Ujawniono pięć aktywnie wykorzystywanych luk zero-day w systemie Windows

W maju 2025 roku badacze bezpieczeństwa (Google, CrowdStrike) oraz Microsoft ujawnili i załatali pięć aktywnie wykorzystywanych luk zero-day w systemie Windows. Najpoważniejsza z nich umożliwia zdalne wykonanie kodu (RCE) przez przeglądarkę internetową – atak ten został już zaobserwowany „na żywo” i wykorzystuje zarówno stare, jak i nowe mechanizmy systemowe. Główny...

#WBiegu #Clfs #Cve #Microsoft #Mshtml #Rce

https://sekurak.pl/ujawniono-piec-aktywnie-wykorzystywanych-luk-zero-day-w-systemie-windows/

#Windows #UnderAttack: #0day #vulnerability used by #ransomware group

https://www.ghacks.net/2025/04/09/windows-under-attack-0-day-vulnerability-used-by-ransomware-group/?utm_source=mas.to&utm_medium=social&utm_campaign=&utm_term=&utm_content=&utm_referrer=https%3A%2F%2Fmas.to%2F%40KNTRO&utm_id=&utm_creative=&utm_channel=mastodon_organic&utm_platform=desktop&utm_location=argentina&utm_language=es-ar&utm_variant=

#0DayVulnerability #ZeroDay #ZeroDayVulnerability #Windows10 #Windows11 #WindowsServer #WindowsServer2025 #CVE202529824 #CVE_2025_29824 #CommonLogFileSystem #CLFS #Storm2460 #Storm_2460 #RansomEXX #MSBuild #PipeMagic #LSASS #LSASSMemory

Patch Tuesday, April 2025 Edition

https://krebsonsecurity.com/2025/04/patch-tuesday-april-2025-edition/

#WindowsRemoteDesktopServices #CommonLogFileSystem #LatestWarnings #TheComingStorm #CVE-2025-26671 #CVE-2025-27480 #CVE-2025-27482 #CVE-2025-29824 #SecurityTools #SatnamNarang #TimetoPatch #ChrisGoettl #microsoft #windows #Ivanti #CLFS

It's been a heck of a week, with tonnes of great research and tooling that I'm sure you're going to get a kick out of - check out our wrap-up for all the news!:

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-16042023

Kaspersky researchers shone a light on the Dark Web trade in Google Play Loaders - a service to help inject malware into legitimate, and supposedly vetted apps, with guarantees of >1 week up-time and the option to boost your spread with targeted Ads.

#Nokoyawa ransomware have clearly got some talent on their team, having abused a #CLFS 0-day prior to Microsoft patching it last week - one of 5 different exploits they've used, mind you - and they appear to have a new, distinct ransomware strain in rotation, too.

There's heaps more great threat reporting, including a report that #FIN7 and former #Conti (#FIN12/#WizardSpider) members are collaborating on a new backdoor, and a crypto-mining campaign that may be the canary in the coal mine, indicating broader uptake of BYOVD and IPFS by low-level operators.

The #QueueJumper vulnerability from last week looks primed to explode in coming days, with a no-fix vulnerability in Microsoft Intune capping off a lousy week for Windows admins struggling to keep their networks secure.

TOOLING. Ooooh boy, this was a good week for tooling and tradecraft, ladies and gentlemen.

The #redteam have a new port of the SharpHound AD enumeration tool for Cobalt Strike; a great reference piece on leveraging stolen Office tokens to bypass MFA and access cloud workloads, and a list of keywords to avoid when crafting stealthy PowerShell scripts.

The #blueteam have a script to help tweak VM settings to circumvent malware anti-analysis checks; Procmon for macOS, and a lightweight bastion host to help redirect and record traffic sent to honeypots in your network.

This was a fun one to write up, with heaps of interesting reads and takeaways to be had. Get amongst it!

https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-16042023

#infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #darkweb #microsoft #azure #mfa #mfabypass #cobaltstrike #bloodhound #sharphound #byovd #ipfs #intune #GooglePlay #Android #zeroday #0day