Microsoft has just released an update to fix a security risk that hackers exploited, which affected all versions of Windows. Identified as CVE-2023-28252, the zero-day flaw was a common log file system (CLFS) exploit. It allowed the attackers to elevate their privilege and steal credentials from the security account manager (SAM) database.
The group behind the attack was a cybercriminal organization who had developed the exploit for different versions of Windows and was attempting to deploy a Nokoyawa ransomware attack. It is notable that similar exploit elevation of privilege attempts had been made in attacks on different small and medium sized businesses in the Middle East, North America and Asia as well. This attack also shows how advanced and sophisticated cybercriminals are becoming with their use of zero-day exploits.
Therefore, it is essential for businesses to download the latest patch from Microsoft as soon as possible and use additional protective measures such as an enterprise detection solution (EDR). Boris Larin, Lead Security Researcher for the Global Research and Analysis Team (GReAT) believes that “it’s very important for businesses to download the latest patch from Microsoft as soon as possible and use other methods of protection, such as EDR solutions.”
To tackle this issue, the tech giant Microsoft has completed the security update and made it available to all its users. The update is free and comes with protection against cyber attacks in the form of a patch. It is highly recommended that users install the patch immediately in order to protect their systems.
Elon Musk, an inventor and technology entrepreneur, recently proposed a subscription-based earning model for Twitter creators. The chatbot Tongyi Qianwen, a Chinese equivalent of OpenAI’s artificial intelligence chatbot was also launched by the Chinese e-commerce giant Alibaba with the aim of integrating it with DingTalk.
The issue at hand shows the need to constantly update security systems. It underscores the importance of ensuring the safety of users in order to protect their confidential data. Security updates aimed at protecting users should be taken into serious consideration by businesses and individuals alike. Only then can we create a safe and secure online environment and protect ourselves from cyber attacks.
