QakBot attacks with Windows zero-day (CVE-2024-30051)

In early April 2024, Kaspersky researchers decided to take a closer look at the Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36033, which was previously discovered as a zero-day exploited in the wild.

While searching for samples related to this exploit and attacks that used it, they found a curious document uploaded to VirusTotal on April 1, 2024. This document caught the researchers attention because it had a rather descriptive file name, which indicated that it contained information about a vulnerability in Windows OS. Inside there the researchers found a brief description of a Windows Desktop Window Manager (DWM) vulnerability and how it could be exploited to gain system privileges, everything written in very brok

Read more…
Source: Kaspersky

Sign up for our Newsletter


  • CVE-2024-24919: Check Point Security Gateway Information Disclosure

    May 30, 2024

    On May 28, 2024, Check Point published an advisory for CVE-2024-24919, a high-severity information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile Access” software blade. On May 29, 2024, security firm mnemonic published a blog reporting that they have observed in-the-wild exploitation of CVE-2024-24919 since April 30, 2024, ...

  • Confluence Data Center and Server Remote Code Execution Vulnerability

    May 30, 2024

    The SonicWall Capture Labs threat research team became aware of a remote code execution vulnerability in the Atlassian Confluence Data Center and Server, assessed its impact and developed mitigation measures. Confluence Server is a software to manage documentation and knowledge bases with an ubiquitous presence across the globe. Identified as CVE-2024-21683, Confluence Data Center and Server ...

  • CVE-2024-30043: Abusing URL Parsing Confusion To Exploit XXE On Sharepoint Server And Cloud

    May 30, 2024

    Yes, the title is right. This blog covers an XML eXternal Entity (XXE) injection vulnerability that the author found in SharePoint. The bug was recently patched by Microsoft. In general, XXE vulnerabilities are not very exciting in terms of discovery and related technical aspects. They may sometimes be fun to exploit and exfiltrate data (or do ...

  • Positive Technologies detects a series of attacks via Microsoft Exchange Server

    May 17, 2024

    While responding to an incident, the Incident Response team of Positive Technologies Expert Security Center (PT ESC) discovered an unknown keylogger embedded in the main Microsoft Exchange Server page of one of our customers. This keylogger was collecting account credentials into a file accessible via a special path from the internet. The team identified over 30 ...

  • Two Santa Cruz students uncover security bug that could let millions do their laundry for free

    May 17, 2024

    A pair of university students say they found and reported earlier this year a security flaw allowing anyone to avoid paying for laundry provided by over a million internet-connected laundry machines in residences and college campuses around the world. Months later, the vulnerability remains open after CSC ServiceWorks repeatedly ignored requests to fix the flaw. Read more… Source: ...

  • Payload Trends in Malicious OneNote Samples

    May 16, 2024

    In this post, Unt 42 researchers look at the types of embedded payloads that attackers leverage to abuse Microsoft OneNote files. Our analysis of roughly 6,000 malicious OneNote samples from WildFire reveals that these samples have a phishing-like theme where attackers use one or more images to lure people into clicking or interacting with OneNote ...