Newly discovered zero-day vulnerability in Windows is being exploited now

Zero-day attacks will always be a serious issue for anyone involved in cyber security.

A zero-day cyber attack is one that happens in the gap between the hackers discovering a vulnerability in a system and putting an exploit out in the wild and the software vendors, discovering the same software flaw, developing a fix for it and getting it out to you.

This attack, which will get to you via a Qbot phishing email attack, exploits a Windows vulnerability and bypasses the usual warning that a file originates from an untrusted source such as the internet – a warning that many will be depending on to keep them protected.

New attacks use Windows security bypass zero-day to drop malware (bleepingcomputer.com)

I reported on another Qbot email phishing campaign last week:

Clive Catton MSc (Cyber Security) – by-line and other articles

Further Reading

QBot Malware: What Is It and How Does It Work (datto.com) – we use Datto for a variety of our services we supply to our cyber security clients.

Zero-day (computing) – Wikipedia

phishing emails
Cyber Security Experts | Awareness | Training (cyberawake.co.uk)