BleepingComputer reports that threat actors have been exploiting a zero-day vulnerability in the Windows Common Log File System, tracked as CVE-2023-28252 which Microsoft has already addressed as part of this month's Patch Tuesday to facilitate new attacks distributing Nokoyawa ransomware payloads.
Attempted cyberattacks with the updated Nokoyawa ransomware using the flaw have been observed by Kaspersky researchers to be conducted on Windows servers of small and medium-sized businesses across North America and the Middle East. Other exploits aimed at the CLFS driver have also been leveraged by the Nokoyawa ransomware operation since last June, with five or more exploits used to target the energy, healthcare, manufacturing, software development, retail, and wholesale industries.
"Early variants of Nokoyawa were just 'rebranded' variants of JSWorm ransomware, which we wrote about previously. In this attack, cybercriminals used a newer version of Nokoyawa that is quite distinct from the JSWorm codebase," said Kaspersky lead researcher Boris Larin.
Operations of California's Solano Partner Libraries and St. Helena, or SPLASH, continue to be interrupted weeks after the county's library network was targeted by a ransomware attack earlier this month, StateScoop reports.
Several rootkit-like capabilities could be obtained by threat actors through the exploitation of vulnerabilities in Windows' DOS-to-NT path conversion process, including file and process concealment and compromised prefetch file analysis, reports The Hacker News.
Open-source DevOps software project GitLab has also been impacted by the same security issue in GitHub comments that has been exploited by threat actors through Microsoft repository-linked URLs to facilitate the distribution of malware that was made to seem to originate from credible entities' official source code repositories, according to BleepingComputer.