Tag Archive for: Valentine’s

Microsoft patches two zero-days for Valentine’s Day


Microsoft has patched two actively exploited zero-day vulnerabilities in its February Patch Tuesday – a pair of security feature bypasses affecting Internet Shortcut Files and Windows SmartScreen respectively – out of a total of just over 70 vulnerabilities disclosed in the second drop of 2024.

Among some of the more pressing issues this month are critical vulnerabilities in Microsoft Dynamics, Exchange Server, Office, and Windows Hyper-V and Pragmatic General Multicast, although none of these flaws are being used in the wild quite yet.

Water Hydra

The first of the two zero-days is tracked as CVE-2024-21412 and was found by Trend Micro researchers. It appears to be being used to target foreign exchange traders specifically by a group tracked as Water Hydra.

According to Trend Micro, the cyber criminal gang is leveraging CVE-2024-21412 as part of a wider attack chain in order to bypass SmartScreen and deliver a remote access trojan (RAT) called DarkMe, likely as a precursor to future attacks, possibly involving ransomware.

“CVE-2024-21412 represents a critical vulnerability characterised by sophisticated exploitation of the Microsoft Defender SmartScreen through a zero-day flaw,” explained Saeed Abbasi, product manager for vulnerability research at the Qualys Threat Research Unit.

“This vulnerability is exploited via a specially crafted file delivered through phishing tactics, which cleverly manipulates internet shortcuts and WebDAV components to bypass the displayed security checks.

“The exploitation requires user interaction, attackers must convince the targeted user to open a malicious file, highlighting the importance of user awareness alongside technical defences. The impact of this vulnerability is profound, compromising security and undermining trust in protective mechanisms like SmartScreen,” said Abbasi.

The second zero-day, tracked as CVE-2024-21351, is remarkably similar to the first in that ultimately, it impacts the SmartScreen service. In this case, however, it enables an attacker to get around the checks that it conducts for the so-called Mark-of-the-Web (MotW) that indicates whether a file can be trusted or not, and execute their own code.

“This…

Source…

Game source code sold online? Bloomberg renews claims of Chinese hardware backdoors. ICS advisories, notes. Bogus valentines. – The CyberWire



Game source code sold online? Bloomberg renews claims of Chinese hardware backdoors. ICS advisories, notes. Bogus valentines.  The CyberWire

Source…