A new report released by the Threat Hunter Team at Symantec is raising concerns about attackers associated with the Black Basta ransomware gang potentially taking advantage of a recently patched Windows privilege escalation vulnerability.
Windows Vulnerability Exploited
The vulnerability, known as CVE-2024-26169, affects the Windows Error Reporting Service and could allow an attacker to elevate their privileges. Although Microsoft Corp. released a patch for the vulnerability in March and initially reported no evidence of exploitation, recent findings suggest otherwise.
Symantec’s researchers discovered evidence of an exploit tool used in recent attacks that may have been developed before the patch was released, indicating possible zero-day exploitation. While these attacks were not successful, they closely resembled the tactics used by Black Basta, including the use of batch scripts posing as software updates.
Expert Opinions
Jim Routh, chief trust officer at Saviynt Inc., emphasized the importance of addressing privilege escalation vulnerabilities in Windows to prevent ransomware attacks from compromising data security. Callie Guenther, senior manager of cyber threat research at Critical Start Inc., highlighted the evolving tactics of ransomware groups and the need for comprehensive threat intelligence and monitoring.
Image: Needpix
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU