SmartScreen | Breaking Cybersecurity News | The Hacker News

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called  Water Hydra  (aka DarkCasino) targeting financial market traders. Trend Micro, which began tracking the campaign in late December 2023, said it entails the exploitation of CVE-2024-21412, a security bypass vulnerability related to Internet Shortcut Files (.URL).  "In this attack chain, the threat actor leveraged CVE-2024-21412 to bypass Microsoft Defender SmartScreen and infect victims with the DarkMe malware," the cybersecurity firm  said  in a Tuesday report. Microsoft, which  addressed  the flaw in its February Patch Tuesday update, said an unauthenticated attacker could exploit the flaw by sending the targeted user a specially crafted file in order to bypass displayed security checks. However, successful exploitation banks on the prerequisite that the threat actor convinces the victim to click on the file link to view

Microsoft has released patches to address  73 security flaws  spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation. Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and rated Moderate in severity. This is in addition to  24 flaws  that have been fixed in the Chromium-based Edge browser since the release of the January 2024 Patch Tuesday updates . The two flaws that are listed as under active attack at the time of release are below - CVE-2024-21351  (CVSS score: 7.6) - Windows SmartScreen Security Feature Bypass Vulnerability CVE-2024-21412  (CVSS score: 8.1) - Internet Shortcut Files Security Feature Bypass Vulnerability "The vulnerability allows a malicious actor to inject code into  SmartScreen  and potentially gain code execution, which could potentially lead to some data exposure, lack of system availability, or both," Microsoft said a