The zero-day vulnerability patched by Microsoft earlier this week was exploited to launch cyberattacks against organizations worldwide, security researchers say. The vulnerability affects all versions of Windows, and was first reported byarXiv.com on July 29. Microsoft has not released a public security advisory for the vulnerability yet, but urged customers to apply the update as soon as possible to protect themselves from potential attacks.
The vulnerability in the Windows Common Log File System could be exploited by attackers to gain full access to an unpatched system. As Microsoft confirmed, attackers are actively exploiting the vulnerability and have already breached several systems.
Nokoyawa ransomware, which is known to have been used in the past to target Windows servers belonging to small and medium-sized businesses based in the Middle East, North America and Asia, has recently been found to have a vulnerability that could be exploited by hackers. Kaspersky Lab researchers say that this flaw was likely used by cybercriminals in order to deploy Nokoyawa ransomware.
Kaspersky Lab researchers have identified a zero-day vulnerability that is being actively exploited by financially motivated cyber criminals. This particular vulnerability stands out because it is being used to attack systems located in countries with a high Human Rights record. This makes it particularly dangerous because these systems may be more likely to contain sensitive information, such as the personal data of political dissidents or military personnel.
Zero-day exploits, or security vulnerabilities that are unknown to the victim, are a popular tool for cyber criminals. Cyber criminals use these vulnerabilities to break into an unsuspecting victim’s computer and gain access to sensitive information. These types of attacks have become increasingly sophisticated in recent years, as cyber criminals have acquired more zero-day exploits and used them in attacks against various organizations.
Nokoyawa is believed to be connected to the now-defunct Hive ransomware gang, which law enforcement infiltrated and shut down in January. Suspected members of the group are thought to have used tools and techniques similar to those used by Hive, suggesting that they may belong to the same group. This suggests that criminals are becoming increasingly aware of cyberthreats and how best to avoid them, meaning businesses must stay vigilant in order to protect themselves from this type of attack.
The Nokoyawa malware has been seen encrypting files on systems it compromises, but the operators have also threatened to leak valuable information unless a ransom is paid. Victims of this malware may want to take steps to protect their data, such as encrypting files using strong passwords and limiting access to systems.
The newly-patched Windows vulnerability has been found to be exploited in a number of federal agencies’ systems, and CISA urges federal agencies to update their systems before the May 2 patch deadline.
Microsoft’s Patch Tuesday update, released on November 10, included patches for over 96 percent of all product vulnerabilities reported to the company in the prior seven months. The update also fixed a remote code execution flaw that could allow a remote, unauthenticated attacker to run their code with elevated privileges on affected servers with Microsoft’s Message Queuing service enabled. This security issue is particularly worrisome because it could allow an attacker to take control of an affected machine entirely, without requiring any user interaction or access to sensitive data.