Play Ransomware Zero-Day Attacks — US, Saudi Arabia Have Been Targeted
Play ransomware exploited Windows zero-day.
The ransomware threat is far from over, despite the internal private communications of some of the cybercriminal gangs being leaked, snitches being offered big bucks for information on gang members, and the childishness of DOGE-trolling attackers demanding $1 trillion payments. If you want evidence of this, look no further than a recent report confirming a 5,365 ransomware rampage. Now it has been revealed that the Play ransomware malware has been used by cybercrime groups exploiting a Windows zero-day vulnerability in attacks across multiple countries, including the U.S., although not all were successful. Here's what you need to know.
A joint investigation by the Microsoft Threat Intelligence Center and Microsoft Security Response Center found that a zero-day vulnerability in the Windows Common Log File System had been exploited by Play ransomware attackers, before the elevation of privilege issue was fixed by the April Patch Tuesday security update. Targets included real estate and information technology organizations in the U.S., the retail sector in Saudi Arabia, and software in Spain. Now, the Symantec Threat Hunter Team has published an in-depth technological exploration of another, unsuccesful this time, Play ransomware attack exploiting the same CVE-2025-29824 zero-days against an as yet unnamed U.S. company.
The Microsoft threat report confirmed that the original attacks had been facilitated by the use of the PipeMagic malware backdoor and attributed them to a threat actor identified as Storm-2460, although no further information has been provided regarding this group. The Symantec Threat Hunter report, meanwhile, has attributed the latest attacks to a cybercrime group identified as Balloonfly, which is linked to multiple incidents involving Play ransomware deployed against businesses in North America, South America and Europe.
'While the use of zero-day vulnerabilities by ransomware actors is rare,' Symantec said, 'it is not unprecedented.' The good news is that the Ballonfly attack, Symantec said, occurred before the Windows patch was released. So, at the risk of stating the obvious, patch management is the best mitigation against falling victim to the Play ransomware menace. At least, that is, as far as this exploit route is concerned. CVE-2025-29824, is a use-after-free memory vulnerability in the Windows Common Log File System driver that can allow an unauthorized attacker to elevate their system privileges locally.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Fast Company
10 minutes ago
- Fast Company
Bridging the gap: How fusion teams drive business-IT alignment
The traditional boundaries between information technology (IT) and business units are becoming increasingly blurred. Especially as organizations adopt digital transformation initiatives such as artificial intelligence, the need for alignment across teams becomes even more critical. To stay competitive and drive innovation, organizations should work to bridge the gap early between these two domains with high-impact collaboration and consensus on objectives. THE CHALLENGE AND IMPLICATIONS OF SILOED OPERATIONS Historically, IT and business units have operated in silos, each focusing on their individual department goals. In fact, according to McKinsey & Company's 2023 The State of Organizations report, 33% of respondents say initiatives in their companies are being launched in organizational silos, thereby limiting their effectiveness. This separation can lead to miscommunication, misaligned goals, and inefficiencies. Business teams may view IT as a support function, while IT departments might see business units as lacking technical understanding. When IT and business strategies are not in sync, the consequences can be significant. Common challenges include: Delayed Projects And Outcomes: Without clear communication and shared objectives, projects may face delays due to conflicting priorities or misunderstandings yielding delayed benefits. Increased Costs And Risk: Disjointed priorities can lead to redundant efforts or investments in technologies that do not support business goals, resulting in wasted resources or increased risk. Reduced Agility: Organizations may struggle to adapt to market shifts if IT and business units are not working cohesively, leading to missed opportunities. THE SOLUTION: BUILDING FUSION TEAMS To overcome these challenges, organizations should consider embracing fusion teams, which are cross-functional groups that integrate members from IT and business units. These teams work collaboratively toward shared objectives, leveraging diverse expertise to drive innovation and efficiency. By breaking away from the traditional silos, fusion teams can combine technical knowledge with business insights to ensure both perspectives are considered from the start. At my company, we've embraced the fusion team model to connect the dots between IT and business units. By dedicating professionals from operations, marketing, and technology to work together as cohesive pods, we've witnessed great improvements in project delivery times and value realization, without losing oversight. This collaborative approach has facilitated our ability to align our technological initiatives closely with business objectives, resulting in solutions that are both technically sound and strategically relevant. KEY STRATEGIES FOR SUCCESSFUL FUSION TEAMS Building a fusion team is a strong first step toward spanning the divide between IT and business, but assembling the team is only the beginning. To unlock real value, leaders should focus on how to set these teams up for long-term success by ensuring they have the structure, support, and shared goals needed to drive meaningful outcomes. Strategies leaders can consider include: Align On Shared Goals: Set clear, common objectives and target outcomes that connect directly to your organization's broader strategy. When everyone understands what they're working toward, teams remain focused, motivated, and aligned. Regularly revisit these goals to ensure they remain relevant as priorities evolve. Dedicate Resources: Assign employees from IT and business units to work together full time with clear role definition and embedded decision rights. By committing dedicated resources, you foster stronger collaboration and create a sense of ownership within the team. Choose The Right Team Structure: Think about whether a centralized or decentralized approach fits your organization best. Centralized teams provide structure, consistency, and focus, while decentralized teams may offer more agility and closer ties to specific business functions. In some cases, a hybrid model may offer the best balance. Rethink Reporting: Consider adjusting reporting lines to drive deeper collaboration. For example, having IT team members temporarily report to business leaders across certain projects can help shift mindsets and instantly realign priorities. Bridging the gap between IT and business teams is no longer a luxury, but a necessity in today's business environment. By fostering fusion teams and promoting a culture of collaboration, organizations can enhance efficiency, drive innovation, and achieve strategic objectives more effectively.
CBS News
12 minutes ago
- CBS News
1 person dead after fire in north suburban Des Plaines
A person died in a building fire in north suburban Des Plaines overnight. Around 12:30 a.m., multiple fire departments, including Des Plaines and Niles, responded to a residential building fire at 9805 Bianco Terrace. Crews found a fire in a unit on the first floor that was quickly extinguished. Video from the scene shows a shattered screen door and charred inside of the building. Fire Chief Robert Greiner with the North Maine Fire Protection District said firefighters found a person unconscious from smoke inhalation. Greiner said despite life-saving measures, the victim died at the scene. The victim has not been identified. The cause of the fire is under investigation.
Android Authority
12 minutes ago
- Android Authority
Samsung is giving away one year of Perplexity Pro
Calvin Wankhede / Android Authority TL;DR The Samsung Galaxy Store is giving away a one-year subscription to Perplexity Pro. A one-year membership ordinarily costs $200. Perplexity Pro gives you XYZ Perplexity is one of the rising stars in the AI space, offering an AI-infused search engine and chatbot. The company also offers a Pro subscription, and it turns out Samsung is giving away a one-year membership. Redditor TheACwarriors (h/t: Android Police) recently discovered that the Galaxy Store is offering a free one-year subscription to Perplexity Pro. The one-year membership ordinarily costs $200, so you're saving a huge chunk of change. Want to take advantage of this offer? You'll need to apparently uninstall Perplexity if you already have it, then download it from the Galaxy Store. You then need to open the app and create a free account or log in to an existing free account. You should automatically get an email after logging in to the app, telling you that you've been upgraded to Perplexity Pro. Unfortunately, it looks like this promotion is only available to Galaxy Store users in the US. It's also worth noting that the promotion has been in effect for roughly a week now, so you might want to act quickly to take advantage. In any event, it's a fantastic freebie if you've been wanting to try out the service. Perplexity Pro offers 300+ Pro searches a day, access to more advanced AI models, image generation capabilities, unlimited file uploads, and the ability to opt out of AI training. Got a tip? Talk to us! Email our staff at Email our staff at news@ . You can stay anonymous or get credit for the info, it's your choice.
