Attackers Uses IE & Edge Zero-Day To Avoid Security Researchers

Peter Buttler Last updated: July 5, 2023 Reading time: minutes

Disclosure

The readers like you support Beencrypted to help keep up the good work. When you purchase using links on our website, we may earn an affiliate commission at no extra cost to you.

leveraged by AdGholas MIME-type checks blog post“Threat actors, particularly those in the AdGholas and GooNky groups, continue to look for new means to exploit browser flaws. More importantly, though, they are turning to flaws that allow them to focus on “high-quality users”, specifically consumers rather than researchers, vendors, and sandbox environments that could detect their operations. Information disclosure vulnerabilities like CVE-2016-3298 described here and the previously discussed CVE-2016-3351 allow actors to filter based on software and configurations typically associated with security research environments.”