August 6, 2024 at 10:44AM Elastic Security Labs revealed various methods for attackers to run malicious apps undetected by Windows’ security features. One method, “LNK Stomping,” exploits a bug in Windows’ handling of shortcut files to bypass SmartScreen and Smart App Control. Elastic engaged with Microsoft about the issue, but no immediate fix is promised. … Read more
April 10, 2024 at 06:18AM Microsoft’s April 2024 Patch Tuesday updates fix around 150 vulnerabilities, including two zero-day exploits. The first, CVE-2024-26234, involves a proxy driver spoofing flaw in Windows, reportedly linked to an Android app named LaiXi associated with a backdoor. Microsoft addressed this issue by adding relevant files to its driver revocation list. … Read more
March 14, 2024 at 01:21AM In mid-January 2024, a DarkGate malware campaign leveraged a Microsoft Windows security flaw, leading to attacks targeting financial institutions. The flaw, CVE-2024-21412, was fixed in February 2024, but not before being exploited in conjunction with Google Ads open redirects. This tactic allowed threat actors to distribute malicious software installers, resulting … Read more
February 14, 2024 at 07:29AM The APT group Water Hydra has been exploiting the Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in campaigns targeting financial market traders. The vulnerability has been patched by Microsoft, and it was discovered and disclosed by the Trend Micro Zero Day Initiative. Water Hydra has used sophisticated methods to bypass SmartScreen and … Read more
February 13, 2024 at 03:16PM Water Hydra exploited the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) targeting financial market traders. The Trend Micro Zero Day Initiative discovered and disclosed this, cooperating with Microsoft to ensure a rapid patch. Water Hydra also used similar tactics in a campaign targeting traders. The group’s attack patterns reflect high levels … Read more
January 12, 2024 at 07:00PM Criminals exploit Windows Defender SmartScreen bypass vulnerability to spread Phemedrone Stealer malware, targeting sensitive data on PCs. The flaw CVE-2023-36025 was patched by Microsoft in November, but a proof-of-concept exploit has been created. The malware targets various browsers, applications, and cryptocurrency wallets, and uses obfuscation techniques to evade detection. Update … Read more