Attackers are using fake exploits to trick security researchers into downloading malware disguised as legitimate proof-of-concept code.
Security researchers are being lured into traps by attackers using fake exploits of serious Microsoft security flaws. Trend Micro discovered what appears to be a modified version of a legitimate proof-of-concept exploit for LDAPNightmare, a vulnerability addressed in Microsoft's final updates of 2024. The counterfeit PoC replaces legitimate Python files with an executable called 'poc.exe'.
If run, it drops a PowerShell script that downloads and executes another script from Pastebin, collecting data from the user. Although the tactic isn't new, it's concerning because it exploits a trending issue and could affect a larger number of victims. The more severe LDAP vulnerability patched in December (CVE-2024-49112) received the highest severity score, making it a target for security professionals and system administrators. This is the latest attempt to exploit researchers. North Korean attackers have previously targeted security researchers using various tactics, including burning zero-days to gain access and spy on their work
ATTACKS SECURITY RESEARCHERS MALWARE EXPLOITS LDAPNIGHTMARE
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Microsoft Tries Tricky Homepage Mimicry to Lure Google Search UsersMicrosoft has implemented a new tactic to potentially divert accidental Bing visitors from switching to Google. The strategy involves mimicking Google's homepage layout for users who search for 'Google' while not signed into their Microsoft accounts. This deceptive design, featuring a mostly blank white screen, a search bar, and subtle text, obscures Bing's usual branding elements, aiming to fool users into thinking they are on Google.
Read more »
Microsoft Mimics Google's Homepage to Lure Bing UsersMicrosoft is using a deceptive tactic to try and keep users on Bing. When searching for 'Google' on Bing, the search results page is designed to look like Google's homepage, hoping to mislead users into staying.
Read more »
Social Media Scammers Lure Thousands to Fake Birmingham Fireworks SpectacularThousands of people were lured to Birmingham City Centre by social media scammers promising a New Year's Eve fireworks display that never happened. Crowds gathered at Centenary Square last night expecting to welcome 2025 with a bang, only to be told reports of the display were fake. West Midlands Police had earlier warned about rumours of the event and urged people not to travel to the city centre in anticipation.
Read more »
Social Media Scammers Lure Thousands to Fake Birmingham Fireworks ShowA planned New Year's Eve fireworks display in Birmingham City Centre was faked, luring thousands of people to Centenary Square who were left disappointed.
Read more »
Taylor Harwood-Bellis 'Must Use Influence' to Lure Roy Keane to Southampton, Says Jeff StellingJeff Stelling jokingly suggests that Taylor Harwood-Bellis needs to use his influence to convince Roy Keane to take the manager's job at Southampton, following Russell Martin's sacking. The suggestion comes amidst speculation about Keane's potential return to management, though he hasn't managed in the Premier League since 2008.
Read more »
Valencia in Pole Position to Lure West Brom Boss CorberanValencia are leading the race to sign West Bromwich Albion manager Carlos Corberan, with talks ongoing between the two clubs. Corberan is expected to make a decision soon.
Read more »