David Bisson wrote:Two separate attack campaigns exploited the same Microsoft zero-day vulnerability to infect users with spyware and crimeware.
The security hole known as CVE-2017-0199 first made headlines in early April.
The vulnerability enables malicious actors to execute a Visual Basic script containing PowerShell commands when a user opens a Microsoft Office RTF document laden with an embedded exploit.
Following its initial disclosure, researchers observed attackers exploiting the bug, which affects all versions of Microsoft Office, to infect users with Dridex and other malware.
Microsoft patched the vulnerability in its Patch Tuesday on 11 April 2017. Even so, those Dridex campaigns are still sending fake photocopier documents to unsuspecting users at this time.
read more here
What do you think?