I am not sure what is the latest software used to unzip files, but I have been using WinRAR for the better part of the Millennium. It is a great program that will unwrap many types of compressed files. But lately someone has developed a hack that make the WinRAR program do some nasty things.
"By renaming an ACE file with a RAR extension, hackers could manipulate WinRAR to extract a malicious program to a computer's startup folder. The program would then run automatically when your computer started. Check Point says the flaw existed for 19 years. In response to the blog post, WinRAR was quick to patch the vulnerability, releasing a version 5.70 beta 1 in which it dropped support for ACE archives. Turns out the company was using a third party tool to unpack ACE archives anyway, and it hadn't been updated since 2005." (Fischer, 2019)
Luckily this bug has been fixed as long as you update to the latest version of 5.7. It is funny to think that this flaw, although unused, has been out there for the past 19 years.
NOTE: WinRAR does not patch automatically – you have to manually update your software to be safe.
“Because of the huge WinRAR customer-base, lack of auto-update feature and the ease of exploitation of this vulnerability, we believe this will be used by more threat actors in the upcoming days.” (Muncaster, 2019)
Something else to note is that Saudi Arabian targets account for 42% of total attacks since 2016, but the US is a close second with 34% before a big drop off with Belgium (6%) in third.
Fisher, C. (2019, February 21). WinRAR patched 19-year-old bug that left millions vulnerable. Retrieved February 1, 2020, from https://www.engadget.com/2019/02/21/winrar-19-year-old-bug-patched/
Muncaster, P. (2019, March 28). Hackers Queue Up to Exploit WinRAR Bug. Retrieved February 1, 2020, from https://www.infosecurity-magazine.com/news/hackers-queue-up-to-exploit-winrar-1/
"By renaming an ACE file with a RAR extension, hackers could manipulate WinRAR to extract a malicious program to a computer's startup folder. The program would then run automatically when your computer started. Check Point says the flaw existed for 19 years. In response to the blog post, WinRAR was quick to patch the vulnerability, releasing a version 5.70 beta 1 in which it dropped support for ACE archives. Turns out the company was using a third party tool to unpack ACE archives anyway, and it hadn't been updated since 2005." (Fischer, 2019)
Luckily this bug has been fixed as long as you update to the latest version of 5.7. It is funny to think that this flaw, although unused, has been out there for the past 19 years.
NOTE: WinRAR does not patch automatically – you have to manually update your software to be safe.
“Because of the huge WinRAR customer-base, lack of auto-update feature and the ease of exploitation of this vulnerability, we believe this will be used by more threat actors in the upcoming days.” (Muncaster, 2019)
Something else to note is that Saudi Arabian targets account for 42% of total attacks since 2016, but the US is a close second with 34% before a big drop off with Belgium (6%) in third.
Fisher, C. (2019, February 21). WinRAR patched 19-year-old bug that left millions vulnerable. Retrieved February 1, 2020, from https://www.engadget.com/2019/02/21/winrar-19-year-old-bug-patched/
Muncaster, P. (2019, March 28). Hackers Queue Up to Exploit WinRAR Bug. Retrieved February 1, 2020, from https://www.infosecurity-magazine.com/news/hackers-queue-up-to-exploit-winrar-1/
No comments:
Post a Comment