'Criminals are preying on Windows users': Software subject of CISA, cybersecurity warnings

The U.S. Cybersecurity and Infrastructure Security Agency added a vulnerability in Microsoft's Windows 10 software to a list of exploited security weak spots.

CISA said that "Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution," in a listing added to the agency's Known Exploited Vulnerability Catalog Monday.

The listing advised users to stop using software or utilize a patch through Windows.

CISA said that it did not know if the vulnerability, titled CVE-2018-0824, had been used in a ransomware campaign but a CISCO Talos report released Thursday said that a Chinese hacking group utilized the vulnerability in an attack on a Taiwanese government research center. The report said the center was, "likely compromised."

Second organization issues Windows warning

CISA was not the only organization to issue a warning to Windows users Monday.

"Criminals are preying on Windows users yet again, this time in an effort to hit them with a keylogger that can also steal credentials and take screenshots," enterprise technology news site the Register reported Monday.

The outlet reported that FortiGuard Labs, a threat intelligence agency, found an uptick in malware attacks with SnakeKeylogger. The malware is known to steal credentials and record keystrokes in infected machines.

It was originally sold on a subscription basis on Russian crime forums and became a major threat in 2020, according to the Register.

In 2022 Check Point Research, a cyber security firm, warned that the malware, "is usually spread through emails that include docx or xlsx attachments with malicious macros," and through PDF files.

The warnings come on the heels of the "Crowdstrike outage" in July, where a defective software update rendered devices using Windows software useless for hours.

Source