UAC Bypass | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities. The issues have been uncovered in a binary named " schtasks.exe ," which enables an administrator to create, delete, query, change, run, and end scheduled tasks on a local or remote computer. "A [User Account Control] bypass vulnerability has been found in Microsoft Windows, enabling attackers to bypass the User Account Control prompt, allowing them to execute high-privilege (SYSTEM) commands without user approval," Cymulate security researcher Ruben Enkaoua said in a report shared with The Hacker News. "By exploiting this weakness, attackers can elevate their privileges and run malicious payloads with Administrators' rights, leading to unauthorized access, data theft, or further system c...

A new phishing attack has been observed leveraging a Russian-language Microsoft Word document to deliver malware capable of harvesting sensitive information from compromised Windows hosts. The activity has been attributed to a threat actor called Konni , which is assessed to share overlaps with a North Korean cluster tracked as Kimsuky (aka APT43). "This campaign relies on a remote access trojan (RAT) capable of extracting information and executing commands on compromised devices," Fortinet FortiGuard Labs researcher Cara Lin  said  in an analysis published this week. The  cyber espionage   group  is notable for its  targeting of Russia , with the modus operandi involving the use of spear-phishing emails and malicious documents as entry points for their attacks. Recent attacks documented by Knowsec and ThreatMon have leveraged the  WinRAR vulnerability  (CVE-2023-38831) as well as obfuscated Visual Basic scripts to drop  Konni RAT ...