Users Not Patching MS Defender Flaw Still Risk Info-Theft

Users Not Patching MS Defender Flaw Still Risk Info-Theft

September 15, 2024

When an organization alerts its users a patch for a security flaw is available, the smartest response is a speedy installation. Months ago, Microsoft did just that. The tech titan released a security patch for its Defender users, yet evidence shows the flaw is still being abused. That means some Defender users still haven’t applied the patch, putting them at real risk of personal data theft.

Defender’s Flaw

Currently stealing information from users in the U.S., Spain, and Thailand, this Defender vulnerability is rated as “high severity” and tracked as CVE-2024-21412. In particular, the flaw abuses MS Defender’s Smart Screen. Hackers access an unpatched device by luring victims via a specially crafted, malicious URL link. Once clicked, info-stealer malware gets installed and goes to work.

This info-stealer sends a treasure trove of hijacked, sensitive information into the hacker’s hands. It steals PII stored in password managers, emails, crypto wallets, web browsers, VPNs, and messaging apps for starters. The stealer targets commonly used apps like Microsoft Edge, Mozilla Firefox, Opera, and some versions of Google Chrome. Vulnerable messenger apps include WhatsApp, Telegram, Signal, and Pidgin.

Don’t Wait To Update

User’s lagging behind applying Defender’s security patch could find a cache of their PII hijacked. From there, it’s not a leap to assume that PII ends up posted on the dark web for sale, or even for free. Data is hacker currency, and some even post pilfered PII as a way of boasting about their hacking skills. There’s no telling when and where a user’s captured PII gets used for future attacks.

Not taking the few minutes to apply a security patch can have disastrous results. And MS's Defender patch is a classic example of just how much is at stake. In a world where data breaches happen daily, not applying a security patch opens the door for a hacker to do serious damage. With Defender, just one wrong click unleashed an info-stealing campaign on unpatched devices. Take a moment to head over to Microsoft’s website and find out how to get Defender patched. That’s the safest way to do it. Also, ensure you have automatic updates enabled. Then, you don’t have to remember to do it when the patches are ready for you.

Scams & Phishing

WhatsApp Worm Spreads To Other Apps, Malware Hides in .BMP Images

It’s a cyber jungle out there. It’s a sort of “survival of the fittest” and those in-the-know can help keep themselves from becoming a casualty of these cybercrimes. An investigation by Malwarebytes found that cybercriminals are now circulating malware via bitmap (.bmp) images to add to the ever increasing list of file types that can no longer be trusted, such as .doc, .xls, and .exe. Now, even clicking that funny cat picture may leave our devices infested with dangerous worms, Trojans, and perhaps ransomware. READ FULL STORY

Scams & Phishing

BOLO for These Most Dangerous Email Attachments

Keeping a lookout for suspicious emails has become a daily consequence of our cyber lives. Phishing emails are notorious for having malicious attachments and opening them is a sure way to compromise your device and its data. These attachments are full of malware, ready and waiting to infect your system with a simple click. Make no mistake, any attachment in a questionable email can be dangerous. However, researchers at F-Secure found that some of this year’s biggest email spam campaigns used particular types of malicious attachments more than others. READ FULL STORY

Corporate Security

Microsoft’s Shares Info From Stolen Emails With Its Customers

In an unusual move, cyberattack victim Microsoft offers to share emails stolen from their corporate clients in a data breach. Microsoft says hijacked emails will be released to an organization’s administrators only after vigorous verification. The mega tech titan believes the Russian state-sponsored APT (advanced persistent threat group) known as Midnight Blizzard, aka Nobelium and many other names, is responsible for the attack and that the customers have a right to know what they got. READ FULL STORY

Mobile Security

Crypto Wallets Hacked Through Windows Vulnerability

The security of crypto wallets has been a question mark for some time. And now, there's a Windows vulnerability leaving users infected with a previously unknown infostealer that's draining crypto wallets. It's called Phemedrone Stealer and malicious campaigns are exploiting this Windows vulnerability to steal crypto wallet contents and other sensitive information from victims. The attackers use malicious .url files to download and exploit the vulnerability that bypasses checks and warnings from Microsoft Defender. READ FULL STORY

Scams & Phishing

Malware Downloads From Harmless Word Document

You have heard it over and over and likely, your reaction is “Yes, I know. Don’t enable macros in Microsoft documents or spreadsheets.” Well, don’t plug your ears or turn away, but you’re about to hear it again…only for a new reason. Some who have less than great intentions have figured out a way to get those macros enabled using a seemingly harmless Microsoft Word document (.doc). So now, even if you have them disabled by default, someone has found a way to get those enabled for you; like it or not. READ FULL STORY

Email Address

Create a new Verification Phrase Enter any word or words you like.
The email newsletter will arrive from news@stickleyonsecurity.com Please wait...