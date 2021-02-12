More of 400 phishing campaigns per week used during the last month on Valentine’s Day -Saint Valentine- as a lure to attract potential victims on the Internet, as discovered by the cybersecurity company Check Point.

The data denotes a growth of 29 percent with respect to the last year of the new domains with Valentine’s Day as a hook theme. Since the second week of January, the average number of ‘phishing’ campaigns has been 400 per week.

This year 2021, 23,000 new domains related to the Valentine’s theme have been registered, as reported by Check Point in a statement. Of these, 0.5 percent (115) were malicious and 1.8 percent (414) were suspicious.

Many of the ‘phishing’ scams focus on buyer fraud. To do this, it is very common to supplant the identity of well-known brands to attract their victims.

Online scams, more and more frequent. Photo: EFE

However, Check Point Research researchers have discovered that, on this occasion, they have reused past campaigns, as in the case of a fradulent email that seemed to come from Pandora and that is very similar to a campaign detected last November. on the occasion of Black Friday.

The purpose of the email was, as usual, offer extremely low prices to entice the user to buy items jewelry on a fake Pandora page that mimicked the original.

Microsoft fixes an old vulnerability

Microsoft this week released a security patch for Microsoft Defender, the antivirus pre-installed in Windows computers, which solves a vulnerability that was present in the ‘software’ for 12 years.

The security problem allowed potential attackers to access the security privileges of the Windows system, which are reserved only to administrators, as the cybersecurity company has warned SentinelOne, who discovered the fault.

The vulnerability in question was present in Microsoft Defender, the antivirus pre-installed on computers with the Windows operating system (installed on more than a billion devices around the world).

At least since 2009, this ‘software’ contained a ‘driver’ known as ‘BTR.sys’. This item is responsible for removing the system file and other resources created by malicious ‘software’ on infected computers.

The operation of this ‘driver’ did not check in one of its processes if the files deleted and created had been changed by a link, which would allow an attacker to overwrite files on the device, an action that can only be carried out by the administrator and is consider privilege escalation.

There is no evidence, according to SentinelOne, that the vulnerability has been exploited by malicious actors to carry out attacks, and it may not have been detected in over 12 years because the vulnerable ‘driver’ is a component that is not usually stored on the hard driveInstead, it is used and immediately removed.

Last Tuesday, Microsoft released an update that ended the security problem, dubbed CVE-2021-24092. The patch was distributed automatically to all Windows 10 users, who do not have to take additional action.

However, according to SentinelOne, devices with previous versions of the system, such as Windows 7, remain vulnerable to potential attacks after the end of security support.

