one tied to the high-profile BlueBorne attack vector. Continue reading Microsoft Patches .NET Zero Day Vulnerability in September Update→

Microsoft zero-day vulnerability was being exploited for cyber-espionage

Posted on April 13, 2017 by David Bisson

Two separate attack campaigns exploited the same Microsoft zero-day vulnerability to infect users with spyware and crimeware. But mystery shrouds which country might have been behind the state-sponsored attacks.
David Bisson reports.
Continue reading Microsoft zero-day vulnerability was being exploited for cyber-espionage→

Not Just Criminals, But Governments Were Also Using MS Word 0-Day Exploit

Posted on April 13, 2017 by Swati Khandelwal

Recently we reported about a critical code execution vulnerability in Microsoft Word that was being exploited in the wild by cyber criminal groups to distribute malware like Dridex banking trojans and Latentbot.

Now, it turns out that the same previou… Continue reading Not Just Criminals, But Governments Were Also Using MS Word 0-Day Exploit→

Office Zero Day Delivering FINSPY Spyware to Victims in Russia

Posted on April 12, 2017 by Michael Mimoso

Researchers have learned that the recently patched Office zero day was used to target victims in Russia with FINSPY spyware. Continue reading Office Zero Day Delivering FINSPY Spyware to Victims in Russia→

Court blocks American from suing Ethiopia over alleged hacking

Posted on March 16, 2017 by Lisa Vaas

Activists mull challenge to court’s ruling that remote hacking can’t be litigated in the US Continue reading Court blocks American from suing Ethiopia over alleged hacking→