Industry News  Zero-Day Ransomware Attack hits U.S. Organization via Windows CVE-2025-29824
Industry News

Zero-Day Ransomware Attack hits U.S. Organization via Windows CVE-2025-29824

SecuredyouadmSecuredyouadmMay 7, 20250
PinterestLinkedInTumblrRedditVKWhatsApp
More stories



A recent cyber attack targeting an organization in the United States involved threat actors associated with the Play ransomware family exploiting a zero-day vulnerability in Microsoft Windows. The attack utilized CVE-2025-29824, a privilege escalation flaw in the Common Log File System (CLFS) driver that was patched by Microsoft last month. Play ransomware, also known as Balloonfly and PlayCrypt, is notorious for its double extortion tactics, where sensitive data is stolen and then encrypted for ransom.

Symantec’s Threat Hunter Team observed that the attackers likely gained access through a public-facing Cisco Adaptive Security Appliance (ASA) and then moved to another Windows machine on the target network using an undisclosed method. The attack involved the use of Grixba, a custom information stealer attributed to Play, and an exploit for CVE-2025-29824 disguised as Palo Alto Networks software.

During the attack, the threat actors collected information on all available machines in the victims’ Active Directory and saved the results to a CSV file. Although no ransomware payload was deployed in this intrusion, it highlights the use of zero-day exploits by ransomware actors to infiltrate targets. This trend was also seen with the Black Basta group exploiting a privilege escalation vulnerability as a zero-day in the past.

In another incident, threat actors utilized a local bypass technique called Bring Your Own Installer to disable endpoint security software and deploy the Babuk ransomware. This technique targeted SentinelOne’s EDR system by exploiting a flaw in the upgrade/downgrade process of the SentinelOne agent. The attackers gained local administrative access on a publicly-accessible server to carry out the attack.

Ransomware attacks have evolved with new trends such as targeting domain controllers to breach organizations and gain access to privileged accounts for mass encryption. Additionally, Ransomware-as-a-Service (RaaS) platforms like PlayBoy Locker have emerged, offering cybercriminals tools and support for launching ransomware attacks. The rise of ransomware cartels like DragonForce indicates a shift towards organized cybercrime in the ransomware landscape.



Source link

PinterestLinkedInTumblrRedditVKWhatsApp

Securedyouadm

As technology advances, the way we communicate is constantly evolving. The rise of social media platforms has revolutionized the way we interact with one another, allowing us to connect with people from all over the world in an instant. However, with this increased connectivity comes the risk of misinformation spreading like wildfire. In today’s digital age, it is more important than ever to critically evaluate the information we consume and share online.

One of the biggest challenges we face in the age of social media is the prevalence of fake news. Misleading headlines and doctored images can easily go viral, leading to widespread confusion and misinformation. It is crucial for individuals to fact-check information before sharing it, and to be wary of sources that are not credible. By being vigilant and discerning consumers of information, we can help combat the spread of fake news.

Another issue that arises from the constant connectivity of social media is the potential for cyberbullying. The anonymity provided by the internet can embolden individuals to engage in harmful behavior towards others. It is important for social media platforms to have strict policies in place to prevent cyberbullying and to provide support for those who are targeted. By fostering a positive and respectful online community, we can create a safer environment for all users.

Despite the challenges that come with social media, it also provides many opportunities for positive communication and collaboration. Platforms like Twitter and Instagram allow individuals to share their thoughts and ideas with a global audience, fostering creativity and connection. By using social media responsibly and ethically, we can harness its power for good and make a positive impact on the world.

In conclusion, the age of social media has brought both benefits and challenges to the way we communicate. It is up to us as individuals to navigate this digital landscape with care and consideration, being mindful of the information we consume and share. By staying informed, critical, and empathetic, we can harness the power of social media for positive change and create a more connected and inclusive online community.
Senior Manager of Cybersecurity Detection Engineering
Related posts
Load more
Leave a Reply

Your email address will not be published. Required fields are marked *

Read also
Load more