![[The AI Show Episode 146]: Rise of “AI-First” Companies, AI Job Disruption, GPT-4o Update Gets Rolled Back, How Big Consulting Firms Use AI, and Meta AI App](https://www.marketingaiinstitute.com/hubfs/ep%20146%20cover.png)
![[DEALS] The Premium Python Programming PCEP Certification Prep Bundle (67% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
.jpg?#)
-Mafia-The-Old-Country---The-Initiation-Trailer-00-00-54.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
-Nintendo-Switch-2---Reveal-Trailer-00-01-52.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
_Aleksey_Funtap_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
_Sergey_Tarasov_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![Apple Shares Official Trailer for 'Stick' Starring Owen Wilson [Video]](https://www.iclarified.com/images/news/97264/97264/97264-640.jpg)
![Beats Studio Pro Wireless Headphones Now Just $169.95 - Save 51%! [Deal]](https://www.iclarified.com/images/news/97258/97258/97258-640.jpg)
Ransomware hackers target a new Windows security flaw to hit businesses
A zero-day in Windows Common Log File System was being used to drop encryptors and backoors.
- Multiple ransomware groups seen abusing Windows Common Log File System bug
- Among the abusers are RansomEXX and Play
- The bug is used to drop backdoors, encryptors, and more
Notorious ransomware actors have been abusing a zero-day vulnerability in the Windows Common Log File System to gain system privileges and deploy malware on target devices, multiple security researchers have confirmed.
The zero-day flaw was discovered, and patched, as part of the Microsoft Patch Tuesday April 2024 cumulative update.
Given a severity score of 7.8/10 (high), it is tracked as CVE-2025-29824, and described as a use after free bug in Windows Common Log File System Driver that allows an authorized attackers to elevate privileges locally.
Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.
It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.
Preferred partner (What does this mean?)View Deal
Chats leaked
Microsoft was among the first companies to sound the alarm on the bug, saying that hackers are using it to target IT and real estate firms in the US, financial organizations in Venezuela, software firms in Spain, and retailers in Saudi Arabia.
The researchers said the bug was used by a threat actor called RansomEXX, who used it to drop the PipeMagic backdoor and other malware, including an encryptor. However, Symantec also found Play, an infamous ransomware player, using the bug to access a US target.
"Although no ransomware payload was deployed in the intrusion, the attackers deployed the Grixba infostealer, which is a custom tool associated with Balloonfly, the attackers behind the Play ransomware operation," Symantec explained in its report.
"Balloonfly is a cybercrime group that has been active since at least June 2022 and uses the Play ransomware (also known as PlayCrypt) in attacks."
Play, also known as Playcrypt, is a threat actor that emerged in mid-2022. In the first year and a half of its existence, it claimed roughly 300 victims, some of which were critical infrastructure organizations. In late 2023, the FBI, CISA, and other security agencies, published a joint security advisory, warning about the dangers posed by Play.
"Since June 2022, the Play (also known as Playcrypt) ransomware group has impacted a wide range of businesses and critical infrastructure in North America, South America, and Europe," the advisory read. "As of October 2023, the FBI was aware of approximately 300 affected entities allegedly exploited by the ransomware actors."
Via BleepingComputer
You might also like
- Fortinet firewall bugs are being targeted by LockBit ransomware hackers
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
