■■■■■ Can you trust a file’s digital signature?
A new #Zloader campaign abuses CVE-2013-3900 for defense evasion.
HTA content appended to a signed Microsoft DLL, without breaking trust
MSHTA used to execute the appended script
CVE-2013-3900 still unpatched by default https://t.co/5n1AoS6hsl
https://t.me/cKure/10214