⚠️ Windows CLFS vulnerability used for ransomware attacks

CVE-2023-28252 is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS) Driver that could provide an attacker with SYSTEM privileges. Qualys director of vulnerability and threat research noted that the flaw, which has a CVSS score of 7.8, is already being used by cybercriminals to deploy Nokoyawa ransomware. Thursday, April 13, 2023 Sponsored By: [Cyber GRX] Cybersecurity Insider is brought to you by eSecurity Planet and TechRepublic.   TODAY'S TOP STORY   [Windows CLFS Vulnerability Used for Ransomware Attacks]( CVE-2023-28252 is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS) Driver that could provide an attacker with SYSTEM privileges. Qualys director of vulnerability and threat research noted that the flaw, which has a CVSS score of 7.8, is already being used by cybercriminals to deploy Nokoyawa ransomware. [Read More](   TRENDING NOW     [Cybersecurity leaders see risk from email attacks, hybrid work]( Cybersecurity leaders see risk from email attacks, hybrid work]( As TechRepublic has reported previously, business email compromise — or BEC — attacks are on the upswing, particularly as threat actors use such tactics as third-party reconnaissance to impersonate vendors. [Read More]( [Google Cloud offers Assured Open Source Software for free]( [Google Cloud offers Assured Open Source Software for free]( In the face of growing risks from open-source software dependencies, Google Cloud is releasing its Assured Open Source Software (Assured OSS) service for Java and Python ecosystems at no cost. [Read More]( [Gain Total Visibility Into Your Attack Surface]( Third-party digital risk is the biggest emerging threat to your organization. Our risk management platform helps you pinpoint, measure, and prioritize your third-party cyber risks, so you can plan appropriately and sleep soundly. [Reserve Now](   YOUR RECOMMENDED NEWSLETTER   [Subscribe to TechRepublic's Developer Insider]( From the hottest programming languages to commentary on the Linux OS, get the developer and open source news and tips you need to know. Receive trending articles similar to How to easily deploy a full-stack application in Portainer with templates. [Subscribe Now](   TECHREPUBLIC SHOP   [Hiring kit: Cybersecurity engineer]( Recruiting a cybersecurity engineer with the right combination of technical and industry experience will require a comprehensive screening process. This hiring kit from TechRepublic Premium provides a flexible framework your business can use to find, recruit and ultimately hire the right person for the job. [Visit TechRepublic Premium](   [Infosec4TC Platinum Membership: Cyber Security Training Lifetime Access]( Be an Expert on Infosec4TC with Unlimited Access to Self-Paced Courses on GSEC, CISSP & More [Visit TechRepublic Academy](   WHAT'S NEW ACROSS OUR TECH UNIVERSE   Datamation   [10 Top Data Security Software & Solutions]( Data security software and solutions help a company get more visibility and insight to discover and solve cyberthreats. Enterprise Storage Forum   [How Long Does an SSDs Last? | Calculate Your SSD’s Lifespan]( SSDs store data using flash memory electronically. The cells wear out with time and become less efficient, affecting the drive’s usable life cycle. Enterprise Networking Planet   [What Is a Trojan Horse Virus? Definition, Prevention, and Detection]( Trojan horses accounted for at least six of the 11 most common malware strains in 2021, according to the Cybersecurity and Infrastructure Security Agency (CISA). ServerWatch   [How to Enable Multiple Remote Desktop Sessions for Windows 11]( Take a look at potential issues and workarounds that will allow you to enable Remote Desktop sessions for multiple users on Windows 11. eSecurityPlanet   [7 Steps of the Vulnerability Assessment Process Explained]( A vulnerability assessment is one of the most important pieces of an enterprise’s vulnerability management lifecycle because you can’t fix security vulnerabilities you know nothing about.   CONNECT WITH TECHREPUBLIC   We're on TikTok and Instagram now! [Facebook]( [Twitter]( [Instagram]( [LinkedIn]( [TikTok]( [YouTube]( Visit the [Subscription Center]( to get other free newsletters, manage your account settings or to be removed from TechRepublic communications. Unsubscribe]( | [FAQ]( | [Terms of Use]( | [Privacy Policy]( © 2022 TechnologyAdvice, LLC. All rights reserved. All rights reserved. This is a marketing email from TechnologyAdvice, 3343 Perimeter Hill Dr., Suite 100, Nashville, TN 37211, USA. Please do not reply to this message. To contact us, please click [here](.