Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hiveproHiveForce LabsHIVEPRO:DAD3F371AEB5319B85DB2A9EFC4B0971
HistoryApr 12, 2023 - 11:17 a.m.

Cybercrime group exploits zero-day on Windows servers to deploy Nokoyawa ransomware

2023-04-1211:17:33
HiveForce Labs
www.hivepro.com
78
cybercrime
zero-day vulnerability
windows servers
nokoyawa ransomware
cve-2023-28252
encryption
ransom demand
threat advisory
hiveforce labs
linkedin

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.025 Low

EPSS

Percentile

90.1%

JSON

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Nokoyawa ransomware is a new threat that exploits the CVE-2023-28252 vulnerability to infiltrate and encrypt victims' files, demanding a ransom for their release. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.

Related

mscve 1
githubexploit 4
attackerkb 1
cve 1
prion 1
metasploit 1
zdt 1
cisa_kev 1
cvelist 1
nvd 1
vulnrichment 1
packetstorm 1
wizblog 1
securelist 10
qualysblog 4
talosblog 2
thn 2
avleonov 2
krebs 1
malwarebytes 1
trellix 2
rapid7blog 3
nessus 11
mskb 15
openvas 8
kaspersky 2
mscve
mscve
Windows Common Log File System Driver Elevation of Privilege Vulnerability
2023-04-11 07:00:00
githubexploit
githubexploit
Exploit for Heap-based Buffer Overflow in Microsoft
2023-06-27 12:22:05
Exploit for Heap-based Buffer Overflow in Microsoft
2024-01-22 10:38:02
Exploit for Heap-based Buffer Overflow in Microsoft
2024-01-01 15:30:33
attackerkb
attackerkb
CVE-2023-28252
2023-04-11 00:00:00
cve
cve
CVE-2023-28252
2023-04-11 21:15:25
prion
prion
Privilege escalation
2023-04-11 21:15:00
metasploit
metasploit
Windows Common Log File System Driver (clfs.sys) Elevation of Privilege Vulnerability
2023-07-28 07:43:37
zdt
zdt
Windows Common Log File System Driver (clfs.sys) Privilege Escalation Exploit
2023-09-14 00:00:00
cisa_kev
cisa_kev
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
2023-04-11 00:00:00
cvelist
cvelist
CVE-2023-28252 Windows Common Log File System Driver Elevation of Privilege Vulnerability
2023-04-11 19:13:51
nvd
nvd
CVE-2023-28252
2023-04-11 21:15:25
vulnrichment
vulnrichment
CVE-2023-28252 Windows Common Log File System Driver Elevation of Privilege Vulnerability
2023-04-11 19:13:51
packetstorm
packetstorm
Windows Common Log File System Driver (clfs.sys) Privilege Escalation
2023-09-14 00:00:00
wizblog
wizblog
Microsoft April 2023 Patch Tuesday Highlights: everything you need to know
2023-04-13 19:20:20
securelist
securelist
IT threat evolution in Q2 2023
2023-08-30 10:00:05
Windows CLFS and five exploits used by ransomware operators (Exploit #5 – CVE-2023-28252)
2023-12-21 10:00:01
Nokoyawa ransomware attacks with Windows zero-day
2023-04-11 17:36:20
qualysblog
qualysblog
Combine Qualys TruRiskβ„’ and MITRE ATT&CK to Adopt Threat-Informed Defense to Reduce Risk
2024-03-25 15:44:18
Qualys Survey of Top 10 Exploited Vulnerabilities in 2023
2023-09-26 13:04:00
2023 Threat Landscape Year in Review: If Everything Is Critical, Nothing Is
2023-12-19 15:00:00
talosblog
talosblog
Threat Source newsletter (April 13, 2023) β€” Dark web forum whac-a-mole
2023-04-13 18:00:40
Microsoft Patch Tuesday for April 2023 β€” Snort rules and prominent vulnerabilities
2023-04-11 19:28:27
thn
thn
Carbanak Banking Malware Resurfaces with New Ransomware Tactics
2023-12-26 07:26:00
Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit
2023-04-12 06:38:00
avleonov
avleonov
Vulristics News: EPSS v3 Support, Integration into Cloud Advisor
2023-04-23 23:11:58
Microsoft Patch Tuesday April 2023: CLFS EoP, Word RCE, MSMQ QueueJumper RCE, PCL6, DNS, DHCP
2023-04-27 22:03:04
krebs
krebs
Microsoft (& Apple) Patch Tuesday, April 2023 Edition
2023-04-12 00:06:51
malwarebytes
malwarebytes
Update now! April’s Patch Tuesday includes a fix for one zero-day
2023-04-12 10:00:00
trellix
trellix
The Bug Report – April 2023 Edition
2023-05-03 00:00:00
The Bug Report – April 2023 Edition
2023-05-03 00:00:00
rapid7blog
rapid7blog
Metasploit 2023 Annual Wrap-Up: Dec. 29, 2023
2023-12-29 19:38:15
Metasploit Weekly Wrap-Up
2023-09-15 18:54:45
Patch Tuesday - April 2023
2023-04-11 22:49:56
nessus
nessus
KB5025273: Windows Server 2008 Security Update (April 2023)
2023-04-11 00:00:00
KB5025277: Windows Server 2008 R2 Security Update (April 2023)
2023-04-11 00:00:00
KB5025234: Windows 10 LTS 1507 Security Update (April 2023)
2023-04-11 00:00:00
mskb
mskb
April 11, 2023β€”KB5025273 (Security-only update)
2023-04-11 07:00:00
April 11, 2023β€”KB5025271 (Monthly Rollup)
2023-04-11 07:00:00
April 11, 2023β€”KB5025277 (Security-only update)
2023-04-11 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5025279)
2023-04-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5025234)
2023-04-12 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5025221)
2023-04-12 00:00:00
kaspersky
kaspersky
KLA48842 Multiple vulnerabilities in Microsoft Products (ESU)
2023-04-11 00:00:00
KLA48845 Multiple vulnerabilities in Microsoft Windows
2023-04-11 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.025 Low

EPSS

Percentile

90.1%

JSON
Related for HIVEPRO:DAD3F371AEB5319B85DB2A9EFC4B0971
mscve1githubexploit4attackerkb1cve1prion1metasploit1zdt1cisa_kev1cvelist1nvd1vulnrichment1packetstorm1wizblog1securelist10qualysblog4talosblog2thn2avleonov2krebs1malwarebytes1trellix2rapid7blog3nessus11mskb15openvas8kaspersky2