www.helpnetsecurity.com
Open in
urlscan Pro
34.218.126.5
Public Scan
Submitted URL: https://www.helpnetsecurity.com/?p=311626%27
Effective URL: https://www.helpnetsecurity.com/2024/09/16/cve-2024-43461-exploited/
Submission: On September 16 via api from US — Scanned from DE
Effective URL: https://www.helpnetsecurity.com/2024/09/16/cve-2024-43461-exploited/
Submission: On September 16 via api from US — Scanned from DE
Form analysis
2 forms found in the DOMPOST
<form id="mc4wp-form-1" class="mc4wp-form mc4wp-form-298002 mc4wp-ajax" method="post" data-id="298002" data-name="Breaking news">
<div class="mc4wp-form-fields"><img decoding="async" class="aligncenter" title="OPIS" src="https://img2.helpnetsecurity.com/posts2024/devider.webp" alt="OPIS">
<img decoding="async" src="https://img2.helpnetsecurity.com/posts2024/newsletter_ad-550x98px_5.webp" class="aligncenter" alt="OPIS" title="OPIS">
<br>
<label>
<input type="email" name="EMAIL" size="35" placeholder="Please enter your e-mail address" required="">
</label> <input type="submit" value="Subscribe">
<p></p>
<p>
<label>
<input type="checkbox" name="AGREE_TO_TERMS" value="1" required=""> I have read and agree to the <a href="https://www.helpnetsecurity.com/privacy-policy/#personalized" target="_blank" rel="noopener">terms & conditions</a>
</label>
<img decoding="async" class="aligncenter" title="OPIS" src="https://img2.helpnetsecurity.com/posts2024/devider.webp" alt="OPIS">
</p>
</div><label style="display: none !important;">Leave this field empty if you're human: <input type="text" name="_mc4wp_honeypot" value="" tabindex="-1" autocomplete="off"></label><input type="hidden" name="_mc4wp_timestamp"
value="1726515306"><input type="hidden" name="_mc4wp_form_id" value="298002"><input type="hidden" name="_mc4wp_form_element_id" value="mc4wp-form-1">
<div class="mc4wp-response"></div>
</form>
POST
<form id="mc4wp-form-2" class="mc4wp-form mc4wp-form-244483 mc4wp-ajax" method="post" data-id="244483" data-name="Footer newsletter form">
<div class="mc4wp-form-fields">
<div class="hns-newsletter">
<div class="hns-newsletter__top">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__title">
<i>
<svg class="hic">
<use xlink:href="#hic-plus"></use>
</svg>
</i>
<span>Cybersecurity news</span>
</div>
</div>
</div>
</div>
<div class="hns-newsletter__bottom">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__body">
<div class="row">
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="520ac2f639" id="mcs1">
<label class="form-check-label text-nowrap" for="mcs1">Daily Newsletter</label>
</div>
</div>
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="d2d471aafa" id="mcs2">
<label class="form-check-label text-nowrap" for="mcs2">Weekly Newsletter</label>
</div>
</div>
</div>
</div>
<div class="form-check form-control-lg mb-3">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="28abe5d9ef" id="mcs3">
<label class="form-check-label" for="mcs3">(IN)SECURE - editor's choice selection of topics (twice per month)</label>
</div>
<div class="input-group mb-3">
<input type="email" name="email" id="email" class="form-control border-dark" placeholder="Please enter your e-mail address" aria-label="Please enter your e-mail address" aria-describedby="hns-newsletter-submit-btn" required="">
<button class="btn btn-dark rounded-0" type="submit" id="hns-newsletter-submit-btn">Subscribe</button>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="AGREE_TO_TERMS" value="1" id="mcs4" required="">
<label class="form-check-label" for="mcs4">
<span>I have read and agree to the <a href="https://www.helpnetsecurity.com/newsletter/" target="_blank" rel="noopener" class="d-inline-block">terms & conditions</a>
</span>
</label>
</div>
</div>
</div>
</div>
</div>
</div><label style="display: none !important;">Leave this field empty if you're human: <input type="text" name="_mc4wp_honeypot" value="" tabindex="-1" autocomplete="off"></label><input type="hidden" name="_mc4wp_timestamp"
value="1726515306"><input type="hidden" name="_mc4wp_form_id" value="244483"><input type="hidden" name="_mc4wp_form_element_id" value="mc4wp-form-2">
<div class="mc4wp-response"></div>
</form>
Text Content
* News * Features * Expert analysis * Videos * Events * Whitepapers * Industry news * Product showcase * Newsletters * * * Please turn on your JavaScript for this page to function normally. Zeljka Zorz, Editor-in-Chief, Help Net Security September 16, 2024 Share MICROSOFT CONFIRMS SECOND 0-DAY EXPLOITED BY VOID BANSHEE APT (CVE-2024-43461) CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior to July 2024,” Microsoft has revealed. The latter vulnerability was patched by the company in July 2024, and threat hunters with Trend Micro’s Zero Day Initiative explained that it had been used by the Void Banshee APT group to deliver Atlantida malware to targets around the world. THE ATTACK CHAIN IN ACTION Based on analyzed samples of malicious files used in the attacks, Check Point researchers concluded that CVE-2024-38112 had likely been exploited in the wild for over a year. CVE-2024-38112 was leveraged to force a URL file (posing as a PDF file) to be opened with Internet Explorer instead of the Edge browser. The URL lead to a page controlled by the attackers and triggered the download of a HTA file. The specially crafted HTA (HTML application) file used CVE-2024-43461 to make it appead as a PDF file, hiding its true extension and its malicious nature from the user. The HTA file carried a script that made use of PowerShell to download and execute an additional script, create a new process for it, download additional trojan loaders and deliver the Atlantida info-stealer. CVE-2024-43461 FIXED A fix for CVE-2024-43461 was released last week. At the time, Microsoft did not classify it as “exploited”. On Friday, though, the company confirmed it had been exploited, as part of an attack chain that they “broke” by releasing a fix for CVE-2024-38112 in July. “Customers should both the July 2024 and September 2024 security update to fully protect themselves,” Microsoft said. I have read and agree to the terms & conditions Leave this field empty if you're human: More about * 0-day * APT * Check Point * CVE * Microsoft * security update * Trend Micro * vulnerability * Windows Share FEATURED NEWS * Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) * EchoStrike: Generate undetectable reverse shells, perform process injection * Compliance frameworks and GenAI: The Wild West of security standards eBook: Navigating compliance with a security-first approach SPONSORED * eBook: Cloud security skills * Download: The Ultimate Guide to the CISSP * eBook: Do you have what it takes to lead in cybersecurity? DON'T MISS * Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) * EchoStrike: Generate undetectable reverse shells, perform process injection * Compliance frameworks and GenAI: The Wild West of security standards * The ripple effects of regulatory actions on CISO reporting * eBook: Navigating compliance with a security-first approach Cybersecurity news Daily Newsletter Weekly Newsletter (IN)SECURE - editor's choice selection of topics (twice per month) Subscribe I have read and agree to the terms & conditions Leave this field empty if you're human: © Copyright 1998-2024 by Help Net Security Read our privacy policy | About us | Advertise Follow us ×