It is better not to delay the update if you do not want to become another victim of APT28.
In March of this year, the Microsoft security team identified a critical vulnerability in Microsoft Outlook. Tracked under the identifier CVE-2023-23397, the vulnerability allows attackers to steal Net-NTLMv2 hashes and gain access to user accounts. A special danger lies in a specially prepared email message, when opened, the user's Net-NTLMv2 hash is transmitted to the attacker.
The Microsoft blog notes that the vulnerability was used by the APT28 group to attack organizations. This group is known for its focus on critical infrastructure, including government agencies, the energy sector, transportation systems, and non-governmental organizations. Hackers data operations typically extend to the Middle East, the United States, and Europe.
Microsoft also reported that in September of this year, APT28 exploited a zero-day vulnerability in WinRAR ( CVE-2023-38831), first discovered in August 2023. By that time, several APT groups had attacked 130 organizations, successfully seizing traders funds. Despite the presence of a patch for the vulnerability in WinRAR, attackers continue to target systems with an unreleased version of the program.
As for the Outlook vulnerability, at the time of the release of its report, Microsoft has already released a fix for CVE-2023-23397, available for all supported versions of Outlook.
Microsoft Exchange customers should immediately install the latest security updates and upgrade to the latest version. WinRAR users, in turn, are also advised to update the program to reduce the risk of falling into the APT28 cyber trap.
Do I need to remind you that for the most reliable protection against any cyberattacks, you should use only strong passwords, be vigilant when opening questionable emails, and be sure to activate two-factor authentication?
In March of this year, the Microsoft security team identified a critical vulnerability in Microsoft Outlook. Tracked under the identifier CVE-2023-23397, the vulnerability allows attackers to steal Net-NTLMv2 hashes and gain access to user accounts. A special danger lies in a specially prepared email message, when opened, the user's Net-NTLMv2 hash is transmitted to the attacker.
The Microsoft blog notes that the vulnerability was used by the APT28 group to attack organizations. This group is known for its focus on critical infrastructure, including government agencies, the energy sector, transportation systems, and non-governmental organizations. Hackers data operations typically extend to the Middle East, the United States, and Europe.
Microsoft also reported that in September of this year, APT28 exploited a zero-day vulnerability in WinRAR ( CVE-2023-38831), first discovered in August 2023. By that time, several APT groups had attacked 130 organizations, successfully seizing traders funds. Despite the presence of a patch for the vulnerability in WinRAR, attackers continue to target systems with an unreleased version of the program.
As for the Outlook vulnerability, at the time of the release of its report, Microsoft has already released a fix for CVE-2023-23397, available for all supported versions of Outlook.
Microsoft Exchange customers should immediately install the latest security updates and upgrade to the latest version. WinRAR users, in turn, are also advised to update the program to reduce the risk of falling into the APT28 cyber trap.
Do I need to remind you that for the most reliable protection against any cyberattacks, you should use only strong passwords, be vigilant when opening questionable emails, and be sure to activate two-factor authentication?
