CVE-2024-21412

Vulnerability updated a month ago (2024-11-29T14:08:38.100Z)
Download STIX
Preview STIX
CVE-2024-21412 is a security feature bypass vulnerability in the Microsoft Windows Internet Shortcut SmartScreen. The flaw, which was exploited as a zero-day, allows attackers to bypass the SmartScreen feature that typically warns users about running unrecognized apps and files from the internet. This vulnerability was actively exploited by two groups, one of them being the financially motivated advanced group Water Hydra (also known as DarkCasino), who targeted financial market traders. This vulnerability has been exploited through social engineering methods such as email and direct messages, requiring some form of user interaction for successful exploitation. The flaw was initially discovered by researchers who also uncovered a similar zero-day bug (CVE-2024-21412) used in a DarkGate campaign impersonating popular brands like Apple iTunes. This similarity indicates a pattern of exploiting vulnerabilities within the SmartScreen feature, making it a critical area for future security enhancements. Microsoft addressed this issue with a patch, CVE-2024-29988, credited to the same researchers who initially disclosed the flaw. However, given the active exploitation of these vulnerabilities and their potential impact on users, it is essential for all users to apply the necessary patches promptly and remain vigilant against social engineering attempts. Furthermore, businesses and individuals should ensure they have robust security measures in place to protect against such threats.
Description last updated: 2024-05-04T19:36:54.616Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Microsoft
Exploit
Windows
Malware
Zero Day
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Darkgate Malware is associated with CVE-2024-21412. DarkGate is a multifunctional malware that poses significant threats to computer systems and networks. It has been associated with various malicious activities such as information theft, credential stealing, cryptocurrency theft, and ransomware delivery. DarkGate infiltrates systems through suspicioUnspecified
4
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Water Hydra Threat Actor is associated with CVE-2024-21412. Water Hydra, also known as DarkCasino, is a threat actor group that has been exploiting the Windows SmartScreen vulnerability CVE-2024-21412 since mid-January 2024. This group has demonstrated a sophisticated attack chain, using this zero-day exploit to bypass Microsoft Defender SmartScreen and infeUnspecified
7
The Darkme Threat Actor is associated with CVE-2024-21412. DarkMe is a threat actor group, also known as DarkCasino or Water Hydra, that has been active since 2022. They have gained notoriety for their use of the Trojan DarkMe in large-scale cyberattacks, primarily targeting financial institutions. The Trojan DarkMe, a Visual Basic spy Trojan, is a common tUnspecified
3
The Darkcasino Threat Actor is associated with CVE-2024-21412. DarkCasino is a threat actor that has recently emerged in the cybersecurity landscape. As a malicious entity, it's responsible for executing actions with potentially harmful intent. The nature of such entities can range from individual hackers to more organized groups affiliated with private companiUnspecified
3
Source Document References
Information about the CVE-2024-21412 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
4 months ago
Securityaffairs
5 months ago
Canadian Centre for Cyber Security
10 months ago
DARKReading
5 months ago
Securelist
8 months ago
InfoSecurity-magazine
9 months ago
DARKReading
9 months ago
Krebs on Security
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
Securityaffairs
9 months ago
BankInfoSecurity
9 months ago
CERT-EU
9 months ago
DARKReading
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago