Originally reported by BleepingComputer, Graham Cluley, Malwarebytes Labs
TL;DR
CISA ordered federal agencies to patch exploited Fortinet vulnerabilities by Friday while a Windows privilege escalation zero-day was leaked publicly. Researchers also disclosed new GPU-based attacks and documented sophisticated ransomware campaigns using zero-day exploits.
CISA issued an emergency directive for actively exploited Fortinet vulnerabilities with a Friday deadline, combined with leaked Windows zero-day exploit code and confirmed zero-day attacks by ransomware groups.
CISA ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday, April 11. The emergency directive targets vulnerabilities being leveraged in active attack campaigns, requiring immediate remediation across government networks. Federal agencies must either apply available patches or disconnect affected systems from networks to prevent further compromise.
Exploit code has been publicly released for an unpatched Windows privilege escalation vulnerability dubbed "BlueHammer." The flaw allows attackers to gain SYSTEM or elevated administrator permissions on affected Windows systems. The exploit was leaked by a researcher reportedly frustrated with Microsoft's response to private disclosure, creating immediate risk for unpatched Windows environments.
Researchers disclosed GPUBreach, a new attack technique that induces Rowhammer bit-flips in GPU GDDR6 memory to achieve privilege escalation and full system compromise. The attack targets graphics processing units rather than traditional system RAM, expanding the attack surface for memory-based exploits. This research demonstrates how modern GPU architectures can be weaponized for unauthorized access beyond their intended graphics processing functions.
Microsoft identified Storm-1175, a China-based financially motivated group deploying Medusa ransomware, as actively using both n-day and zero-day exploits in high-velocity attacks. The threat actor demonstrates sophisticated capabilities by incorporating fresh vulnerabilities into their attack chains, reducing defender response time. This pattern indicates increasing ransomware group investment in exploit development and acquisition.
The Drift Protocol cryptocurrency platform reported that its $280+ million hack resulted from a six-month operation involving the establishment of "a functioning operational presence inside the Drift ecosystem." The attack demonstrates the increasing sophistication of cryptocurrency-focused threat actors who invest significant time in reconnaissance and social engineering before executing financial theft.
Phishing campaigns targeting victims with fake traffic violation notices have evolved to use QR codes instead of traditional links to steal payment card details. The QR codes appear on official-looking notices designed to mimic legitimate traffic enforcement communications. This technique bypasses some automated security scanning that focuses on URL analysis rather than QR code content.
A support platform breach exposed customer data from telehealth company Hims & Hers, highlighting continued targeting of healthcare organizations handling sensitive personal information. Healthcare companies remain attractive targets due to the valuable nature of medical and personal data they process.
Cambodian courts sentenced scam compound operators to life imprisonment for running facilities that enslaved victims to conduct romance scams and fraudulent investment schemes. The compounds forced imprisoned individuals to defraud internet users worldwide, representing a significant escalation in organized cybercrime enforcement.
Microsoft resolved a known issue preventing Classic Outlook users from sending emails via Outlook.com. The company also deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from Windows updates as of March 10.
Security researchers highlight that infostealers are harvesting credentials and session cookies at unprecedented scale, bypassing traditional defense mechanisms. This evolution requires organizations to move beyond simple breach monitoring to address the sophisticated credential-based attack vectors now prevalent in the threat landscape.
Originally reported by BleepingComputer, Graham Cluley, Malwarebytes Labs
