Researchers from FireEye have disclosed the details of cyberattack group leveraging a Microsoft Windows zero-day flaw in targeted attacks against over 100 US companies. The systems affected include Microsoft Windows Vista, Windows Server 2008, Windows 7, Windows 8.1, Windows Server 2012, Windows RT 8.1, and Windows 10. Dhanesh Kizhakkinan, Yu Wang, Dan Caselden and Erica Eng from FireEye’s security team said in a blog post on Wednesday that in March this year, a group of threat actors developed spear-phishing campaigns tailored for specific targets in the retail, restaurant, and hospitality industries.
The attacks involved CVE-2016-0167, a zero-day vulnerability which was patched in Microsoft’s April 12 Patch Tuesday. If you are processing or storing credit card information on any of the listed versions of Microsoft Windows, you need to install the patch immediately.
Details are available at http://goo.gl/FwK7bR.