Windows shops be warned: New Internet Explorer bug lets hackers hijack your system

Chinese cybersecurity company Qihoo 360 has discovered (translation necessary) a new Microsoft Internet Explorer zero-day exploit it says is already being used in the wild. Qihoo’s 360 Security Center said the zero day, which it calls a “double kill” due to targeting Internet Explorer and any other apps that use the IE kernel, is already being used by an advanced persistent threat (APT), which are often government-sponsored.

The zero day requires a potential victim to open a malicious Microsoft Office document that contains a link to a website designed to deliver a malware payload, which is a common way for attackers to infect victims. Once someone is infected, Qihoo 360 said, attackers can install backdoor Trojans or even gain complete control over the machine.

Read more about the newly discovered “double kill” bug in Internet Explorer that is already being used by possible nation-state hacking groups on TechRepublic.

Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief