Subj : Patch WinRAR now - it's got a major security flaw
To   : All
From : TechnologyDaily
Date : Thu Oct 19 2023 19:45:06

Patch WinRAR now - it's got a major security flaw

Date:
Thu, 19 Oct 2023 18:21:48 +0000

Description:
Chinese and Russians criminals are using WinRAR to target victims and deliver 
infostealers, so patch now.

FULL STORY
======================================================================

Russian and Chinese state-sponsored threat actors have been discovered 
abusing a known vulnerability in the popular archiving tool WinRAR to extract 
sensitive information such as passwords and other login credentials. 

Googles Threat Analysis Group (TAG), which usually tracks and analyzes 
state-sponsored hacking players, claims to have found evidence that the flaw, 
identified earlier as CVE-2023-38831 by Group-IB, was being used to hide 
malware in archived files. 

To the average Joe, the files would look like your average image, or text 
document. However, when downloaded and extracted, theyd infect the device 
with infostealing malware, capable of grabbing different files and 
information from the endpoint , such as passwords and payment data stored in 
browsers, various system information, and more. Sandworm, APT40, and others 

To make matters worse, this isnt just one or two groups targeting WinRAR 
users - apparently, its multiple groups targeting many users who are yet to 
apply the patch. 

The patch does exist, however, RarLab, the company behind WinRAR, released 
version 6.23 in early August this year, to address the issue. However, there 
is no way to update the program from within. Users need to head over to the 
WinRAR website, download the latest version, and run the installer as if 
theyre installing the program from scratch. 

Users will want to patch, though, as one of the groups was identified as 
Sandworm, a Russian military intelligence unit that allegedly interfered with 
the 2016 presidential elections in the United States. It was also observed as 
quite an active player in the Russia-Ukraine war, and was behind the infamous 
2017 NotPetya ransomware attack. 

Another identified player is APT40, a Chinese hacking collective allegedly 
tied to the Chinese Ministry of State Security. It used the flaw to target 
endpoints in Papua New Guinea via a Dropbox link. 

The WinRar vulnerability highlights that exploits for known vulnerabilities 
can be highly effective, TAGs researchers concluded. 

 Via TechCrunch More from TechRadar Pro Russian criminals accused of hacking 
this top email service Here's a list of the best firewalls today These are 
the best file compression software tools right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/patch-winrar-now-its-got-a-major-securi
ty-flaw


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.