TLDR:
Key Points:
- CISA warns of Windows flaw (CVE-2024-43461) exploited by Void Banshee APT hacking group
- Vulnerability allows attackers to execute arbitrary code on unpatched Windows systems
Summary:
CISA has issued a warning to U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group.
The vulnerability, identified as CVE-2024-43461, allows remote attackers to execute arbitrary code on unpatched Windows systems by tricking users into visiting a malicious webpage or opening a malicious file.
The attackers exploited the vulnerability to install information-stealing malware, including the Atlantida malware, which can steal passwords, authentication cookies, and cryptocurrency wallets from infected devices.
Microsoft has released a security patch for the vulnerability, and federal agencies have been given three weeks to secure their systems by October 7th.
Private organizations are advised to prioritize mitigating this vulnerability to prevent ongoing attacks.