Project Hyphae

Windows Zero-Day being exploited in Ransomware Attacks

Share This Post

CISA added CVE-2023-28252, a Windows zero-day vulnerability in the Common Log File System (CLFS), to its catalog of Known Exploited Vulnerabilities yesterday. This flaw was first discovered in February. It’s noted that this vulnerability is currently being actively exploited by cybercriminals across small and medium-sized businesses in the Middle East and North America. Threat actors have been monitored escalating privileges and deploying ransomware payloads, particularly Nokoyama.

Nokoyama ransomware first surfaced in February of 2022 and was viewed as one of several offshoots of JSWorm. Since then, it has used CLFS system flaws similar to CVE-2023-28252, including in 64-bit Windows systems, to perpetrate double extortion attacks with victims’ stolen data.

Microsoft patched this zero-day and 96 other bugs, including 45 remote code execution vulnerabilities, as part of April’s Patch Tuesday, Full details on yesterday’s patches can be found here:

Reach out to our incident response team for help

More To Explore

Information Security News 2-26-2024

United Health Confirms Optum Hack Behind US Healthcare Billing Outage Article Link: Privacy Beats Ransomware as Top Insurance Concern for Some Article Link:

Information Security News 2-19-2024

U.S. Internet Leaked Years of Internal, Customer Emails Article Link: Prudential Files Voluntary Breach Notice With SEC Article Link: U.S. State Government Network

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.