Microsoft has patched another zero-day bug used by attackers to circumvent the Windows SmartScreen cloud-based anti-malware service and deploy Magniber ransomware payloads without raising any red flags.
The attackers have been using malicious MSI files signed with a specially crafted Authenticode signature to exploit this security feature bypass vulnerability (tracked as CVE-2023-24880).
Read more…
Source: Bleeping Computer
Related story: Microsoft fixes Outlook zero-day used by Russian hackers since April 2022