Tag Archive for: zerodays

Week in review: MS Exchange zero-days exploited, AD attack paths, developing secure APIs

/in


OPIS

SpyCast: Cross-platform mDNS enumeration tool
SpyCast is a cross-platform mDNS enumeration tool that can work either in active mode by recursively querying services or in passive mode by only listening to multicast packets.

Attackers use novel technique, malware to compromise hypervisors and virtual machines
Unknown attackers wielding novel specialized malware have managed to compromise VMware ESXi hypervisors and guest Linux and Windows virtual machines, Mandiant threat analysts have discovered.

To encrypt or to destroy? Ransomware affiliates plan to try the latter
Researchers from Symantec, Cyderes and Stairwell have recently analyzed a new version of the Exmatter data exfiltration tool and have spotted a new capability: data corruption.

MS SQL servers are getting hacked to deliver ransomware to orgs
Cybercriminals wielding the FARGO (aka Mallox, aka TargetCompany) ransomware are targeting Microsoft SQL (MS SQL) servers, AhnLab’s ASEC analysis team has warned.

3 ways to gauge your company’s preparedness to recover from data loss
Where you store your data backup is nearly as important as creating copies in the first place. Storing your data in the cloud does not mean it is secure.

Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)
Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers.

Phishing attacks skyrocketing, over 1 million observed
The APWG’s Phishing Activity Trends Report reveals that in the second quarter of 2022, the APWG observed 1,097,811 total phishing attacks — the worst quarter for phishing that APWG has ever observed.

RCE in Sophos Firewall is being exploited in the wild (CVE-2022-3236)
Sophos has patched an actively exploited remote code execution vulnerability (CVE-2022-3236) in its Firewall solutions, and has pushed the fix to customers who have automatic installation of hotfixes enabled.

The various ways ransomware impacts your organization
Despite increased investment in tools to fight ransomware, 90% of organizations were affected by ransomware in some capacity over the past 12 months, according to SpyCloud’s 2022 Ransomware Defense…

Source…

The mother of all ‘zero-days’ — immortal flaws in semiconductor chips

/in


The CHIPS Act of 2022 was signed into law on Aug. 9. It provides tens of billions of dollars in public support for revitalization of domestic semiconductor manufacturing, workforce training, and “leap ahead” wireless technology. Because we outsource most of our device fabrication — including the chips that go into the Navy’s submarines and ships, the Army’s jeeps and tanks, military drones and satellites — our industrial base has become weak and shallow. The first order of business for the CHIPS Act is to address a serious deficit in our domestic production capacity. 

Notoriously absent from the language of the bill is any mention of chip security. Consequently, the U.S. is about to make the same mistake with microelectronics that we made with digital networks and software applications: Unless and until the government demands in-device security, our competitors will have an easy time of manipulating how chips function and behave. Nowhere is this more dangerous than our national security infrastructure.

For the first quarter-century of ubiquitous internet access, policy makers and industry leaders did not imagine — literally could not conceive — a deliberate electronic intrusion from an ideological adversary.

Now they hit us almost at will.

Deterrence has proven to be an obviously insufficient policy alternative. Western civil societies — our power stations, waste processing facilities, and hospitals — are paying a heavy price for their porous defenses and cyber naivete.

Every chip starts life as a software program before it is fabricated, mostly in Asia, and mostly in Taiwan, into a chip. The process that transforms design code into “sand in the hand” silicon is just as vulnerable today as consumer applications were in the early 2010s, and for all the same reasons. The impact is deeper and more penetrating because once a chip is compromised, it is nearly impossible to patch. It might be in space or under an ocean. Our enemies know this too.

Undetected vulnerabilities, called “zero-days,” are endemic to and ubiquitous in all digital systems. They remain dormant until activated by someone who is trying to ransom data, steal data, or…

Source…

Android more vulnerabilities, iOS more zero-days

/in


smartphone

Mobile security company Zimperium has released its annual mobile threat report where security trends and discoveries in the year that passed lay the groundwork for predicting what’s coming in 2022. 

In general, the focus of malicious actors on mobile platforms has increased compared to previous years, mainly due to the push of the global workforce to remote working.

This focus manifested in more significant malware distribution volumes, phishing and smishing attacks, and more efforts to discover and leverage zero-day exploits.

Volume of phishing sites targeting mobile users
Volume of phishing sites targeting mobile users (Zimperium)

Zero-day vulnerabilities are publicly disclosed or actively exploited bugs with no fixes available from the vendor or developers. As it is vital to fix zero-day bugs, vendors typically rush to release security updates once they are disclosed.

However, according to Zimperium’s client stats and a survey conducted for the report, only about 42% of people working in BYOD (bring your own device) environments applied high-priority fixes within two days from their release.

Roughly one-third required up to a week, while a significant 20% hadn’t patched their mobile devices before reaching the two-week mark.

Threats by region

In 2021, actors focused more on remote workforce or on-premise mobile devices, leading to increased malicious network scans and man-in-the-middle (MiTM) attacks. These attacks are aimed at stealing sensitive information that plays a crucial role in more significant attacks against corporate networks.

The most prevalent threats for each region of the world in 2021 were the following:

  • Asia/Pacific – malicious websites, malware, MiTM
  • Africa – malware
  • Europe – malware, malicious local scans, MiTM
  • North America – malware, MiTM
  • South America- malware, malicious local scans

Globally, mobile malware was a problem encountered in 23% of all endpoints protected by Zimperium in 2021, followed by MiTM (13%), malicious websites (12%), and scans (12%).

Types of mobile threats logged globally in 2021
Types of mobile threats logged globally in 2021 (Zimperium)

Android vs. iOS

The mobile operating systems market is dominated by a duopoly of Android and iOS, so inevitably, all comparisons under any spectrum revolve around those…

Source…

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days – Threatpost

/in


  1. Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days  Threatpost
  2. Microsoft January 2022 Patch Tuesday: Six zero-days, over 90 vulnerabilities fixed  ZDNet
  3. Microsoft January 2022 Patch Tuesday fixes 6 zero-days, 97 flaws  BleepingComputer
  4. First Patch Tuesday of 2022 Brings Fix for a Critical ‘Wormable’ Windows Vulnerability  The Hacker News
  5. ‘Wormable’ Flaw Leads January 2022 Patch Tuesday – Krebs on Security  Krebs on Security
  6. View Full Coverage on Google News

Source…