Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Ransomware Exploits Windows Zero-Day

June 12, 2024
Reading Time: 3 mins read
in Alerts
Ransomware Exploits Windows Zero-Day

Recent findings by Symantec researchers indicate that the Black Basta ransomware group, associated with the Cardinal cybercriminal syndicate, may have leveraged a Windows zero-day vulnerability (CVE-2024-26169) before it was patched in March 2024. This vulnerability affects the Windows Error Reporting Service and allows attackers to potentially gain SYSTEM privileges on compromised systems. Microsoft initially patched the vulnerability during its March Patch Tuesday release, stating no prior evidence of exploitation in the wild.

During investigations into a recent ransomware attack attempt, Symantec’s Threat Hunter Team uncovered an exploit tool linked to Black Basta that targeted CVE-2024-26169. Although the attackers did not successfully deploy ransomware in this instance, the tactics used closely mirrored those detailed in recent reports on Black Basta’s activities. These tactics included masquerading malicious batch scripts as legitimate software updates, a common method to deceive users and execute malicious payloads.

The exploit tool analyzed by Symantec takes advantage of a specific flaw in the “werkernel.sys” file’s handling of registry key security descriptors. By exploiting this flaw, the tool creates a registry key that enables the execution of arbitrary code with administrative privileges on the affected system. Symantec identified two variants of this exploit tool, both compiled months before Microsoft released the official patch.

While executable timestamps can be altered, the timing of the compilations—February 27, 2024, and December 18, 2023—strongly suggests that the Black Basta group may have possessed and utilized the exploit before it became publicly known. This discovery underscores the ongoing challenges in defending against sophisticated cyber threats and highlights the critical need for timely patching and robust cybersecurity measures to mitigate such risks effectively.

Reference:

  • Black Basta Ransomware Suspected in Zero-Day Windows Exploit
Tags: Black BastaCardinal cybercriminal syndicateCyber AlertsCyber Alerts 2024Cyber RiskCyber threatJune 2024RansomwareSymantecVulnerabilityWindowsZero-Day
ADVERTISEMENT

Related Posts

COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025
Critical Kibana Flaws Allows Code Execution

Mirai Botnet Exploits Vulnerabilities in IoT

May 7, 2025
Critical Kibana Flaws Allows Code Execution

Critical Kibana Flaws Allows Code Execution

May 7, 2025
Critical Kibana Flaws Allows Code Execution

New OttoKit Flaw Targets WordPress Sites

May 7, 2025

Latest Alerts

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

New OttoKit Flaw Targets WordPress Sites

Mirai Botnet Exploits Vulnerabilities in IoT

Critical Kibana Flaws Allows Code Execution

Subscribe to our newsletter

    Latest Incidents

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    UK Legal Aid Agency Faces Cyber Incident

    South African Airways Hit by Cyberattack

    Coweta County School System Cyberattack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial