Tag Archive for: Exploits

China suspected to be behind Ivanti zero-day exploits

/in


Ivanti is working on a patch to fix two high-impact vulnerabilities allowing attackers to control an affected system.

Attackers have been exploiting two zero-day vulnerabilities affecting the security software provider Ivanti’s products. CISA urged admins to take note of the flaws and added the vulnerabilities, tracked as CVE-2023-46805 and CVE-2024-21887, to the Known Exploited Vulnerabilities catalog, requiring government institutions to remediate the issue.

“When combined, these two vulnerabilities make it trivial for attackers to run commands on the system. In this particular incident, the attacker leveraged these exploits to steal configuration data, modify existing files, download remote files, and reverse tunnel from the ICS VPN appliance,” researchers at Volexity said.

However, Ivanti has yet to release a patch for the affected systems. For the time being, the company issued a workaround via its blog.

“We have seen evidence of threat actors attempting to manipulate Ivanti’s internal integrity checker (ICT). Out of an abundance of caution, we are recommending that all customers run the external ICT,” reads Ivanti’s blog.

The zero-days are an authentication bypass and command-injection vulnerabilities that allow attackers to perform a wide array of attacks, including remote code execution and system takeover. According to Ivanti, the company is aware of “less than ten customers” who were impacted by the vulnerabilities.

Ivanti claims to have over 40 thousand customers in total.

Researchers believe that the affected systems may have been exploited as early as December 3rd, 2023. The culprits behind the exploits are suspected to be UTA0178, believed to be a Chinese nation-state-level threat actor.

There‘s little insight into the attacker‘s motives. However, researchers observed threat actors carrying out reconnaissance and system exploration tasks.

“This primarily consisted of looking through user files, configuration files, and testing access to systems. The primary notable activity beyond that was deployment of webshells to multiple systems,” Volexity researchers said.

“>

More…

Source…

iPhone Security In The Face Of Zero-Click Exploits

/in


Apu Pavithran is the founder and CEO of Hexnode, an award-winning unified endpoint management platform.

For Apple enthusiasts and business owners alike, the iPhone has been more than a device—it’s a symbol of security and reliability. That doesn’t imply, however, that the iPhone is a veritable Fort Knox. Vulnerabilities popping up occasionally are nothing new. However, a recent pair of zero-day vulnerabilities raise considerable concern. In early September 2023, CitizenLab, a vigilant internet watchdog group, unearthed a zero-click iOS vulnerability that enabled the notorious Pegasus spyware to infiltrate iPhones. This revelation serves as a wake-up call, reminding us that even the seemingly impenetrable can be compromised.

Unraveling The Vulnerability

What’s truly unsettling is that even the most up-to-date iPhone with the latest iOS can fall victim to this attack without any user interaction. Unlike traditional attacks that require some form of user interaction, this exploit can compromise an iPhone without any action from the victim.

The first exploit, CVE-2023-41064, affects Image I/O, a foundation for programs that enable them to read and write different image formats. A buffer overflow issue in Image I/O may be used to build a maliciously created image that causes iOS to execute malicious software. For those unfamiliar, a buffer overflow takes place when a program tries to input more information into a buffer than it can accommodate. This can lead to various issues such as data distortion, program malfunctions or even the activation of harmful code. The second vulnerability, CVE-2023-41061, affects Apple Wallet and can be exploited to trick it into executing malicious code.

At the end of both vulnerabilities lies Pegasus, a potent and sophisticated spyware developed by Israel’s NSO group. Pegasus utilizes the zero-click zero-day vulnerability to inject itself onto iPhones and iPads. Once infiltrated, its capabilities are staggering: It can siphon off texts, emails, media files, contacts and GPS coordinates. Additionally, it can eavesdrop on calls and surreptitiously activate both the microphone and camera.

Marketed under the guise of crime and terrorism…

Source…

Cybercriminals using fewer than 1% of thousands of potential exploits

/in


More than 26,000 vulnerabilities were disclosed in 2023, but cybercriminals only needed fewer than 1% of them, a Qualys Threat Research Unit report reveals. Almost half of exploited vulnerabilities were unknown to cyber defenders.

Statistics from 2023 reveal that malicious actors act fast when exploiting vulnerabilities before they get patched.

Over 26,000 vulnerabilities were disclosed in 2023, which is 5.6% more compared to the previous year. However, Qualys found that fewer than one percent of them contributed to the highest risk and were routinely exploited by threat groups.

Among 206 weaponized vulnerabilities, 109 were known to the US cyber defense agency CISA, while the rest 109 were unknown.

Ransomware groups such as LockBit and Cerber routinely exploited even fewer than that, only 20 vulnerabilities, despite having over 7,000 discovered vulnerabilities with a proof-of-concept exploit code that could result in successful exploitation. Cyber gangs did not use the lower quality code to ensure the highest likelihood of successful attacks.

exploited-vulnerabilities

Additionally, 15 vulnerabilities were exploited by malware and botnet groups.

“Many of these vulnerabilities, such as those found in MOVEit Transfer, Windows SmartScreen, and Google Chrome, are exploitable remotely, obviating the need for physical access to the targeted system,” researchers said.

Remote code execution is the most preferred type of exploit, with 60 vulnerabilities exploited in the wild. The five most prevalent types, comprising over 70% of weaponized vulnerabilities, also included security feature bypass, privilege escalation, buffer manipulation, and input validation and parsing.

Less time to react

The report reveals that network defenders must act with urgency. While the average time to exploit vulnerabilities in 2023 stands at 44 days, in numerous cases, exploits were available on the very same day vulnerabilities were published. The Modus operandi of attackers is shifting, leaving less time for response.

“25 percent of these security vulnerabilities were immediately targeted for exploitation, with the exploit being published on the same day as the vulnerability itself was publicly disclosed,”…

Source…

Chrome Exploits Patched To Secure Your Browsing

/in


In a bid to fortify the security of its Chrome browser, Google has swiftly addressed seven vulnerabilities, with one particularly menacing zero-day exploit. This critical flaw, identified as CVE-2023-6345, centers around an integer overflow bug within Skia, an open-source 2D graphics library. Users can breathe a sigh of relief with the latest Chrome update, as critical security vulnerabilities have been addressed and Chrome exploits patched for enhanced online safety.

 

Google Chrome Security Updates

Discovered and reported by Benoît Sevens and Clément Lecigne from Google’s Threat Analysis Group on November 24, 2023, CVE-2023-6345 has gained notoriety for being actively exploited in the wild. An integer overflow vulnerability in Skia, this flaw poses a substantial risk to Chrome users.


The Silent Culprit: CVE-2023-2136 Resurfaces


Notably, this isn’t the first time an integer overflow in Skia has been exploited. In April 2023, Google tackled a similar issue (CVE-2023-2136) that had also fallen victim to zero-day exploitation. There’s a concerning possibility that CVE-2023-6345 may serve as a patch bypass for its predecessor.

CVE-2023-2136 allowed a remote attacker, who compromised the renderer process, to potentially execute a sandbox escape through a carefully crafted HTML page. The recurrence of this vulnerability emphasizes the evolving nature of cyber threats.


Chrome Exploits Patched

 

The latest Chrome security patches and updates mark Google’s proactive approach in addressing seven zero-day vulnerabilities since the beginning of the year. Each flaw is assigned a Common Vulnerability Scoring System (CVSS) score, highlighting its severity. 

The vulnerabilities include:

  • CVE-2023-2033 (CVSS score: 8.8) – Type confusion in V8
  • CVE-2023-2136 (CVSS score: 9.6) – Integer overflow in Skia
  • CVE-2023-3079 (CVSS score: 8.8) – Type confusion in V8
  • CVE-2023-4762 (CVSS score: 8.8) – Type confusion in V8
  • CVE-2023-4863 (CVSS score: 8.8) – Heap buffer overflow in WebP
  • CVE-2023-5217 (CVSS score: 8.8) – Heap buffer overflow in vp8 encoding in libvpx


Chrome Exploits Patched: Actions Required


To mitigate potential threats, users are strongly urged to upgrade to Chrome…

Source…