In early April 2024, Kaspersky researchers decided to take a closer look at the Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36033, which was previously discovered as a zero-day exploited in the wild.
While searching for samples related to this exploit and attacks that used it, they found a curious document uploaded to VirusTotal on April 1, 2024. This document caught the researchers attention because it had a rather descriptive file name, which indicated that it contained information about a vulnerability in Windows OS. Inside there the researchers found a brief description of a Windows Desktop Window Manager (DWM) vulnerability and how it could be exploited to gain system privileges, everything written in very brok
Read more…
Source: Kaspersky
Related:
- Attackers exploiting a patched FortiClient EMS vulnerability in the wild
December 19, 2024
During a recent incident response, Kaspersky’s GERT team identified a set of TTPs and indicators linked to an attacker that infiltrated a company’s networks by targeting a Fortinet vulnerability for which a patch was already available. This vulnerability is an improper filtering of SQL command input making the system susceptible to an SQL injection. It specifically ...
- U.S. Considers Ban On Chinese Made TP-Link Routers
December 18, 2024
The United States government is taking aim at TP-Link, a Chinese technology company that dominates the home and small-business router market in the U.S., amid mounting national security concerns. With TP-Link holding a significant 65% market share, federal authorities are investigating potential vulnerabilities in the company’s devices that could be exploited by foreign entities for cyberattacks. Read ...
- BeyondTrust security advisory addresses a vulnerability in the Remote Support and Privileged Remote Access systems
December 17, 2024
BeyondTrust has released a security advisory that addresses a vulnerability in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems. Privileged Remote Access facilitates just-in-time secure access to enterprise environments. CVE-2024-12356 has a CVSSv3 score of 9.8 and if exploited could ...
- Link Trap: GenAI Prompt Injection Attack
December 17, 2024
With the rise of generative AI, new security vulnerabilities are emerging. One such vulnerability is prompt injection, a method that malicious actors can exploit to manipulate AI systems. Typically, the impact of prompt injection attacks is closely tied to the permissions granted to the AI. However, the attack discussed in this article differs from commonly known ...
- Proof-of-Concept Released for Critical Apache Struts Vulnerability
December 17, 2024
Apache has released a security bulletin addressing a critical vulnerability in Apache Struts 2. Apache Struts is an open-source model-view-controller (MVC) framework for creating Java web applications. CVE-2024-53677 is a ‘Unrestricted Upload of File with Dangerous Type’ vulnerability and has a CVSSv4 score of 9.5. This vulnerability exists in the File Upload Interceptor, which allows developers ...
- HiatusRAT Actors Targeting Web Cameras and DVRs
December 16, 2024
The Federal Bureau of Investigation (FBI) is releasing this Private Industry Notification (PIN) to highlight HiatusRAT1 scanning campaigns against Chinese-branded web cameras and DVRs. Private sector partners are encouraged to implement the recommendations listed in the “Mitigation” column of the table below to reduce the likelihood and impact of these attack campaigns. Threat HiatusRAT is a ...