In 2014, I blogged about security awareness through proverbs. Many proverbs can be used to deliver important security messages. We are now in 2016 and I could add a new one to the long list that I already built:
“The Best Broth is Made in The Oldest Pot“
A new malware, called T9000, has been recently discovered by Palo Alto Networks. It specifically targets Skype users. Have a look at the blog post if you are interested in technical details. However, what caught my attention is the way the malware is delivered to potential victims. A RTF document is sent via spam campaign and try to exploit the following CVE’s affecting (but not only) Microsoft Office:
Both are rated as critical and allow remote code execution. So what? On one side, companies are starting bug bounty programs to find vulnerabilities in their code, new 0-day vulnerabilities are for sale at high prices and $VENDORS try to sell us new boxes that will keep us safe… On the other side, we have a new piece of malware using a vulnerability from… 2012?
If you’re still vulnerable to a 4-years old vulnerability in a product like Microsoft Office, don’t be surprised to be pwn3d! Hint: Windows Update or WSUS before spending your money to new security toys…