Skip to content

Windows Zero-Day Exploited in Nokoyawa Ransomware Attacks “New Strategies for Improving Digital Security” “Strategies for Enhancing Digital Protection”

Kaspersky reported that Microsoft’s April 2023 Patch Tuesday updates successfully addressed a Windows zero-day vulnerability that was previously being exploited by cybercriminals in ransomware attacks. The vulnerability, identified as CVE-2023-28252, is a privilege escalation flaw affecting the Windows Common Log File System (CLFS) driver. Microsoft warned that the flaw has been exploited in the wild,… 

Microsoft Patches Another Already-Exploited Windows Zero-Day “The Impact of Social Media on Our Lives” “Exploring the Effects of Social Media on Society”

For the second month in a row, Microsoft is pushing out urgent patches to cover an already-exploited vulnerability in its flagship Windows operating system. The security issue, flagged as zero-day by researchers at Mandiant, is an elevation of privilege issue in the Windows Common Log File System driver. Microsoft warned that an attacker who successfully… 

Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor “Boosting Your Immune System During the COVID-19 Pandemic” “Strengthening Your Immunity During the COVID-19 Crisis”

Mar 30, 2023 saw the uncovering of a custom Windows and Linux backdoor called KEYPLUG, attributed to the Chinese state-sponsored threat activity group RedGolf. The use of KEYPLUG by Chinese threat actors was first disclosed by Google-owned Manidant in March 2022 in attacks targeting multiple U.S. state government networks between May 2021 and February 2022.… 

Windows 11 also vulnerable to “aCropalypse” image data leakage – Naked Security

A bug was recently discovered in Google Pixel phones, now patched, with potentially serious consequences. The bug finders, understandably excited and concerned, decided to give it a fitting name: aCropalypse. The “Crop” part of the name comes from the activity that is most likely to trigger the bug: cropping photos or screenshots to remove sensitive… 

Microsoft fixes two 0-days on Patch Tuesday – update now! – Naked Security

Thanks to the precise four-week length of February this year, last month’s coincidence of Firefox and Microsoft updates has happened once again. Last month, Microsoft dealt with three zero-days, by which we mean security holes that cybercriminals found first, and figured out how to abuse in real-life attacks before any patches were available. (The name… 

BlackLotus Bootkit Can Target Fully Patched Windows 11 Systems

  • by
  • News
  • 2 min read

According to ESET’s analysis, the BlackLotus bootkit is able to circumvent security measures on Windows 11 systems that have been completely updated. Furthermore, it can continuously infect these systems. BlackLotus was first spotted in October 2022, and is offered for $5,000 on underground forums. Its capabilities are on par with those of nation-state actors, and…