News Update Now: Windows Zero-Day Exploited, Could Give Hackers System Privileges

Since 2.5 decades I am hearing/reading "0 day exploits"
But truly, didn't found enough cases in India at-least. effected or security jeopardized

Except 1 or 2 cases about ransomware, as Photo designers were too dumb to operate PC since 10+ years
And instead of backing up there work on a secure File Server in organization on LAN, kept everything in there PC (which was more dangerous, considering hardware failure)
 
Futureized said:
Since 2.5 decades I am hearing/reading "0 day exploits"
But truly, didn't found enough cases in India at-least. effected or security jeopardized

Except 1 or 2 cases about ransomware, as Photo designers were too dumb to operate PC since 10+ years
And instead of backing up there work on a secure File Server in organization on LAN, kept everything in there PC (which was more dangerous, considering hardware failure)
Click to expand...

Cause they are not reported like normal news. Aadhar, PAN, Passport, Medical details of 800+ million people have already been breached and is available for the right price. Indian companies are constantly getting attacked and breached. Just google company name and cyber attack and you will see. Unless you get a detailed report of each attack you wont know which CVE was utilized in which attack. India ranks as 2 or 3 highest in number of attacks in the world. Some sources claimed 72million attacks in 2023. Sometimes they are never able to find our how the breach happened in the first place so zero day stays secret.

Search in google to read about these examples: Swiggy cyber attack
Flipkart cyber attack
tata energy cyber attack

Companies like to hide breach and play it down for PR. Govt like to play it down to not cause panic and save face. Everyone has an agenda.

This is the exploit. Microsoft disclosed it together with releasing the security patch.

Security Update Guide - Microsoft Security Response Center

msrc.microsoft.com msrc.microsoft.com

Its a constant cat and mouse game between 2 sides. Crowdstrike in this case was acknowledged and maybe was the one who reported it. A black hat hacker when he finds a exploit has a window to attack. Disclosing it is not part of their workflow . Also a 0 day is very powerful . It usually targeted for a specific target and dont like to burn it on just any target. This exploit even affects windows server 2008 so it may have been present for decades.

Best example of overkill is still stuxnet. CIA, NSA and MOSSAD had managed to create an attack which used 4 zero days which targeted offline computers controlling nuclear centrifuges. Iran, US or Israel never acknowledged it but its public knowledge now. Kaspersky team was able to report about Stuxnet.

Sidenote: Might have put enough keywords in a single post to get flagged for a 3 letter agency bot
 
  • Like
Reactions: bigb123, aadilxdev, 6pack and 1 other person
Yes as stated above also in general public people don't tend to reveal they have been hacked etc and don't keep too much essential information on their devices too whereas for the people who are in fact important and have personal info on their computer would also try to hide the fact that they have been done for
 
Top Bottom