Get Started Today!  321-259-5500

croom new

WARNING: A New Zero-Day Threat is On the Loose

WARNING: A New Zero-Day Threat is On the Loose

Zero-day threats are some of the most dangerous ones out there. What we mean by “zero day” threats are those that have been discovered by hackers before an official patch has been released by the developers, giving them exactly zero days before they are actively exploited in the wild. One of the more dangerous zero-day threats out there at the moment is one that takes advantage of Internet Explorer.

Before we start making Internet Explorer jokes, we want to mention that there is nothing funny about online threats--particularly those that haven’t been addressed yet by the developers. This newly discovered zero-day threat is called the “Double Kill” Internet Explorer vulnerability. Unfortunately, the Chinese developers who discovered this vulnerability--a computer security company called Qihoo--have been quiet about the details regarding the double-kill IE bug. It’s also difficult to tell if your organization is under threat, as they aren’t revealing any of the warning signs of such an attack.

The only thing known for sure about this threat is that it takes root by using Word documents. It’s likely that this is done through email attachments as well, as email is a major method of transporting threats of all kinds. When the document is opened up, Internet Explorer is opened in the background via some kind of shellcode that downloads an executable file. The vulnerability does all this without showing anything of note to the user, making it a difficult threat to identify, but the effects are well-known. Apparently, the downloaded executable file installs a Trojan horse malware on the user’s device which creates a backdoor into the system.

There are a lot more unknowns than anything else with this vulnerability, though. In particular, professionals aren’t sure if all Word documents are affected by this vulnerability, or if the threat even needs Microsoft Office in order to function as intended. It’s not even known what role Internet Explorer plays in the attack, or if the documents that can trigger this attack are identifiable. All we can tell you is that you need to keep security best practices in mind to keep these kinds of zero-day threats from becoming a problem for your organization.

To start, you should never download an unexpected file from an unexpected sender. This can come in the form of a resume, receipt, or other online document. You can never know for sure what you’re actually downloading, as criminals have been able to spoof email addresses to a dangerous degree in recent years. Just be cautious about everything you can, and augment caution with powerful security tools that can identify potential risks before they become major problems.

To get started with network security, reach out to TotalCareIT™ at 321-259-5500.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Tuesday, June 19 2018
If you'd like to register, please fill in the username, password and name fields.

Newsletter Sign Up

  • Company Name
  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      Qr Code

      Tag Cloud

      Security Tip of the Week Best Practices Technology Cloud Privacy Malware Hackers Business Computing Business Email Hosted Solutions Productivity Internet Backup IT Services Mobile Devices Computer Network Security Managed Service Provider Microsoft Software Windows 10 Ransomware Smartphone Hardware User Tips Android Google Business Continuity Data Workplace Tips Innovation Efficiency IT Support Data Management Disaster Recovery Social Media App Server Small Business Managed IT Services Smartphones Tech Term Encryption Communication Browser Windows Artificial Intelligence Data Recovery Internet of Things Office 365 Cloud Computing Big Data Network Business Management BYOD Facebook Gmail Employer-Employee Relationship Apps Office Paperless Office WiFi Hosted Solution Phishing Government Upgrade Office Tips Outsourced IT Wireless Technology Robot Vendor Management Passwords Productivity Firewall Save Money Remote Monitoring Alert Miscellaneous Data Backup Recovery Mobile Device Management Risk Management Spam Two-factor Authentication Money Chrome Budget Work/Life Balance Microsoft Office Cybersecurity Password IT solutions Word Hacker Vulnerability Virtualization Infrastructure How To Tip of the week Saving Money Holiday Wireless Content Filtering Avoiding Downtime Wi-Fi SaaS Antivirus Analytics Legal Tech Support Applications VPN Social Remote Computing VoIP Document Management Website Bandwidth Apple Windows 10 Going Green Education Hard Drives Twitter Settings The Internet of Things Computing IT service Unified Threat Management Automation Cybercrime IT Support Virtual Reality Data storage IT Management Customer Service Managed IT Services Training LiFi Outlook Lithium-ion battery Sports Mobile Device Hacking Maintenance HIPAA Telephone Systems Business Intelligence Physical Security Mouse Automobile Storage Computers Presentation Running Cable Augmented Reality Scam Network Management Mobile Security Patch Management Compliance Data loss Regulations Collaboration Data Security Identity Theft Solid State Drive End of Support Virtual Private Network Politics File Sharing Virtual Desktop User Error Health Search Printing Business Owner Websites Upgrades Taxes Administration Competition User Safety Botnet Best Practice Google Drive eWaste Server Management Monitors IBM Machine Learning Heating/Cooling Downtime communications Cortana Cost Management Samsung Tablet Customer Relationship Management YouTube Computer Care Unified Communications BDR Router Business Technology Quick Tips Hard Drive Knowledge Blockchain Troubleshooting Undo Gadgets Crowdsourcing Google Maps Retail Bitcoin Wearable Technology Point of Sale Modem 5G Smart Technology Lenovo Error VoIP Update Staffing Humor Cache Experience Permissions Windows 8 Users Social Engineering Web Server Cookies Distributed Denial of Service Superfish Corporate Profile Time Management Chromebook GPS Deep Learning Recycling Fraud Hacks Shortcut Buisness Cameras Co-managed IT Save Time Nanotechnology Managed IT Service WannaCry Emoji Tracking Dark Data Management IT Technicians Downloads Law Enforcement Administrator Trending Personal Information CCTV Backups Screen Reader Fun Break Fix Networking Application Touchscreen Identities Company Culture Hotspot Current Events Mirgation Analyitcs Multi-Factor Security Gadget Cabling CIO Computer Repair Smart Tech Dark Web Digital Black Market Managing Stress Mobile Computing Language Chatbots IP Address Google Calendar Marketing G Suite Connectivity Net Neutrality Techology Spyware Supercomputer Network Congestion Enterprise Content Management Bring Your Own Device Computing Infrastructure Public Speaking Identity Mobile Office Legislation Mail Merge Disaster Travel Electronic Medical Records Operating System IoT Entrepreneur FCC Unified Threat Management Refrigeration Servers Processors IT Budget Display Business Growth Alerts Comparison Address Uninterrupted Power Supply 3D Printing Motion Sickness Managed IT IT Consultant Star Wars Hiring/Firing Title II Printer How To Digital Payment Laptop Alt Codes Licensing Information Technology Social Networking Specifications Hard Disk Drive Unsupported Software Cleaning Google Docs Assessment Online Environment Access Control Firefox Statistics Halloween Typing Cooperation Google Wallet Motherboard Black Friday Relocation Mobile Data Meetings Internet Exlporer Microsoft Excel SharePoint iPhone Bluetooth Notifications Writing Scary Stories Cryptocurrency Staff Drones Cyber Monday Law Private Cloud Webcam USB Domains CrashOverride Help Desk Emergency Flexibility

      Latest Blog Entry

      Communication is one of the most important parts of running an organization, and this is especially true for smaller organizations that need to work closely in order to make progress. Today’s collaborative workplace is dependent on people understanding a unified message and ...

      Account Login