Microsoft patches security flaw that let North Korea target researchers
Vulnerability also affects the Microsoft Edge browser
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Microsofthas finally patched the Internet Explorer (IE) vulnerability that was exploited by a North Korean state-sponsored hacking group to break into theworkstationsof researchers from around the world.
Thespate of attacks, notorious for their use of elaborate deceptions, against security researchers were reported earlier this year in January byGoogle’s Threat Analysis Group (TAG).
Last month, security researchers from South Korean security firm ENKIhad identifieda zero-day vulnerability in IE that the attackers were looking to exploit. Microsoft has finally put out a patch to plug the hole.
Vulnerability patched
Google’s TAG researchers disclosed details about the South Korean hacking campaign noting that the threat actors employed various means, such as creating elaborate fake personas to engage with the researchers.
Security researchers at ENKI were also targeted. However, not only were they able to see through the deception, but also used their domain expertise to zero in on the particular vulnerability that the attackers were hoping to exploit in their bid to gain access to the data on the researchers’ computers.
After discovering the previously undisclosed IE vulnerability, ENKI shared their findings with Microsoft. The vulnerability, tracked as CVE-2021-26411 and rated critical since it was easy to exploit, has finally been patched.
Note that while the vulnerability was exploited in IE, Microsoft says it also affects its newer Edge browser.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Via:Ars Technica
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’
