When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Cybercriminals are abusing a post-compromise zero-day vulnerability in the Windows Common Log File System (CLFS) to deployransomware.
It was given a severity score of 7.8/10 (high).
You’ll benefit from a customizable online interface with clear insights into your credit profile.
Businesses also benefit from TransUnions advanced risk assessment tools.
Preferred partner (What does this mean?)
They then use privileged access for widespread deployment and detonation of ransomware within an environment.
In any case, at least one group is abusing this flaw in the wild right now.
It is tracked as Storm-2460 and apparently, it is using it to deploy the PipeMagic malware.
PipeMagic is a backdoor trojan which allows the group to ultimately deploy ransomware.
It seems that the group used RansomEXX this time, a variant thats not particularly popular, or known.
Storm-2460 managed to use the flaw to target a small number of organizations, Microsoft said.
A security advisory discussing the use after free flaw was published on April 8, Microsoft said.
