Trend Micro’s Zero Day Initiative (ZDI) highlighted a zero-day vulnerability, CVE-2024-38213 named Copy2Pwn, exploited to evade Windows security.
Discovered during the DarkGate campaign analysis by ZDI, linked to Water Hydra and DarkCasino groups, it targeted financial market traders previously with CVE-2024-21412. Microsoft addressed CVE-2024-38213 in June 2024 but disclosed it in August 2024 alongside five others.
This flaw bypasses Defender SmartScreen, leveraging how WebDAV-shared files are processed in copy/paste actions. WebDAV serves for web-based file hosting. Exploitation bypasses file security checks like Mark-of-the-Web, affecting downloaded files’ security scrutiny.
Read more – Copy2Pwn Zero-Day Exploited to Bypass Windows Protections
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
