Security researchers at FortiGuard Labs report active malware campaigns looking to capitalize on two, older vulnerabilities in Microsoft Word to spread LokiBot malware. The malware is an information-stealing Trojan active since 2015 and aims to gather sensitive information from infected machines.
The two vulnerabilities being targeted are CVE-2021-40444 and CVE-2022-30190, patched by Microsoft 9/14/21 and 5/30/22 respectively.
If you try and open the file, the following prompt is displayed to entice you into enabling editing
Users should exercise caution when dealing with any Office documents or unknown files
Users need to be vigilant and avoid clicking on suspicious links or opening attachments from untrusted sources
Keeping software up to date with the latest security patches can help mitigate the risk of exploitation
Source: FortiGuard Labs
Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.