"Microsoft Follina Bug Is Back in Meme-Themed Cyberattacks Against Travel Orgs"

A threat actor is exploiting the Follina Remote Code Execution (RCE) vulnerability discovered last year to deploy the XWORM Remote Access Trojan (RAT) and data-stealer against hospitality industry targets. Follina, tracked as CVE-2022-30190, is an RCE flaw with a "high" CVSS score of 7.8. It enables attackers to create specially crafted Microsoft Word files that trick Microsoft's Diagnostic Support Tool into downloading and executing malicious code from a server controlled by the attacker. On May 12, researchers from Securonix detailed the campaign, which uses Follina to drop Powershell code onto target machines and is packed with 4Chan references and memes. The researchers dubbed the campaign "MEME#4CHAN," because it blurs the line between stealth and Internet humor. MEME#4CHAN attacks start with a phishing email containing a hospitality-themed subject line, such as "Reservation for Room." This article continues to discuss the MEME#4CHAN campaign exploiting a patched Microsoft vulnerability to attack the hospitality industry. 

Dark Reading reports "Microsoft Follina Bug Is Back in Meme-Themed Cyberattacks Against Travel Orgs"