Windows Users Targeted with Zero-Day Attacks via Internet Explorer

July 23, 2024 | An APT group named Void Banshee is exploiting Internet Explorer vulnerabilities to deploy the Atlantida info-stealer. Using CVE-2024-38112, Void Banshee targets Microsoft Internet Explorer 11, Windows (before 11 23H2 10.0.22631.3880), and Windows Server (before 2022 10.0.20348.2582).

The attacks involve malicious .URL files disguised as book PDFs, distributed via cloud-sharing websites, online libraries, and Discord servers. Predominantly affecting North America, Europe, and Southeast Asia, these attacks highlight the ongoing risk of legacy systems and delayed patch updates.

Security experts emphasize the need for timely security updates and robust patch management to counter such threats.

[Read the full article]

Newsletter Signup

Stay up-to-date on the latest resources and news from CRITICALSTART.