Tag Archive for: Exploited

Another Google Chrome 0-Day Bug Found Actively Exploited In-the-Wild

/in


Google has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month.

The browser maker on Friday shipped 89.0.4389.90 for Windows, Mac, and Linux, which is expected to be rolling out over the coming days/weeks to all users.

While the update contains a total of five security fixes, the most important flaw rectified by Google concerns a use after free vulnerability in its Blink rendering engine. The bug is tracked as CVE-2021-21193.

Details about the flaw are scarce except that it was reported to Google by an anonymous researcher on March 9.

As is usually the case with actively exploited flaws, Google issued a terse statement acknowledging that an exploit for CVE-2021-21193 existed but refrained from sharing additional information until a majority of users are updated with the fixes and prevent other threat actors from creating exploits targeting this zero-day.

“Google is aware of reports that an exploit for CVE-2021-21193 exists in the wild,” Chrome Technical Program Manager Prudhvikumar Bommana noted in a blog post.

With this update, Google has fixed three zero-day flaws in Chrome since the start of the year.

Earlier this month, the company issued a fix for an “object lifecycle issue in audio” (CVE-2021-21166) which it said was being actively exploited. Then on February 4, the company resolved another actively-exploited heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine.

Chrome users can update to the latest version by heading to Settings > Help > About Google Chrome to mitigate the risk associated with the flaw.

Source…


[the_ad_group id="27628"]

Massive Hacks Linked to Russia, China Exploited U.S. Internet Security Gap

/in


U.S. lawmakers and security experts are voicing concern that foreign governments are staging cyberattacks using servers in the U.S., in an apparent effort to avoid detection by America’s principal cyberintelligence organization, the National Security Agency.

When hackers recently targeted servers running Microsoft Corp.’s widely used Exchange software, they employed U.S.-based computers from at least four service providers to mount their attack, according to an analysis by the threat intelligence company DomainTools LLC.

The attack that Microsoft disclosed last week affected at least tens of thousands of customers and has been linked by the software giant and other security researchers to China-based hackers. The Chinese Embassy in Washington on Tuesday didn’t directly address the charge that China was behind the Microsoft hack and referred to earlier comments from Beijing in which the government said it “opposes and combats cyberattacks and cyber thefts in all forms.”

It is the second major suspected nation-state hack unearthed in the past few months to have employed U.S. servers as a launchpad. Suspected Russian hackers used U.S.-based cloud services to support key stages of their attack that leveraged a hack at SolarWinds Corp. , the Austin, Texas, network software provider through which they penetrated U.S. government and corporate networks. In both cases, the hacks were disclosed by private-sector researchers, not the U.S. government.

The NSA, with its tens of thousands of employees, is one of the main U.S. government organizations responsible for protecting the U.S. in cyberspace. It has vast surveillance powers, though is generally prohibited from using them to collect intelligence on domestic targets, including computer servers inside the U.S. maintained by American companies.

Source…

Florida Water Plant Hackers Exploited Old Software And Poor Password Habits

/in


The world took notice when a cyber attacker breached a Florida city’s water treatment plant and tried to poison the water supply. New details about the incident reveal serious cyber security shortcomings at the plant.

As reported by Ars Technica, a Private Industry Notification (PIN) from the FBI noted two major issues. One was that the compromised computer at the Oldsmar water treatment facility was running an “outdated Windows 7 operating system.”

That statement applies to pretty much any computer running Windows 7 at this point. As of January 14 last year Microsoft had stopped offering software updates, security updates or fixes and technical support for Windows 7. Ahead of that date Microsoft had warned that “While you could continue to use your PC running Windows 7, without continued software and security updates, it will be at greater risk for viruses and malware.”

Microsoft had already extended support for Windows 7 on a couple of occasions and the company provides plenty of notice when it’s ending support. Nevertheless it’s not uncommon for organizations to continue using an operating system beyond its end-of-support date.

Specialized applications — like those that control the water treatment system at the Florida plant — may not be compatible with a newer OS. Faced with the possibility of a broken piece of critical software, many organizations choose to continue running the outdated OS. This incident once again underscored just how risky that practice can be.

Another failing revealed in the Bureau’s notification is that staff all utilized the same password for remote access via the Teamviewer application. That same password was used on all of the plant’s computers and it’s believed that the attacker(s) used that password to break in.

That’s two very big cyber security strikes already. The third? The plant’s computers “appeared to be connected directly to the Internet without any type of firewall protection installed.”

Firewalls provide a first line of defense against unauthorized access. They’re an important part network security in any situation. In a case where the…

Source…

Outdated computer system exploited in Florida water treatment plant hack

/in


Investigators are still trying to determine who’s behind the hack.

February 10, 2021, 11:20 PM

4 min read

An outdated version of Windows and a weak cybersecurity network allowed hackers to access a Florida wastewater treatment plant’s computer system and momentarily tamper with the water supply, federal investigators revealed in a memo obtained by ABC News.

The FBI’s Cyber Division on Tuesday notified law enforcement agencies and businesses to warn them about the computer vulnerabilities, which led to the Bruce T. Haddock Water Treatment Plant in Oldsmar being hacked on Feb. 5.

The plant’s computer systems were using Windows 7, which hasn’t received support or updates from Microsoft in over a year, according to the FBI.

“The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security and an outdated Windows 7 operating system to compromise software used to remotely manage water treatment,” investigators wrote in the report. “The actor also likely used the desktop sharing software TeamViewer to gain unauthorized access to the system.”

The hacker was able to use remote access software to raise the levels of sodium hydroxide in the water from about 100 parts per million to 11,100 parts per million for a few minutes, according to investigators. Sodium hydroxide is used in liquid drain cleaners and used, in small doses, to remove metals from water.

A plant manager who noticed the hack as it unfolded was able to return the system to normal before there any major damage occurred, investigators said. The public was never in danger because it would have taken 24 to 36 hours for tainted water to hit the system if no one intervened.

The FBI and other law enforcement agencies are still trying to determine who was behind the…

Source…