QakBot attacks with Windows zero-day (CVE-2024-30051)


In early April 2024, Kaspersky researchers decided to take a closer look at the Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36033, which was previously discovered as a zero-day exploited in the wild.

While searching for samples related to this exploit and attacks that used it, they found a curious document uploaded to VirusTotal on April 1, 2024. This document caught the researchers attention because it had a rather descriptive file name, which indicated that it contained information about a vulnerability in Windows OS. Inside there the researchers found a brief description of a Windows Desktop Window Manager (DWM) vulnerability and how it could be exploited to gain system privileges, everything written in very brok

Read more…
Source: Kaspersky


Sign up for our Newsletter


Related:

  • Backdoor found in widely used Linux utility targets encrypted SSH connections

    March 29, 2024

    Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those from Red Hat and Debian. The compression utility, known as xz Utils, introduced the malicious code in versions ​​5.6.0 and 5.6.1, according to Andres Freund, the developer who discovered it. There are no known reports ...

  • Cloud Werewolf spearphishes Russian and Belarus government employees with fake spa vouchers and federal decrees

    March 29, 2024

    The BI.ZONE Threat Intelligence team has revealed another campaign by Cloud Werewolf aiming at Russian and Belarusian government organizations. According to the researchers, the group ran at least five attacks in February and March. The adversaries continue to rely on phishing emails with Microsoft Office attachments. Placing malicious content on a remote server and limiting the ...

  • Patch now: Mozilla patches two critical vulnerabilities in Firefox

    March 26, 2024

    Mozilla released version 124.0.1 of the Firefox browser to Release channel users (the default channel that most non-developers run) on March 22, 2024. The new version fixes two critical security vulnerabilities. One of the vulnerabilities affects Firefox on desktop only, and doesn’t affect mobile versions of Firefox. Windows users that have automatic updates enabled should have ...

  • Secure by Design Alert Eliminating SQL Injection Vulnerabilities in Software

    March 25, 2024

    SQL injection – or SQLi – vulnerabilities remain a persistent class of defect in commercial software products. Despite widespread knowledge and documentation of SQLi vulnerabilities over the past two decades, along with the availability of effective mitigations, software manufacturers have continued to develop products with this defect, which puts many customers at risk. CISA and the ...

  • Unpatchable vulnerability in Apple chip leaks secret encryption keys

    March 21, 2024

    A newly discovered vulnerability baked into Apple’s M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday. The flaw—a side channel allowing end-to-end key extractions when Apple chips run implementations of widely used cryptographic protocols—can’t be patched directly because ...

  • Bringing Access Back — Initial Access Brokers Exploit F5 BIG-IP (CVE-2023-46747) and ScreenConnect

    March 21, 2024

    During the course of an intrusion investigation in late October 2023, Mandiant observed novel N-day exploitation of CVE-2023-46747 affecting F5 BIG-IP Traffic Management User Interface. Additionally, in February 2024, Mandiant researchers observed exploitation of Connectwise ScreenConnect CVE-2024-1709 by the same actor. This mix of custom tooling and the SUPERSHELL framework leveraged in these incidents is assessed ...