Signal Brief · Archived
Week of March 11, 2024
The Week's Public Record
Events
2024-03-14
vuln disclosure
CVE-2024-1853: Zemana AntiLogger Arbitrary Process Termination via IOCTLCVE-2024-1853
CVE-2024-1853 is a denial-of-service vulnerability in Zemana AntiLogger v2.74.204.664. The flaw exists in the zam64.sys and zamguard64.sys kernel drivers, allowing a local low-privilege attacker to terminate arbitrary processes by sending a crafted IOCTL request with code 0x80002048. This can cause system instability or disable security software.
2024-03-13
incident
ACR Stealer Exploits CVE-2024-21412 to Bypass Microsoft Defender SmartScreenCVE-2024-21412
ACR Stealer, a malware-as-a-service infostealer, is actively exploiting CVE-2024-21412 to bypass Microsoft Defender SmartScreen. The attack chain uses phishing emails with malicious links to WebDAV-hosted internet shortcuts, leading to DLL sideloading and execution of the payload. This allows the malware to steal sensitive information without triggering SmartScreen warnings.
2024-03-12
vuln disclosure
Microsoft Defender Security Feature Bypass Vulnerability CVE-2024-20671CVE-2024-20671
A vulnerability in Microsoft Defender allows local attackers with low privileges to bypass security features due to incorrect default permissions. The flaw has a CVSS score of 5.5 and primarily impacts system availability. Microsoft released a patch on March 12, 2024.
2024-03-11
vuln disclosure
Local Privilege Escalation via writable files in Checkmk AgentCVE-2024-0670
A local privilege escalation vulnerability exists in Checkmk Agent versions 2.0.0, 2.1.0, and 2.2.0. The agent creates temporary .cmd files in C:\Windows\Temp with predictable names and executes them with SYSTEM privileges. An attacker with local access can place a malicious file in that directory to achieve privilege escalation.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.