Tag: significant | SpinSafe

Google reports a significant surge in zero-day vulnerabilities in 2023

April 3, 2024/in Internet Security

A new report released today by Google LLC’s Threat Analysis Group and Google-owned Mandiant warns that zero-day exploits have become more common amid a rise in nation-state hackers.

The report, “We’re All in this Together: A Year in Review of Zero-Days Exploited In-the-Wild in 2023,” detailed 97 zero-day vulnerabilities observed by Google in 2023, up from 62 in 2023 but down from 106 in 2021. Zero-day attacks exploit a previously unknown vulnerability in software before developers have had the opportunity to fix it.

Of the 97 zero-days tracked in 2023, 36 targeted enterprise-focused technologies, such as security software and devices, while the remaining 61 affected end-user platforms and products, such as mobile devices, operating systems, browsers and other applications.

Adversary exploitation of enterprise-specific technologies jumped 64% over the previous year, with Google also seeing a general increase in the number of enterprise vendors targeted since 2019. Attackers were seen to be shifting to third-party components and libraries in 2023, as zero-day vulnerabilities in both were found to be a prime attack surface in 2023.

Commercial surveillance vendors — companies that develop and sell tools and software designed for monitoring and gathering intelligence, often used by governments — were found to be behind 75% of known zero-day exploits targeting Google products and Android ecosystem devices in 2023. CSVs were also found to be behind 60% of the 37 zero-day vulnerabilities in browsers and mobile devices exploited in 2023.

The report alleges that China was the lead source of government-back exploitation, claiming that Chinese cyber espionage groups exploited 12 zero-day vulnerabilities in 2023, up from seven in 2022.

Another finding in the report was surprising: The Google researchers found that exploitation associated with financially motivated actors proportionally decreased in 2023, with financially motivated actors found to account for only 10 zero-day exploits last year. Threat group FIN11 was found to be behind three of them.

“Exploiting zero-days is no longer a niche capability,” the report notes. “The proliferation of exploit technology…

Source…

Opera found a significant security flaw that could have allowed hackers to run any file they want – but it says everything is now fine

January 17, 2024/in Computer Security

UPDATE: Opera has published a response to the reports, claiming that the flaw is no longer active and has been addressed.

“There is no evidence that the vulnerability was ever exploited, and Opera users’ security was never compromised as a result,” it said. “It’s also important to note that, as mentioned above, the vulnerability would require the installation of a malicious add-on in order to work. This would be very hard to accomplish on Opera, because we employ manual review in our add-ons store – another measure we take to protect users.”

“This vulnerability, which no longer exists, was identified as part of a collaboration with security researchers Guardio Labs, and was subsequently fixed within only five days – as such, Opera users are not at risk.”

Opera, a popular Chromium-based browser, was found carrying a vulnerability that would allow hackers to install pretty much any file on both Windows and macOS operating systems.

The vulnerability was discovered by cybersecurity researchers from Guardio Labs, who notified the browser’s developers and helped it plug the hole.

In its technical writeup, Guardio Labs explained that the flaw stemmed from a feature built into the browser, called My Flow. This is a feature built on a browser extension called Opera Touch Background, which comes preinstalled with the browser and technically can’t be removed.

Abusing a landing page

My Flow allows users to take notes and share files between the desktop and mobile versions of the browser. There is a trend among software developers to allow users a seamless transition between desktop and mobile solutions for both work and play. In this case, however, the feature came at the cost of security.

“The chat-like interface adds an “OPEN” link to any message with an attached file, allowing users to immediately execute the file from the web interface,” the researchers explain. “This indicates that the webpage context can somehow interact with a system API and execute a file from the file system, outside the browser’s usual confines, with no sandbox, no limits.”

The second important factor is the fact that specific, other web pages, as well as extensions, can connect to My Flow. When…

Source…

NCSC warns of enduring and significant threat to UK's critical … – National Cyber Security Centre

November 14, 2023/in Computer Security

NCSC warns of enduring and significant threat to UK’s critical … National Cyber Security Centre

Source…

Ransomware attacks tied to significant increase in cyber insurance claims

September 22, 2023/in Internet Security

Cyberinsurance claims have significantly increased during the first six months of 2023, mostly due to ransomware attacks, according to The Record, a news site by cybersecurity firm Recorded Future.

Almost 20% of cybersecurity incidents involving claims were attributed to ransomware attacks, most of which were linked to the Royal, BlackCat, and LockBit 3.0 ransomware strains, a Coalition report revealed. Average ransomware losses during the first half of 2023 exceeded $365,113, which is the highest on record, while average ransom demands reached $1.62 million, which is 74% higher than the previous year.

While business email compromise claims declined during the first half of the year, funds transfer fraud claims rose by 15% over the same period, yielding losses of below $300,000, which was lower than $410,000 during the same period in 2021.

“The growing sophistication of threat actors and their tactics is a contributing factor in the upward trend in FTF claims severity,” said researchers.

Source…

Tag Archive for: significant