June 12, 2024 at 12:45PM
Symantec reported that a ransomware group possibly exploited a patched Windows privilege escalation vulnerability before Microsoft’s fix. The flaw, tracked as CVE-2024-26169, could allow attackers to obtain System privileges. Symantec found evidence suggesting the Black Basta ransomware group exploited this vulnerability as a zero-day, hitting over 500 organizations globally.
Summary of Meeting Notes:
– Symantec reported that a known ransomware group, Black Basta, may have exploited a recently patched Windows privilege escalation vulnerability, identified as CVE-2024-26169, before Microsoft released a fix.
– The vulnerability allows an attacker to obtain System privileges and was patched by Microsoft on March 12, with an exploitability assessment of ‘less likely’.
– Symantec uncovered evidence suggesting that the Black Basta group exploited the vulnerability as a zero-day, with researchers finding a tool that appears to exploit the vulnerability to start a shell with administrative privileges.
– Multiple US government agencies issued an alert showing that the Black Basta ransomware group impacted over 500 organizations globally.
– Last year’s report estimated that 90 Black Basta victims paid over $100 million to the cybercriminals.
– SecurityWeek has reached out to Microsoft for comment.
Please let me know if you need any further details or if there is anything else I can assist you with.