Microsoft fixes Windows zero-day exploited in QakBot malware attacks

Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems.
Tracked as CVE-2024-30051, this privilege escalation bug is caused by a heap-based buffer overflow in the DWM core library.
Following successful exploitation, attackers can gain SYSTEM privileges.
Desktop Window Manager is a Windows service introduced in Windows Vista that allows the OS to use hardware acceleration when rendering graphical user interface elements such as glass window frames and 3D transition animations.
Kaspersky security researchers discovered the vulnerability while investigating another Windows DWM Core Library privilege escalation bug tracked as CVE-2023-36033 and also exploited as a zero-day in attacks.
While combing through data related to recent exploits and associated attacks, they stumbled upon an intriguing file uploaded to VirusTotal on April 1, 2024.
The file's names hinted that it contained details on a Windows vulnerability.
As they discovered, the file provided information regarding a Windows Desktop Window Manager vulnerability that could be exploited to escalate privileges to SYSTEM, with the outlined exploitation processing perfectly mirroring the one used in CVE-2023-36033 attacks, even though it described a distinct vulnerability.
Despite the document's subpar quality and some omissions on how the vulnerability could be exploited, Kaspersky confirmed the existence of a new zero-day privilege escalation vulnerability in the Windows DWM Core Library.
Microsoft assigned the CVE-2024-30051 CVE ID and patched the vulnerability during this month's Patch Tuesday.
Security researchers at Google Threat Analysis Group, DBAPPSecurity WeBin Lab, and Google Mandiant also reported the zero-day to Microsoft, pointing to likely widespread exploitation in malware attacks.
QakBot started as a banking trojan in 2008 and was used to steal banking credentials, website cookies, and credit cards to commit financial fraud.
Over time, QakBot evolved into a malware delivery service, partnering with other threat groups to provide initial access to enterprise and home networks for ransomware attacks, espionage, or data theft.
While its infrastructure was dismantled in August 2023 following a multinational law enforcement operation spearheaded by the FBI and known as Operation 'Duck Hunt,' the malware resurfaced in phishing campaigns targeting the hospitality industry in December.
Law enforcement linked QakBot to at least 40 ransomware attacks targeting companies, healthcare providers, and government agencies worldwide, which, according to conservative estimates, caused hundreds of millions of dollars in damage.
Throughout the years, Qakbot served as an initial infection vector for various ransomware gangs and their affiliates, including Conti, ProLock, Egregor, REvil, RansomExx, MegaCortex, and, most recently, Black Basta.
Microsoft fixes two Windows zero-days exploited in malware attacks.
Apple backports fix for zero-day exploited in attacks to older iPhones.
Google Chrome emergency update fixes 6th zero-day exploited in 2024.
Google fixes fifth Chrome zero-day exploited in attacks this year.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 14 May 2024 18:20:48 +0000


Cyber News related to Microsoft fixes Windows zero-day exploited in QakBot malware attacks

Microsoft fixes Windows zero-day exploited in QakBot malware attacks - Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems. Tracked as CVE-2024-30051, this privilege escalation bug is caused by a heap-based buffer overflow in the ...
6 months ago Bleepingcomputer.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
5 months ago Securityaffairs.com
Qbot malware returns in campaign targeting hospitality industry - The QakBot malware is once again being distributed in phishing campaigns after the botnet was disrupted by law enforcement over the summer. In August, a multinational law enforcement operation called Operation Duck Hunt accessed the QakBot admin's ...
11 months ago Bleepingcomputer.com
Qakbot Sightings Confirm Law Enforcement Takedown Was Only a Setback - In recent days, several security vendors have reported seeing the malware being distributed via phishing emails that target organizations in the hospitality sector. For the moment, the email volumes appear to be relatively low. Given the tenacity ...
11 months ago Darkreading.com
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
6 months ago Bleepingcomputer.com
Sav-Rx data breach impacted over 2.8 million individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks. Microsoft fixed two zero-day bugs exploited in malware ...
5 months ago Securityaffairs.com
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
10 months ago Techtarget.com
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws - Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days. The total count of 61 flaws does not include 2 Microsoft Edge flaws fixed on May 2nd and four ...
6 months ago Bleepingcomputer.com
Russia's Midnight Blizzard stole email of more Microsoft customers - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities ...
4 months ago Securityaffairs.com
North Korean Kimsuky used a new Linux backdoor in recent attacks - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 ...
6 months ago Securityaffairs.com
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
9 months ago Darkreading.com
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
4 months ago Securityaffairs.com
newsletter Round 473 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
5 months ago Securityaffairs.com
Healthcare firm WebTPA data breach impacted 2.5M individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach ...
6 months ago Securityaffairs.com
New QakBot phishing campaign appears, months after FBI takedown - Months after an international law enforcement operation dismantled the notorious QakBot botnet, a new phishing campaign distributing the same malicious payload has been discovered. QakBot was one of the most deployed malware loaders in 2023 until an ...
11 months ago Packetstormsecurity.com
Qakbot returns: FBI-led takedown lasts just 3 months The Register - Multiple sources are confirming the resurgence of Qakbot malware mere months after the FBI and other law enforcement agencies shuttered the Windows botnet. Microsoft Threat Intelligence reckons a new Qakbot phishing campaign is active as of December ...
11 months ago Theregister.com
Google patches third exploited Chrome zero-day in a week - Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week. The company fixed the zero-day flaw with the release of 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60. ...
6 months ago Bleepingcomputer.com
newsletter Round 478 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
4 months ago Securityaffairs.com
Hackers Using Weaponized PDF Files to Deliver Qakbot Malware - Qakbot is a sophisticated banking trojan and malware that primarily targets financial institutions. This sophisticated malware steals sensitive information such as:-. Not only that, even Microsoft has found small-scale phishing targeting the ...
10 months ago Gbhackers.com
Impact of Remote Work and Cloud Migrations on Security Perimeters - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
5 months ago Securityaffairs.com
Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
11 months ago Bleepingcomputer.com
newsletter Round 474 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Critical Fortinet's ...
5 months ago Securityaffairs.com
Qakbot returns in fresh assault on hospitality sector - The Qakbot botnet has been disrupted this summer, but cybercriminals are not ready to give up on the malware: Microsoft's threat analysts have spotted a new phishing campaign attempting to deliver it to targets in the hospitality industry. Qakbot, ...
11 months ago Helpnetsecurity.com
Apple backports fix for RTKit iOS zero-day to older iPhones - Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. The flaw is a memory corruption issue in Apple's RTKit real-time operating system that enables attackers ...
6 months ago Bleepingcomputer.com
Russia-linked group APT29 likely breached TeamViewer - Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Finnish police linked APT31 to the 2021 parliament attack. BianLian group exploits JetBrains TeamCity bugs in ...
4 months ago Securityaffairs.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)