WinRAR under active exploitation
A vulnerability that has been around for 19 years was only discovered by security researchers late last year and disclosed Feb 5 2019. The vulnerability exploits a bug in the ACE file format that can result in a file being dropped into directories in Windows that would result in running a program of the attackers choosing.
This flaw was observed to be under active exploitation in the last few weeks and was reported by NakedSecurity on 15/4/2019 as in use by state-backed cyberthreats (Government Hacker Teams) to compromise the satellite and communications industries.
The risk to everyday users cannot be discounted either as this same exploit can be used by cybercriminals to install ransomware, spyware or other software that would result in your computers falling under the control of the bad guys.
What you can do:
- If you need to use WinRAR, please update to version 5.70 or later as a matter of urgency.
- If you do not need to use WinRAR, please remove it or ask a trusted professional to remove it for you.
- Exercise caution when opening files or clicking links even from trusted sources especially if the file or link was not specifically asked for. If in doubt, throw it out.
Hackers expected to exploit Notre Dame fire
The security community has posted warnings to be on the lookout for social media or email communications relating to the recent events surrounding the Notre Dame fire in Paris.
Conspiracy theories, outrageous headlines and other “click-bait” headlines are often used to pique interest and lead people to click links that could lead to malicious files or campaigns similar to ways they have exploited past events.