FireEye: Russians, Others Exploiting Zero-day Microsoft Office Vulnerabilities

Share Now

Facebook
Twitter
LinkedIn

FireEye has identified three new zero-day vulnerabilities in Microsoft Office products that have been exploited by Russian cyber espionage entities and a yet-to-be-identified group.

Russian threat actors Turla and APT28 are believed to have used the zero-day weaknesses in Encapsulated PostScript (EPS) against European diplomatic and military agencies, according to a new FireEye blog post. Those same vulnerabilities have been exploited by unknown attackers targeting the Middle Eastern offices of regional and global banks.

According to the post, FireEye is working with the Microsoft Security Response Center (MSRC) to disclose details of the recent threats. Meanwhile, Microsoft is advising customers to sign up for security updates and follow the suggestions in security advisory ADV170005 to protect against EPS filter vulnerabilities. Microsoft also addresses the recent attacks in this blog post.

The recent discoveries are the latest in a series of FireEye zero-day findings. You can learn more in the company’s 2015 report, “Zero-day Danger: A Survey of Zero-Day Attacks and What They Say About the Traditional Security Model,” detailing 18 zero-day vulnerabilities since late 2012. In the document, FireEye explains the magnitude of zero-day threats, describes the specific vulnerabilities and lists tips to help reduce risk.

Don’t miss another threat – stay on top of emerging phishing and malware threats and attacks, all delivered straight to your inbox completely free. Subscribe to PhishMe® Threat Alerts today.

Read More Related Phishing Blog Posts

Search

We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on wpml.org as a development site.