Security News > 2024 > June > Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw
2024-06-12 11:11
Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as zero-day, according to new findings from Symantec. The security flaw in question is CVE-2024-26169 (CVSS score: 7.8), an elevation of privilege bug in the Windows Error Reporting Service that could be exploited to achieve SYSTEM
News URL
https://thehackernews.com/2024/06/black-basta-ransomware-may-have.html
Related news
- Black Basta ransomware gang linked to Windows zero-day attacks (source)
- Windows Quick Assist abused in Black Basta ransomware attacks (source)
- Ransomware crew may have exploited Windows make-me-admin bug as a zero-day (source)
- CISA: Black Basta ransomware breached over 500 orgs worldwide (source)
- Black Basta Ransomware Strikes 500+ Entities Across North America, Europe, and Australia (source)
- Uncle Sam urges action after Black Basta ransomware infects Ascension (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)
- Crims abusing Microsoft Quick Assist to deploy Black Basta ransomware (source)
- Black Basta Ransomware Struck More Than 500 Organizations Worldwide (source)
- Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-12 | CVE-2024-26169 | Unspecified vulnerability in Microsoft products Windows Error Reporting Service Elevation of Privilege Vulnerability | 7.8 |