Users have to download the patch manually. It was fixed in WinRAR versions 6.24 and 6.23. This is probably because the WinRAR tool doesn’t have an auto-update feature. TAG’s Kate Morgan wrote in the report published on 18 October that despite that a patch was released soon after it was discovered, many devices remain unpatched and are vulnerable to exploitation. It was first reported by Group-IB researchers. Until August, this bug was exploited as zero-day. Now state-backed actors are exploiting it. The vulnerability is tracked as CVE-2023-38831, and it was exploited for the first time in early 2023 by cybercrime groups before it was identified by defenders. Google’s Threat Analysis Group (TAG) has discovered that state-backed threat actors are continuously exploiting a known vulnerability in the popular file archiver tool for Windows, WinRAR. It has now come to light that the vulnerability continues to be exploited, despite the availability of a security patch. On August 25, 2023, reported a 0-day vulnerability in WinRAR, which was actively exploited worldwide, targeting 130 traders to successfully steal funds. Organizations must protect their networks by implementing a robust vulnerability management program and deploying endpoint security solutions. Google has urged users to immediately apply the latest WinRAR patch to prevent their devices from being invaded by state-backed actors. State-sponsored actors from a number of countries are exploiting this vulnerability in their malicious operations. This vulnerability lets hackers execute arbitrary code on the targeted device.Īttackers can steal sensitive data, hijack the victim’s computer, and install malware. Google’s TAG researchers have found that government-sponsored hackers are actively exploiting an already discovered WinRAR vulnerability. According to Google’s Threat Analysis Group (TAG), the group exploiting the vulnerability comprises Sandworm, Fancy Bear, and APT40, all associated with the Russian government and military.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |