Contact Us Today! 1-844-237-4300

Central Technology Solutions Blog

WARNING: A New Zero-Day Threat is On the Loose

WARNING: A New Zero-Day Threat is On the Loose

Zero-day threats are some of the most dangerous ones out there. What we mean by “zero day” threats are those that have been discovered by hackers before an official patch has been released by the developers, giving them exactly zero days before they are actively exploited in the wild. One of the more dangerous zero-day threats out there at the moment is one that takes advantage of Internet Explorer.

Before we start making Internet Explorer jokes, we want to mention that there is nothing funny about online threats--particularly those that haven’t been addressed yet by the developers. This newly discovered zero-day threat is called the “Double Kill” Internet Explorer vulnerability. Unfortunately, the Chinese developers who discovered this vulnerability--a computer security company called Qihoo--have been quiet about the details regarding the double-kill IE bug. It’s also difficult to tell if your organization is under threat, as they aren’t revealing any of the warning signs of such an attack.

The only thing known for sure about this threat is that it takes root by using Word documents. It’s likely that this is done through email attachments as well, as email is a major method of transporting threats of all kinds. When the document is opened up, Internet Explorer is opened in the background via some kind of shellcode that downloads an executable file. The vulnerability does all this without showing anything of note to the user, making it a difficult threat to identify, but the effects are well-known. Apparently, the downloaded executable file installs a Trojan horse malware on the user’s device which creates a backdoor into the system.

There are a lot more unknowns than anything else with this vulnerability, though. In particular, professionals aren’t sure if all Word documents are affected by this vulnerability, or if the threat even needs Microsoft Office in order to function as intended. It’s not even known what role Internet Explorer plays in the attack, or if the documents that can trigger this attack are identifiable. All we can tell you is that you need to keep security best practices in mind to keep these kinds of zero-day threats from becoming a problem for your organization.

To start, you should never download an unexpected file from an unexpected sender. This can come in the form of a resume, receipt, or other online document. You can never know for sure what you’re actually downloading, as criminals have been able to spoof email addresses to a dangerous degree in recent years. Just be cautious about everything you can, and augment caution with powerful security tools that can identify potential risks before they become major problems.

To get started with network security, reach out to Central Technology Solutions at 1-844-237-4300.

Medical IT: How Is HITECH Doing?
Password Protection Policies Keep Businesses Safe
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, November 18 2018

Captcha Image

Join our mailing list!

  • Company Name *
  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      QR-Code dieser Seite

      Tag Cloud

      Security Tip of the Week Best Practices Technology Cloud Business Computing Email Privacy Malware Hackers Hosted Solutions Internet IT Services Productivity Managed IT Services Network Security Outsourced IT IT Support Data Software Data Backup Business Mobile Devices Computer Microsoft Tech Term Ransomware Backup Productivity Innovation Data Recovery Hardware Managed Service Provider Smartphone Business Continuity Google Internet of Things Small Business Cloud Computing Windows 10 Android Disaster Recovery Data Management Managed IT User Tips Remote Monitoring Communication Artificial Intelligence Browser Efficiency Encryption Social Media Windows Paperless Office Smartphones Facebook BYOD VoIP IT Support Risk Management Business Management Workplace Tips Phishing App Cybersecurity Save Money Mobile Device Government Gmail Unified Threat Management Upgrade Collaboration Recovery Mobile Device Management Firewall Server Network Applications BDR Saving Money Bandwidth Robot Bring Your Own Device Windows 10 Hosted Solution Data storage Office 365 Website Going Green Telephone Systems SaaS Tip of the week Apps Vendor Management Holiday Passwords Project Management Content Filtering Password Document Management Virtualization Infrastructure Vulnerability Big Data Chrome Wi-Fi Compliance Money Computing Router Miscellaneous Two-factor Authentication IT Management Regulations Managed IT Services Files Office IT Service Wireless Computers Antivirus Employer-Employee Relationship Storage Politics Automation Analytics Remote Computing Work/Life Balance Customer Relationship Management Healthcare communications Data loss Data Security Apple Help Desk Customer Service Unified Communications Training Managed Service Virtual Reality File Sharing Tablet Word Smart Technology Administration Maintenance Education Redundancy Budget End of Support Health LiFi Information Technology Printing Quick Tips IT solutions Scam Monitors Microsoft Office Alert Mouse Internet Exlporer Outlook Tech Support VPN Blockchain HIPAA Patch Management Digital Payment Sports Google Drive Identity Theft How To Samsung Settings Mobile Security Websites Virtual Private Network Business Growth Licensing Chromebook Flexibility Remote Monitoring and Management Network Management Assessment Business Technology Avoiding Downtime Mobile Computing Users How To Hacker Remote Workers Server Management Social Spam Machine Learning Mobility Upgrades WiFi Wireless Technology Legal Uninterrupted Power Supply YouTube Twitter The Internet of Things IoT Information Retail Cortana Mobile Digital Favorites Obstacle Data Warehousing Physical Security Fleet Tracking Disaster Resistance Cryptocurrency Operations Cache Electronic Health Records Search Supercomputer Technology Assurance Group ’s 18 3D Printing Test Superfish Crowdsourcing Meetings Computing Infrastructure Display Processors High-Speed Internet Employees Typing G Suite Net Neutrality History Star Wars Monitoring Bluetooth Hacks Technology Tips Tracking Chatbots Company Culture Spyware Virtual Desktop Conferencing Course Best Practice Microsoft Excel Google Maps Modem Office Tips Asset Tracking Proactive IT Bitcoin Multi-Factor Security Taxes Wearable Technology Update Recycling Cyberattacks Shortcut Private Cloud Distributed Denial of Service IT Budget Annual Convention Unsupported Software Virus MSP Operating System Printer Alerts Development Firefox Zero-Day Threat Cabling Electronic Medical Records Utility Computing Consulting Comparison Identity Social Engineering USB Managing Stress Instant Messaging Cookies OneNote Heating/Cooling IT Consulting Windows 8 Save Time Google Calendar eWaste WannaCry Read Only Managed IT Service San Diego Mobile Data Proactive Time Management Networking Identities Access Control Point of Sale Cooperation Marketing Cables Managed Services Provider Hacking Specifications Safety Gadgets Enterprise Content Management Finance Google Wallet Sync Permissions Nanotechnology Dark Data Personal Information Buisness Employee-Employer Relationship Servers Data Breach Telephony Legislation IT Technicians Management Public Cloud Break Fix Social Networking Hard Drives Google Docs Law Enforcement SharePoint Staff Humor Botnet Black Friday Roanoke — Central Technology Solutions Notifications Wires Human Error Unified Threat Management Travel Hotspot Cost Management Disaster E-Commerce Trending Black Market Vulnerabilities Authentication Mail Merge Drones Mobile Device Managment Fraud Software Tips Screen Reader Connectivity Technology Laws Backups Mirgation Writing Emoji Enterprise Resource Planning VoIP Bookmarks Sponsor Deep Learning Automobile Dark Web Computer Care Motherboard WPA3 Touchscreen Techology Solid State Drive Gadget Downloads Augmented Reality Current Events Cyber Monday technology services provider Consultation Permission Lenovo User Error Language Network Congestion Hard Drive Features Geography Authorization Address Alt Codes Smart Tech Computer Repair Downtime Statistics Software as a Service GPS Migration Administrator CCTV Relocation Regulation Hard Disk Drive RMM Webcam IT Consultant Error Backup and Disaster Recovery Emergency Cybercrime CrashOverride Printers Web Server Cameras Motion Sickness