CVE-2022-24521

In February 2023, Kaspersky technologies detected a number of attempts to execute similar elevation-of-privilege exploits on Microsoft Windows servers belonging to small and medium-sized businesses in the Middle East, in North America, and previously in Asia regions. These exploits were very similar to already known Common Log File System (CLFS) driver exploits that we analyzed previously, but we decided to double check and it was worth it – one of the exploits turned out to be a zero-day, sup...

Introduction In our crimeware reporting service, we analyze the latest crime-related trends we come across. Last month, we again posted a lot on ransomware, but we also covered other subjects, such as 1-day exploits. In this blogpost, we provide excerpts from these reports. For questions or more information about our crimeware reporting service, please contact crimewareintel@kaspersky.com. RedAlert / N13V: yet another multiplatform ransomware variant RedAlert (aka N13V) is the latest in the mult...

IT threat evolution in Q2 2022 IT threat evolution in Q2 2022. Non-mobile statistics IT threat evolution in Q2 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q2 2022: Kaspersky solutions blocked 1,164,544,060 attacks from online resources across the globe. Web Anti-Virus recognized 273,033,368 unique URLs as ma...

Get our weekly newsletter April bundle addresses 100-plus vulnerabilities including 10 critical RCEs

Microsoft's massive April Patch Tuesday includes one bug that has already been exploited in the wild and a second that has been publicly disclosed. In total, the Redmond giant patched a whopping 128 bugs today, including 10 critical remote code execution (RCE) vulnerabilities. First, though: CVE-2022-24521, which NSA and CrowdStrike security researchers reported to Microsoft, is under active exploitation. It's an elevation-of-privilege vulnerability, and it occurs in the Windows Common Log File ...

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Critical infrastructure attacks ramping up

The US government has issued an alert about Cuba; not the state but a ransomware gang that's taking millions in purloined profits. The Cuba gang has hit more than 100 organizations worldwide, demanding over $145 million in payments and successfully extorting at least $60 million since August, according to a joint FBI and US Cybersecurity and Infrastructure Security Agency (CISA) advisory. According to the security alert: The FBI first warned about the cybercrime gang in December 2021, and since ...