The doc attachment of the “Re: FW: Proforma Demurrage PC Profert SPA” message contains an exe file: the malware.
Cybersecurity, Zero-day exploit in Desktop Window Manager
Zero-day exploit in Desktop Window Manager. It’s the CVE-2021-28310, discovered by Kaspersky and linked to escalation of privilege (EoP). It has just been patched, but cybercrime use it
A new Zero-day exploit in Desktop Window Manager has been discovered by Kaspersky cybersecurity experts. It is the CVE-2021-28310, and is used in the wild, potentially by cybercrime. It is an escalation of privilege (EoP) exploit, found in Desktop Window Manager, allowing the attackers to execute arbitrary code on a victim’s machine. Probably, threat actors combine it with other exploits to escape sandboxes or obtain system privileges for further access. However, a patch for the CVE-2021-28310 flaw was released on April 13th, 2021.