Blog Post

The Human Connection Blog
1 MIN READ

New CTI Lab: CVE-2024-38112 and CVE-2024-43461 (Windows MSHTML Platform Spoofing): Defensive

BenMcCarthy's avatar
BenMcCarthy
Icon for Immerser rankImmerser
2 months ago

Today we have released a brand new lab on two Windows vulnerabilities - CVE-2024-38112 and CVE-2024-43461. Two similar vulnerabilities used in an attack chain by threat actors!

On the 15th of July, 2024, Trend Micro released a piece of research following a threat actor named Void Banshee. Void Banshee was observed in May 2024 running a kill chain to deploy the Atlantida InfoStealer. To achieve this, they exploited two vulnerabilities in the Microsoft HTML engine. One vulnerability went un-patched for months! 

Why have we created this content?
These two vulnerabilities, one of which was patched as of September's Patch Tuesday, have been updated by Microsoft and CISA Kev as actively exploited in the wild. Void Banshee, the threat actor who used these vulnerabilities in an attack chain earlier this year, has been seen to attack companies in Europe, North America, and Southeast Asia. Customers need to be aware of how to alert to threats shown by these vulnerabilities and how to ensure they don't fall victim to them.

What are we publishing?
All customers on a CyberPro License have immediate access to this new lab.

Who is this content for?
This lab is focused on upskilling and increasing the defensive capabilities of the following roles:

  • SOC Analysts
  • Incident Responders
  • Threat Hunters
  • Malware Analysts
Published 2 months ago
Version 1.0
No CommentsBe the first to comment