Security News > 2024 > June > CISA warns of Windows bug exploited in ransomware attacks
The U.S. Cybersecurity and Infrastructure Security Agency has added a high-severity Windows vulnerability abused in ransomware attacks as a zero-day to its catalog of actively exploited security bugs.
Successful exploitation lets local attackers gain SYSTEM permissions in low-complexity attacks that don't require user interaction.
The company has yet to update its security advisory to tag the vulnerability as exploited in attacks.
As revealed in a report published earlier this week, Symantec security researchers found evidence that the operators of the Black Basta ransomware gang were likely behind attacks abusing the flaw as a zero-day.
On Thursday, CISA gave FCEB agencies three weeks, until July 4, to patch the CVE-2024-26169 security and thwart ransomware attacks that could target their networks.
Black Basta ransomware gang linked to Windows zero-day attacks.
News URL
Related news
- Play ransomware exploited Windows logging flaw in zero-day attacks (source)
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- BlackLock ransomware claims nearly 50 attacks in two months (source)
- Medusa Ransomware Strikes 300+ Targets: FBI & CISA Urge Immediate Action to #StopRansomware (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- CISA tags NAKIVO backup flaw as actively exploited in attacks (source)
- New VanHelsing ransomware targets Windows, ARM, ESXi systems (source)
- VanHelsing ransomware emerges to put a stake through your Windows heart (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-12 | CVE-2024-26169 | Unspecified vulnerability in Microsoft products Windows Error Reporting Service Elevation of Privilege Vulnerability | 0.0 |