Cybersecurity vendor Trend Micro announced today that an active Microsoft Windows Defender vulnerability has been discovered that is being exploited and violently exploited by the Water Hydra hacking group.
Researchers from the Trend Micro Zero Day Initiative (ZDI) bug bounty program discovered the active zero-day vulnerability (CVE-2024-21412) on December 31, 2023, and disclosed it to Microsoft, and first released it to the public on February 13. Trend Micro customers will be able to automatically protect against this vulnerability on January 17, 2024, and organizations are advised to take immediate action to prevent hackers from launching attacks through this vulnerability.
The biggest risk of the vulnerability is that it could be used by hackers to attack any industry or business, and some money-motivated persistent infiltration (APT) groups are actively exploiting this vulnerability to infiltrate foreign exchange exchanges in order to affect the high-risk foreign exchange market.
Specifically, hackers could use this vulnerability in a sophisticated zero-day attack program to bypass Windows Defender SmartScreen protection and infect the victim's computer with the DarkMe Remote Access Trojan (RAT) to facilitate data theft and ransomware infection.
According to Trend Micro, the company uses a multi-layered defense to protect against high-end threats, and its Intrusion Prevention (IPS) feature provides virtual patching to block attacks exploiting CVE-2024-21412.
Trend Micro estimates that enterprise customers who apply all virtual patching on a step-by-step basis will save an average of $1 million over the course of 2023. Kevin Simzer, COO of Trend Micro, said, "Zero-day vulnerabilities are an increasingly common means for hackers to accomplish their goals, which is why we're devoting so much resources to creating threat intelligence that protects customers months in advance of a vendor's official patching update."
ZDI is the world's largest vendor-independent bug bounty program for its ability to uncover and virtually patch intelligence. Trend Micro Discovery:
Zero-day vulnerabilities discovered by hacker groups are increasingly used by some national hacker groups (such as APT28, APT29, APT40) to attack programs to expand the scope of attacks.
CVE-2024-21412 itself simply bypasses the patching of the CVE-2023-36025 vulnerability, highlighting how easy it is for APT Group to identify and avoid vulnerabilities in vendor partial patches.
Header image**:p ixabay).