Uncategorized

Rozena Backdoor Malware Uses a Fileless Attack to Injecting Remote shell on Windows. There are currently many methods of distribution of malware. Rozena is no different, so to distribute a previously undocumented backdoor named Rozena on Windows systems, a phishing campaign has recently been observed that leverages the recently disclosed Follina vulnerability. Partner Now Request Infomation There are currently many methods of distribution of malware. Rozena is no different, so to distribute a previously undocumented backdoor named Rozena on Windows systems, a phishing campaign has recently been observed that leverages the recently disclosed Follina vulnerability. The Microsoft Windows Support Diagnostic Tool (MSDT) is an application designed for remote code execution, resulting in a CVE-2022-30190 vulnerability published in May 2022. A malicious external URL link can be embedded in a Microsoft Office document to trigger an exploit allowing attackers to inject a malware OLE object into the file. This method lures victims into clicking on the link or simply previewing the document. CVE ID: CVE-2022-30190 Description: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability Released: May 30, 2022 CVSS: 7.0 Affected platforms: Microsoft Windows Impact parties: Microsoft Windows Users Impact: Full Control of Affected Machine Severity: Critical Technical Analysis Upon opening an infected document containing a Discord CDN URL as a starting point, the document connects to a Discord CDN URL to retrieve an HTML file (“index.htm”) as the result of the latest attack chain observed by Fortinet.  Technical Analysis Upon opening an infected document containing a Discord CDN URL as a starting point, the document connects to a Discord CDN URL to retrieve an HTML file (“index.htm”) as the result of the latest attack chain observed by Fortinet.  #malware #microsoft #windows #html #cibersecurity #ciberseguridad Credit. Pablo Palacios shorturl.at/cdrwZ