In early April 2024, Kaspersky researchers decided to take a closer look at the Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36033, which was previously discovered as a zero-day exploited in the wild.
While searching for samples related to this exploit and attacks that used it, they found a curious document uploaded to VirusTotal on April 1, 2024. This document caught the researchers attention because it had a rather descriptive file name, which indicated that it contained information about a vulnerability in Windows OS. Inside there the researchers found a brief description of a Windows Desktop Window Manager (DWM) vulnerability and how it could be exploited to gain system privileges, everything written in very brok
Read more…
Source: Kaspersky
Related:
- Working Windows and Linux Spectre exploits found on VirusTotal
March 1, 2021
Working exploits targeting Linux and Windows systems not patched against a three-year-old vulnerability dubbed Spectre were found by security researcher Julien Voisin on VirusTotal. The vulnerability was unveiled as a hardware bug in January 2018 by Google Project Zero researchers. If successfully exploited on vulnerable systems, it can be used by attackers to steal sensitive data, including ...
- Cybersecurity firm Genua fixes a critical flaw in its GenuGate High Resistance Firewall
March 1, 2021
Germany-based cybersecurity company Genua has fast-tracked a fix for a critical flaw in one of its firewall products. If exploited, the vulnerability could allow local attackers to bypass authentication measures and log in to internal company networks with the highest level of privileges. Genua says it offers more than 20 security solutions for encrypting data communication ...
- Cisco Warns of Critical Auth-Bypass Security Flaw
February 25, 2021
A critical vulnerability in Cisco Systems’ intersite policy manager software could allow a remote attacker to bypass authentication. The vulnerability is one of three critical flaws fixed by Cisco on this week. It exists in Cisco’s ACI Multi-Site Orchestrator (ACI MSO) — this is Cisco’s management software for businesses, which allows them to monitor the health ...
- CISA Alert (AA21-055A): Exploitation of Accellion File Transfer Appliance
February 24, 2021
This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia, This activity has impacted organizations globally, including those in Australia, New Zealand, Singapore, the ...
- Accellion FTA Zero-Day Attacks Show Ties to Clop Ransomware, FIN11
February 22, 2021
Researchers have identified a set of threat actors (dubbed UNC2546 and UNC2582) with connections to the FIN11 and the Clop ransomware gang as the cybercriminal group behind the global zero-day attacks on users of the Accellion legacy File Transfer Appliance product. Multiple Accellion FTA customers, including the Jones Day Law Firm, Kroger and Singtel, have all ...
- Chinese hackers cloned attack tool belonging to NSA’s Equation Group
February 22, 2021
Chinese threat actors “cloned” and used a Windows zero-day exploit stolen from the NSA’s Equation Group for years before the privilege escalation flaw was patched, researchers say. On Monday, Check Point Research (CPR) said the tool was a “clone” of software developed by the US National Security Agency (NSA)’s Equation Group, identified by FireEye in 2015 ...