Kaspersky finds zero-day exploit in Desktop Window Manager

Early 2021, Kaspersky’s researchers, upon further analysis into the already reported CVE-2021-1732 exploit used by the BITTER APT group, have managed to discover another zero-day exploit. The experts are currently unable to link this exploit to any known threat actor.

A zero-day vulnerability is basically an unknown software bug. Upon identification and discovery, they allow attackers to conduct malicious activities in the shadows, resulting in unexpected and destructive consequences.

While analyzing the CVE-2021-1732 exploit, Kaspersky experts found another such zero-day exploit and reported it to Microsoft in February. After confirmation that it is indeed a zero-day, it received the designation CVE-2021-28310.

According to the researchers, this exploit is used in the wild, potentially by several threat actors. It is an escalation of privilege (EoP) exploit, found in Desktop Window Manager, allowing the attackers to execute arbitrary code on a victim’s machine.

It is likely that the exploit is used together with other browser exploits to escape sandboxes or obtain system privileges for further access.

Kaspersky’s initial investigation has not revealed the full infection chain, so it is yet not known whether the exploit is used with another zero-day or coupled with known, patched vulnerabilities.

“The exploit was initially identified by our advanced exploit prevention technology and related detection records. In fact, over the past few years, we have built a multitude of exploit protection technologies into our products that have detected several zero-days, proving their effectiveness time and time again. We will continue to improve defenses for our users by enhancing our technologies and working with third-party vendors to patch vulnerabilities, making the internet more secure for everyone,” comments Boris Larin, security expert at Kaspersky.

More information about BITTER APT and IOCs are available to customers of the Kaspersky Intelligence Reporting service. Contact: [email protected]

A patch for the elevation of privilege vulnerability CVE-2021-28310 was released on April 13th, 2021.

Kaspersky products detect this exploit with the following verdicts:


Oops! Aetna exposed 12,000 customers’ HIV statuses through envelope window

Oops! Aetna exposed 12,000 customers' HIV statuses through envelope window

American managed health care company Aetna is in hot water for accidentally exposing the HIV statuses of 12,000 of its patients.

David Bisson reports.

Graham Cluley

Judge saves bacon of woman who smeared some on window inside police station

A month ago I brought you the story of a woman who tossed and smeared meat products – bacon and sausage – at a police officer working behind a glass window in Framingham, Mass. The story caught my eye because it happened just across town from Network World headquarters and the woman involved shares my surname, though to my knowledge no close relatives.

The bizarre episode garnered widespread media attention – thanks primarily to the accompanying surveillance video – and now a judge has resolved the legal case. From a MetroWest Daily News report:

To read this article in full or to leave a comment, please click here

Network World Paul McNamara

China hacker’s angst opens a window onto cyber-espionage – Los Angeles Times

China hacker's angst opens a window onto cyber-espionage
Los Angeles Times
Top U.S. intelligence officials said Tuesday that attacks and espionage now pose a greater potential danger than Al Qaeda and other militant organizations. The computers of more than 30 journalists and executives of Western news organizations in China,

and more »

Espionage China – read more