The latest Microsoft Patch Tuesday took the wraps off of a critical privilege escalation vulnerability in Win32k, which has already been exploited in real-world attacks. Now that its PoC exploit has been released, it poses a significant risk to systems running versions prior to Windows 11. While fallouts from the MOVEit Transfer vulnerability continue to emerge, some critical updates have also surfaced about the biggest gambler in the game - the Cl0p ransomware group. Researchers found that the group had attained success in exploiting the vulnerability after nearly two years of effort. By the way, the newest victim to surface is a well-known holiday park operator.

Moving on. There’s a cyberespionage attempt spotted in the North African region, Libya specifically. The attackers are using a never-before-seen modular backdoor software named Stealth Soldier.

Top Breaches Reported in the Last 24 Hours

MOVEit breach affects park operator

Landal Greenparks, a holiday park operator, notified approximately 12,000 guests about a potential data breach affecting their personal information. The incident occurred due to the abuse of the bug in the company's MOVEit Transfer system. Officials alleged that the breach might have exposed personal details, such as names, birth dates, email addresses, genders, and residential addresses of individuals.

Health recruitment firm leaks data

German healthcare recruitment platform Pflegia blurted out sensitive user data such as names, home addresses, and emails of job seekers via an unsecured AWS bucket. The database, which was open for anyone to access, has since been closed to the public. It reportedly contained over 360,000 files.

Top Malware Reported in the Last 24 Hours

Cl0p’s persistence for MOVEit bug

Kroll security experts revealed that the Cl0p ransomware gang has been looking for ways to exploit the now-patched zero-day in the MOVEit Transfer solution since 2021. Additionally, it was uncovered that threat actors had been conducting tests since April 2022 to gather and extract sensitive data from compromised MOVEit Transfer servers. Notably, the exploitation of the bug significantly intensified on May 15, 2023, just prior to the widespread exploitation of the zero-day bug.

Libya face Stealth Soldier

An espionage campaign is targeting organizations in Libya, announced the Check Point Research team. The campaign employs a newly developed custom modular backdoor named Stealth Soldier. It functions as surveillance software, enabling the operators to monitor and harvest data from the targeted victims. Similarities were observed between the infrastructure used by Stealth Soldier and The Eye on the Nile campaign that had specifically targeted journalists and human rights activists in Egypt back in 2019.

Top Vulnerabilities Reported in the Last 24 Hours

Windows Win32k bug: PoC out

Security experts have published a proof-of-concept (PoC) exploit for a Windows local privilege escalation flaw which is being actively exploited in the wild. Originally reported by cybersecurity firm Avast, this flaw provides an avenue for low-privileged users to gain Windows SYSTEM privileges. Furthermore, the CISA has issued an alert regarding this flaw and included it in its "Known Exploited Vulnerabilities" catalog.