1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Critical Windows flaw has been exploited in ransomware attacks, s

    From TechnologyDaily@1337:1/100 to All on Wed Apr 12 10:15:03 2023
    Critical Windows flaw has been exploited in ransomware attacks, so patch now

    Date:
    Wed, 12 Apr 2023 09:05:27 +0000

    Description:
    Patch Tuesday fixes a zero-day known to be abused in the wild to deliver the Nokoyawa ransomware.

    FULL STORY ======================================================================

    There is a serious flaw affecting all supported versions of Windows server
    and client, which hackers are actively exploiting, researchers are warning. Therefore, IT teams should apply the fix immediately, they say.

    The flaw in question is tracked as CVE-2023-28252, a zero-day in the Windows Common Log File System (CLFS). Discovered by researchers from Mandiant and WeBin Lab, the vulnerability can be used in low-complexity attacks. It requires no user interaction, but does require local access, BleepingComputer reports.

    Threat actors that successfully leverage the flaw can gain SYSTEM privileges and fully compromise the target endpoint, it was said. Simultaneously, researchers from Kaspersky have also seen it exploited, apparently to deploy the Nokoyawa ransomware strain. Fixing zero-days

    "Kaspersky researchers uncovered the vulnerability in February as a result of additional checks into a number of attempts to execute similar elevation of privilege exploits on Microsoft Windows servers belonging to different small and medium-sized businesses in the Middle Eastern and North American
    regions," the company said in a press release. Read more

    The first Microsoft Patch Tuesday of 2023 includes some rather important
    fixes


    Microsoft's latest Patch Tuesday broke some VMs, but there's a fix


    These are the best endpoint protection tools at the moment

    "CVE-2023-28252 was first spotted by Kaspersky in an attack in which cybercriminals attempted to deploy a newer version of Nokoyawa ransomware."

    The researchers claim the same threat actor has been leveraging this flaw, as well as a number of other similar flaws, since early summer 2022. They were using them to target wholesale, energy, manufacturing, healthcare, and software development firms.

    Now, Microsoft has addressed the problem in its April Patch Tuesday
    cumulative update, and researchers are urging all users to deploy the fix immediately. The cumulative update addresses another 96 flaws, including 45 remote code execution (RCE) flaws.

    Furthermore, the Cybersecurity and Infrastructure Security Agency (CISA)
    added this zero-day to its catalog of Known Exploited Vulnerabilities and ordered Federal Civilian Executive Branch (FCEB) organizations to apply the fix by May 2. Check out the best firewalls right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/critical-windows-flaw-has-been-exploited-in-ran somware-attacks-so-patch-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)