August 16, 2024 at 06:10AM Trend Micro’s Zero Day Initiative (ZDI) revealed a zero-day vulnerability, CVE-2024-38213, named Copy2Pwn, which cybercriminals exploited to bypass Windows protections. Microsoft fixed this flaw in June 2024 but only disclosed it in August. ZDI discovered it during the analysis of attacks by a threat group named Water Hydra for bypassing … Read more
February 14, 2024 at 07:29AM The APT group Water Hydra has been exploiting the Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) in campaigns targeting financial market traders. The vulnerability has been patched by Microsoft, and it was discovered and disclosed by the Trend Micro Zero Day Initiative. Water Hydra has used sophisticated methods to bypass SmartScreen and … Read more
February 14, 2024 at 07:09AM Microsoft’s latest Patch Tuesday resolves over 70 vulnerabilities, including two zero-day exploits used for financial market trader attacks by the Water Hydra threat group. Trend Micro described the attacks, outlining the exploitation of CVE-2024-21412 to deliver DarkMe malware. It affects Windows Server 2019, Windows Server 2022, Windows 10, and Windows … Read more
February 13, 2024 at 03:16PM Water Hydra exploited the zero-day Microsoft Defender SmartScreen vulnerability (CVE-2024-21412) targeting financial market traders. The Trend Micro Zero Day Initiative discovered and disclosed this, cooperating with Microsoft to ensure a rapid patch. Water Hydra also used similar tactics in a campaign targeting traders. The group’s attack patterns reflect high levels … Read more