Tag Archive for: vulnerabilities

Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)

/in


Welcome to the Cyber Security News Weekly Round-Up. Each week, we will explore the latest cyber threats, vulnerabilities, and notable stories that have shaped the cybersecurity landscape.

From sophisticated malware attacks to innovative phishing schemes, we cover the crucial updates you need to stay informed and protected.

Threats

Notepad++ Plugin Compromised by Hackers

Hackers have targeted a widely used Notepad++ plugin, “mimeTools.dll,” injecting malicious code that compromises users’ systems upon execution. The attack, discovered by the AhnLab Security Intelligence Center, leverages DLL Hijacking to execute encrypted malicious Shell Code, posing a significant threat to programmers and writers who rely on Notepad++ for its versatility and plugin support; read more.

Weaponized PDF Files Deliver Byakugan Malware

Cybersecurity researchers at Fortinet have uncovered a new attack vector involving weaponized PDF files used to deliver the multi-functional Byakugan malware. By exploiting the trust and popularity of PDFs, hackers have been able to infiltrate systems through malicious codes embedded in seemingly innocuous documents, highlighting the need for heightened awareness and protection against such files.

Fake E-Shopping Attack Targets Banking Credentials

A sophisticated fake e-shop scam campaign has been targeting users in Southeast Asia, hijacking banking credentials through phishing emails and malicious APKs. The attackers have expanded their operations, utilizing screen-sharing and exploiting accessibility services to gain more control over victims’ devices. This campaign underscores the evolving tactics of cybercriminals in their efforts to steal sensitive information.

Rhadamanthys Stealer Targets Oil and Gas Sector

The oil and gas sector has become the latest target of the Rhadamanthys Stealer malware, delivered through weaponized PDF files. This attack emphasizes the ongoing threat to critical infrastructure sectors and the importance of robust cybersecurity measures to protect against such sophisticated threats.

Ransomware Exploits Unpatched Vulnerabilities

A recent report highlights the increasing trend of ransomware attacks exploiting unpatched…

Source…

Google reports a significant surge in zero-day vulnerabilities in 2023

/in


A new report released today by Google LLC’s Threat Analysis Group and Google-owned Mandiant warns that zero-day exploits have become more common amid a rise in nation-state hackers.

The report, “We’re All in this Together: A Year in Review of Zero-Days Exploited In-the-Wild in 2023,” detailed 97 zero-day vulnerabilities observed by Google in 2023, up from 62 in 2023 but down from 106 in 2021. Zero-day attacks exploit a previously unknown vulnerability in software before developers have had the opportunity to fix it.

Of the 97 zero-days tracked in 2023, 36 targeted enterprise-focused technologies, such as security software and devices, while the remaining 61 affected end-user platforms and products, such as mobile devices, operating systems, browsers and other applications.

Adversary exploitation of enterprise-specific technologies jumped 64% over the previous year, with Google also seeing a general increase in the number of enterprise vendors targeted since 2019. Attackers were seen to be shifting to third-party components and libraries in 2023, as zero-day vulnerabilities in both were found to be a prime attack surface in 2023.

Commercial surveillance vendors — companies that develop and sell tools and software designed for monitoring and gathering intelligence, often used by governments — were found to be behind 75% of known zero-day exploits targeting Google products and Android ecosystem devices in 2023. CSVs were also found to be behind 60% of the 37 zero-day vulnerabilities in browsers and mobile devices exploited in 2023.

The report alleges that China was the lead source of government-back exploitation, claiming that Chinese cyber espionage groups exploited 12 zero-day vulnerabilities in 2023, up from seven in 2022.

Another finding in the report was surprising: The Google researchers found that exploitation associated with financially motivated actors proportionally decreased in 2023, with financially motivated actors found to account for only 10 zero-day exploits last year. Threat group FIN11 was found to be behind three of them.

“Exploiting zero-days is no longer a niche capability,” the report notes. “The proliferation of exploit technology…

Source…

Hackers Show Vulnerabilities of RFID-Based Hotel Door Locks

/in


Hackers show vulnerabilities of RFID-based hotel door locks

Apr 02, 2024In a scenario that feels lifted from Oceans 11, a group of hackers have shown the vulnerabilities of RFID-based locks through a hotel room keycard.

A team of security researchers recently revealed a hotel keycard hacking technique they call Unsaflok. The technique exposes a collection of security vulnerabilities that would allow a hacker to open several models of Saflok-brand RFID-based keycard locks sold by lock maker Dormakaba.

The Saflok systems are installed on three million doors worldwide, inside 13,000 properties in 131 countries.

RFID Journal Live

The Hackers Story

As detailed in a story published on Wired, the researchers exploited weaknesses in both Dormakaba’s encryption and the underlying RFID system used, known as MIFARE Classic, according to Ian Carroll and Lennert Wouters.

They started by obtaining any keycard from a target hotel—new or used—in order to read a certain code from that card with a $300 RFID read-write device. After writing two keycards of their own, they were able to first rewrite a certain piece of the lock’s data and then open it.

“Two quick taps and we open the door,” said Wouters, a researcher in the Computer Security and Industrial Cryptography group at the KU Leuven University in Belgium. “And that works on every door in the hotel.”

Dormakaba Solution

Wouters and Carroll shared the full technical details of their hacking technique with Dormakaba in November 2022. Dormakaba says that it’s been working since early last year to make hotels that use Saflok aware of their security flaws and to help them fix or replace the vulnerable locks.

For many of the Saflok systems sold in the last eight years, there’s no hardware replacement necessary for each individual lock. Instead, hotels will only need to update or replace the front desk management system and have a technician carry out a relatively quick reprogramming of each lock, door by door.

But Dormakaba has reportedly only updated 36 percent of installed Safloks. Given that the locks aren’t connected to the internet and some older locks will still need a hardware upgrade, they say the full fix will still likely take months…

Source…

Google Confirms Massive Increase In Zero-Day Vulnerabilities Exploited In Attacks Due To Spyware Vendors

/in


Google has published a new report that speaks about the significant rise in zero-day vulnerabilities that continue to be exploited in attacks from 2023.

Both its Threat Analysis Group, as well as the company’s subsidiary firm Mandiant, mentioned how the figures continue to grow as we speak and a lot of that has to do with spyware vendors.

The figures reached 97 zero-days and that stood for more than a 50% rise when you compare it to the past which was just 62. But despite such an increase, the numbers are still much lower than the rise of 106 seen back in the year 2021.

Both entities collectively witnessed 29 out of the 97 vulnerabilities. They even spoke about 61 impacted end users who made use of Google’s products and services such as mobile phones, browsers, and social media apps.

Furthermore, the rest of them were utilized to attack tech like security software and a host of other leading devices in this regard. As far as the enterprise side is concerned, there’s a mega array of vendors as well as products under target and we’re seeing more specific tech getting impacted as a result of this.

Let’s not forget how they’ve seen that as the years pass by, the faster they’re discovering the patch featuring bugs from attackers and this means shorter lifespans arising due to the exploit in question.

In 2023, plenty of threat actors made use of zero-day vulnerabilities that went up to Figure 10. And interestingly, it was China that was highlighted as being behind most of the attacks that had support from the government. Some of those entailed espionage groups from the country which was a trend moving upward.

In 2023, it was all thanks to commercial surveillance that seemed to be the culprit of these attacks that kept on targeting both Android as well as Google devices.

They include up to 75% of all those zero-day exploitations that kept on hitting the platforms. In addition to that, there were vendors

Other than that, most of the 37 zero-day vulnerabilities found on browsers as well as devices that were exploited in 2023 had Google linking close to 60% of all CSVs that keep on selling spyware to clients in the government.

Way back in February, Google revealed how so many…

Source…