Go offline with the Player FM app!
The Black Basta ransomware riddle. [Research Saturday]
Manage episode 430935261 series 2925132
Dick O'Brien from Symantec Threat Hunter team is talking about their work on "Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day." Also going to provide some background/history on Black Basta. CVE-2024-26169 in the Windows Error Reporting Service, patched on March 12, 2024, allowed privilege escalation.
Despite initial claims of no active exploitation, recent analysis indicates it may have been exploited as a zero-day before the patch.
The research can be found here:
Learn more about your ad choices. Visit megaphone.fm/adchoices
2979 episodes
Manage episode 430935261 series 2925132
Dick O'Brien from Symantec Threat Hunter team is talking about their work on "Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day." Also going to provide some background/history on Black Basta. CVE-2024-26169 in the Windows Error Reporting Service, patched on March 12, 2024, allowed privilege escalation.
Despite initial claims of no active exploitation, recent analysis indicates it may have been exploited as a zero-day before the patch.
The research can be found here:
Learn more about your ad choices. Visit megaphone.fm/adchoices
2979 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.