Black Basta Strikes Again: Inside the Exploitation of Windows Flaw CVE-2024-26169

Black Basta ransomware exploits CVE-2024-26169, a Windows vulnerability, elevating privileges to SYSTEM. Microsoft patched it in March, but Black Basta had a working exploit for months. Symantec’s report links these attacks to the Cardinal cybercrime group. Stay secure by updating Windows and following CISA guidelines.

3P
Published: June 12, 2024 12:14 pmAdded: June 12, 2024 at 5:21 amAssembled by: The Editor
Pro Dashboard

Hot Take:

From Black Basta to Blasted Basta! This ransomware gang is the unwanted guest at the cybersecurity party, crashing through Windows vulnerabilities faster than Microsoft can RSVP with a patch.

Key Points:

  • Black Basta exploited a zero-day vulnerability in Windows Error Reporting Service (CVE-2024-26169).
  • Microsoft patched the flaw on March 12, 2024, but attackers may have used it earlier.
  • Symantec observed the attack, linking it to the Cardinal cybercrime group.
  • The exploit tool used by Black Basta was found with timestamps predating the Microsoft patch.
  • Black Basta’s history includes ties to the Conti syndicate and significant ransom earnings.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?