CVE-2023-38831: #WinRAR Bug Or Windows Feature? In-Depth Analysis of Winrar Vulnerability - Alee's Stories #infosec #cve #vulnerability https://aleeamini.com/cve-2023-38831-winrar-bug-or-windows-feature/
#vulnerability #cve #infosec #winrar
0day w WinRAR był exploitowany od kilku miesięcy – m.in. za pomocą odpowiednio spreparowanego pliku zip
Informacja o podatności CVE-2023-38831 gruchnęła już dobrych kilka dni temu. Luka (luki) jest obecnie załatana, ale pokazały się informację o aktywnej tej eksploitacji podatności jako 0day – i to od kwietnia 2023. Na celowniku były m.in. komputery / konta osób handlujących kryptowalutami. Cały trick polegał na stworzeniu archiwum (np. zip),...
#wbiegu #0day #exploit #winrar
「WinRAR」のリモートコード実行の脆弱性「CVE-2023-40477」を危惧する声が広がる/開発会社が詳細を公表、「UnRAR.dll」「UnRAR64.dll」には影響なし
https://forest.watch.impress.co.jp/docs/news/1526613.html
#forest_watch_impress #WinRAR #UnRARDLL #セキュリティ #脆弱性 #Windows #圧縮_解凍
#forest_watch_impress #winrar #unrardll #セキュリティ #脆弱性 #windows #圧縮_解凍
#WinRAR ist zuelich verbreitet. Jetzt allerdings schnell nen Patch runterlesen, damit nicht fremde Mächte auf eurem Computer das Zepter übernehmen: https://www-bleepingcomputer-com.cdn.ampproject.org/c/s/www.bleepingcomputer.com/news/security/winrar-flaw-lets-hackers-run-programs-when-you-open-rar-archives/amp/
#WinRAR-Lücke weitreichender als gedacht | Security https://www.heise.de/news/WinRAR-Luecke-weitreichender-als-gedacht-9283622.html #Exploit #Patchday
HackRead: WinRAR users update your software as 0-day vulnerability is found https://www.hackread.com/winrar-software-update-0-day-vulnerability/ #Vulnerability #CyberAttack #Security #security #Trading #WinRAR #0-day
#vulnerability #cyberattack #security #trading #winrar
Multiples vulnérabilités dans #WinRAR 6.22 , #7-Zip 23.00
Un défaut de vérification des données dans WinRAR permet à un attaquant non authentifié, en persuadant une victime d’ouvrir une archive spécifiquement forgée, d’exécuter du code arbitraire. La faille est activement exploitée : Oui Un correctif existe : Oui Une mesure de contournement existe : Non RARLAB WinRAR versions 6.22 et antérieures Un défaut de contrôle de la mémoire lors de l’analyse d’archives…
https://antivirus-france.com/multiples-vulnerabilites-dans-winrar-6-22-7-zip-23-00/
WinRAR patches zero-day bug that targeted stock and crypto traders - According to cybersecurity firm Group-IB, weaponized ZIP file arc... - https://cointelegraph.com/news/winrar-patches-zero-day-bug-targeted-crypto-traders #vulnerability #cybersecurity #exploit #malware #hackers #winrar
#winrar #hackers #malware #exploit #cybersecurity #vulnerability
S3 Ep149: How many cryptographers does it take to change a light bulb? - Latest episode - listen now! Full transcript inside... https://nakedsecurity.sophos.com/2023/08/24/s3-ep149-how-many-cryptographers-does-it-take-to-change-a-light-bulb/ #nakedsecuritypodcast #vulnerability #cybercrime #dataloss #podcast #privacy #hacking #tp-link #winrar #iot
#iot #winrar #tp #hacking #privacy #podcast #dataloss #cybercrime #vulnerability #nakedsecuritypodcast
"A newly discovered #zeroday in the widely used #WinRAR file-compression program has been exploited for four months by unknown attackers who are using it to install #malware when targets open booby-trapped JPGs and other innocuous inside file archives." #exploit #CyberSecurity #vulnerability
https://arstechnica.com/security/2023/08/winrar-0-day-that-uses-poisoned-jpg-and-txt-files-under-exploit-since-april/
#zeroday #winrar #malware #exploit #cybersecurity #vulnerability
SecurityWeek: Traders Targeted by Cybercriminals in Attack Exploiting WinRAR Zero-Day https://www.securityweek.com/traders-targeted-by-cybercriminals-in-attack-exploiting-winrar-zero-day/ #Malware&Threats #Cybercrime #exploited #Zero-Day #WinRAR
#malware #cybercrime #exploited #zero #winrar
WinRAR 0-day that uses poisoned JPG and TXT files
weaponized to rob yuppies since April.
via arstechnica.com:
“A newly discovered zero-day in the widely used WinRAR file-compression program has been exploited for four months by unknown attackers who are using it to install malware when targets open booby-trapped JPGs and other innocuous inside file archives.
The vulnerability, residing in the way WinRAR processes the ZIP file format, has been under active exploit since April in securities trading forums, researchers from security firm Group IB reported Wednesday. The attackers have been using the vulnerability to remotely execute code that installs malware from families, including DarkMe, GuLoader, and Remcos RAT.
From there, the “criminals” withdraw money from broker accounts. The total amount of financial losses and total number of victims infected is unknown, although Group-IB said it has tracked at least 130 individuals known to have been compromised. WinRAR developers fixed the vulnerability, tracked as CVE-2023-38831, earlier this month.“
#punchup #yuppies #0day #hackers #winrar
"#WinRar zero-day vulnerability ... was actively exploited to install malware when clicking on harmless files in an archive, allowing the hackers to breach online cryptocurrency trading accounts"
Ars Technica: WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April https://arstechnica.com/?p=1962625 #Tech #arstechnica #IT #Technology #vulnerability #Security #zipfiles #exploit #zeroday #Biz&IT #winrar
#Tech #arstechnica #it #technology #vulnerability #security #zipfiles #exploit #zeroday #biz #winrar
WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April - Enlarge (credit: Getty Images)
A newly discovered zeroday in t... - https://arstechnica.com/?p=1962625 #vulnerability #security #zipfiles #exploit #zeroday #biz #winrar
#winrar #biz #zeroday #exploit #zipfiles #security #vulnerability
WinRAR zero-day exploited since April to hack trading accounts
https://www.bleepingcomputer.com/news/security/winrar-zero-day-exploited-since-april-to-hack-trading-accounts/
#ycombinator #computers #windows #linux #mac #support #tech_support #spyware #malware #virus #security #Actively_Exploited #Archive #Malware #Software #Vulnerability #WinRAR #Zero_Day #Zip #virus_removal #malware_removal #computer_help #technical_support
#ycombinator #computers #windows #linux #mac #support #tech_support #spyware #malware #virus #security #actively_exploited #archive #software #vulnerability #winrar #zero_day #zip #virus_removal #malware_removal #computer_help #technical_support
Hackers exploit WinRAR zero-day bug to steal funds from broker accounts https://tcrn.ch/44g3hiU
SecurityOnline: CVE-2023-40477: WinRAR Code Execution Vulnerability https://securityonline.info/cve-2023-40477-winrar-code-execution-vulnerability/ #CVE-2023-40477 #Vulnerability #WinRAR
TechcrunchSecurity: Hackers exploit WinRAR zero-day bug to steal funds from broker accounts https://techcrunch.com/2023/08/23/winrar-zero-day-funds-brokers/ #cybersecurity #vulnerability #zero-dayflaw #Security #winrar
#cybersecurity #vulnerability #zero #security #winrar