Security researchers at FortiGuard Labs report active malware campaigns looking to capitalize on two, older vulnerabilities in Microsoft Word to spread LokiBot malware. The malware is an information-stealing Trojan active since 2015 and aims to gather sensitive information from infected machines.

The two vulnerabilities being targeted are CVE-2021-40444 and CVE-2022-30190, patched by Microsoft 9/14/21 and 5/30/22 respectively.

If you try and open the file, the following prompt is displayed to entice you into enabling editing

Takeaways:

• Users should exercise caution when dealing with any Office documents or unknown files

• Users need to be vigilant and avoid clicking on suspicious links or opening attachments from untrusted sources

• Keeping software up to date with the latest security patches can help mitigate the risk of exploitation

Source: FortiGuard Labs

Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.