Tag Archive for: Vendors

Google Confirms Massive Increase In Zero-Day Vulnerabilities Exploited In Attacks Due To Spyware Vendors

/in


Google has published a new report that speaks about the significant rise in zero-day vulnerabilities that continue to be exploited in attacks from 2023.

Both its Threat Analysis Group, as well as the company’s subsidiary firm Mandiant, mentioned how the figures continue to grow as we speak and a lot of that has to do with spyware vendors.

The figures reached 97 zero-days and that stood for more than a 50% rise when you compare it to the past which was just 62. But despite such an increase, the numbers are still much lower than the rise of 106 seen back in the year 2021.

Both entities collectively witnessed 29 out of the 97 vulnerabilities. They even spoke about 61 impacted end users who made use of Google’s products and services such as mobile phones, browsers, and social media apps.

Furthermore, the rest of them were utilized to attack tech like security software and a host of other leading devices in this regard. As far as the enterprise side is concerned, there’s a mega array of vendors as well as products under target and we’re seeing more specific tech getting impacted as a result of this.

Let’s not forget how they’ve seen that as the years pass by, the faster they’re discovering the patch featuring bugs from attackers and this means shorter lifespans arising due to the exploit in question.

In 2023, plenty of threat actors made use of zero-day vulnerabilities that went up to Figure 10. And interestingly, it was China that was highlighted as being behind most of the attacks that had support from the government. Some of those entailed espionage groups from the country which was a trend moving upward.

In 2023, it was all thanks to commercial surveillance that seemed to be the culprit of these attacks that kept on targeting both Android as well as Google devices.

They include up to 75% of all those zero-day exploitations that kept on hitting the platforms. In addition to that, there were vendors

Other than that, most of the 37 zero-day vulnerabilities found on browsers as well as devices that were exploited in 2023 had Google linking close to 60% of all CSVs that keep on selling spyware to clients in the government.

Way back in February, Google revealed how so many…

Source…

Cyber Vendors or Cyber-Criminals: Who’s Winning the Race for the Brows

/in


From the rollout of text-to-image generation tools like DALL-E to natural language processing platforms such as ChatGPT, wowing in their ability to write resumes, scientific papers and more, it has been a breakthrough 12 months for artificial intelligence (AI). 

Many industries are already embracing these advances. Market research, copywriting, time management, coding and customer service are all purposes for which ChatGPT, and its rival platforms, are being leveraged by businesses. However, it’s not just corporations tapping into AI’s potential.

With the emergence of ever more useful tools, threat actors have also become empowered to find and develop increasingly sophisticated threat campaigns designed to exploit common vulnerabilities facing enterprises in 2023.

At Menlo Security, we have seen a major uptick in the use of highly evasive attacks targeting the browser, in part driven by this increasingly easy access to AI tools that even amateur attackers can use to create malware or viruses.

It’s an adjustment that adversaries have made in response to the changing working norms. Where many organizations have continued to embrace remote and flexible policies post-Covid, employees are enjoying the freedom of working wherever, whenever and however it best suits them – be it from the office, at home or on the go, both within and outside of the traditional 9 to 5. 

To facilitate this, enterprises have embraced cloud-based models – a dynamic in which the browser has become the central hub of operations. In fact, Google reports that the average employee spends as much as 75% of their working day using a web browser. 

As threat actors have adapted, cultivating an increasingly expansive and sophisticated arsenal of browser-based attack methods in response, 80% of breaches are now estimated to come through the browser.

Adapting Security Strategies

The spike in browser-focused cyber-attacks is, of course, a problem and one that has seen a range of policies deployed to find a resolution. 

Recently, it was reported that Google is running a pilot scheme to encourage selected staff members (around 2500) to work without access to the internet, the…

Source…

Spyware vendors use exploit chains to take advantage of patch delays in mobile ecosystem

/in


Several commercial spyware vendors developed and used zero-day exploits against iOS and Android users last year. However, their exploit chains also relied on known vulnerabilities to work, highlighting the importance of both users and device manufacturers to speed up the adoption of security patches.

“The zero-day exploits were used alongside n-day exploits and took advantage of the large time gap between the fix release and when it was fully deployed on end-user devices,” researchers with Google’s Threat Analysis Group (TAG) said in a report detailing the attack campaigns. “Our findings underscore the extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments with the technical expertise to develop and operationalize exploits.”

The iOS spyware exploit chain

Apple has a much tighter grip on its mobile ecosystem being both the sole hardware manufacturer of iOS devices and the creator of the software running on them. As such, iPhones and iPads have historically had a much better patch adoption rate than Android, where Google creates the base OS and then tens of device manufacturers customize it for their own products and maintain their own separate firmware.

In November 2022, Google TAG detected an attack campaign via SMS that targeted both iOS and Android users in Italy, Malaysia, and Kazakhstan using exploit chains for both platforms. The campaign involved bit.ly shortened URLs that, when clicked, directed users to a web page delivering the exploits then redirected them to legitimate websites, such as the shipment tracking portal for Italian logistics company BRT or a popular news site from Malaysia.

The iOS exploit chain combined a remote code execution vulnerability in WebKit, Apple’s website rendering engine used in Safari and iOS, that was unknown and unpatched at the time. The flaw, now tracked as CVE-2022-42856, was patched in January after Google TAG reported it to Apple.

However, a remote code execution flaw in the web browser engine is not enough to compromise a device, because mobile operating systems like iOS and Android use sandboxing techniques to limit the privileges of the browser….

Source…

EHR Vendors’ Disclosures Are Latest Security Risk Reminders

/in


Breach Notification
,
Critical Infrastructure Security
,
HIPAA/HITECH

QRS Inc. Reports Patient Portal Hack; Philips Reveals TASY EMR Security Flaws

Marianne Kolbasuk McGee (HealthInfoSec) •
November 5, 2021    

EHR Vendors' Disclosures Are Latest Security Risk Reminders

A recent large hacking incident and a separate vulnerability disclosure involving two different vendors’ products related to electronic health records serve as the latest reminders of the potential risks these systems can pose to patients’ protected health information.

See Also: Finding New Ways to Disrupt Ransomware Operations

Tennessee-based QRS Inc., vendor of the Paradigm practice management and electronic health records systems, on Oct. 22 reported to the Department of Health and Human Services a hacking IT incident involving a patient portal server affecting nearly 320,000 individuals’ PHI.

Meanwhile, in a separate development, medical technology vendor Philips Healthcare and the Cybersecurity and Infrastructure Security Agency on Thursday each issued security advisories concerning two SQL vulnerabilities identified in the Philips TASY Electronic Medical Record HTML5 system, versions 3.06.1803 and prior.


The Philips EMR vulnerabilities, if exploited, pose risks to patient data confidentiality, the advisories say.

The two situations “are another reminder of how vulnerable the entire healthcare system is from the standpoint of cybersecurity,” says George Jackson, a senior principal consultant at privacy and security consultancy Clearwater.

“One is an example of a serious vulnerability requiring a…

Source…