silversurfer

Level 46
Content Creator
Trusted
Malware Hunter
Verified
A newly-patched Microsoft Win32k vulnerability is being exploited in the wild by at least two threat actors, including a recently discovered advanced persistent threat (APT) group dubbed SandCat.

The exploited vulnerability (CVE-2019-0797), rated important, was patched on Tuesday as part of Microsoft’s regularly scheduled March security update. But Kaspersky Lab researchers said that the vulnerability is already being used by two APTs, SandCat and FruityArmor, to run arbitrary code on target systems.

SandCat is an APT that was discovered only recently, researchers Vasiliy Berdnikov and Boris Larin said in a Wednesday deep dive analysis of the vulnerability and its exploits.
 

Similar Threads

Similar Threads