Tech

CISA Warns of Critical Windows 10 Vulnerability Amid Rising Keylogger Threats

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in Microsoft’s Windows 10 software to its Known Exploited Vulnerability Catalog. This issue involves a deserialization of untrusted data in Microsoft COM for Windows, which could lead to privilege escalation and remote code execution. CISA has advised users to either cease using the affected software or apply a patch provided by Windows.

Windows 10

The vulnerability, identified as CVE-2018-0824, has not been confirmed as part of any ransomware attacks. However, a report by Cisco Talos released on Thursday revealed that a Chinese hacking group exploited this vulnerability in an attack on a Taiwanese government research center, which was likely compromised.

Additionally, another warning was issued on Monday concerning a new threat targeting Windows users. According to the Register, FortiGuard Labs reported an increase in malware attacks involving SnakeKeylogger, which steals credentials and captures keystrokes. This malware, which originated from Russian crime forums and became a significant threat in 2020, is typically spread via emails containing malicious docx or xlsx attachments and PDFs.

These alerts follow the recent “Crowdstrike outage” in July, where a faulty software update caused significant disruptions for Windows users.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button