Category Archives: Zero Day

New DeadBolt Ransomware Targets NAT Devices

Posted on by

There’s a new ransomware that targets NAT devices made by QNAP:

The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a .deadbolt file extension.

Instead of creating ransom notes in each folder on the device, the QNAP device’s login page is hijacked to display a screen stating, “WARNING: Your files have been locked by DeadBolt”….

[…]

BleepingComputer is aware of at least fifteen victims of the new DeadBolt ransomware attack, with no specific region being targeted.

As with all ransomware attacks against QNAP devices, the DeadBolt attacks only affect devices accessible to the Internet…

Continue reading New DeadBolt Ransomware Targets NAT Devices

Applying Cleanroom Engineering Techniques such as Formal Verification/Formal Specifications to root out 0-day vulnerabilities such as log4shell? [closed]

Posted on by

I refer to Cleanroom Software Engineering Reference Model (https://kilthub.cmu.edu/articles/journal_contribution/Cleanroom_Software_Engineering_Reference/6572228) and Zero-Defect Software (https://trace.tennessee.edu/cgi/viewcontent.cgi?ar… Continue reading Applying Cleanroom Engineering Techniques such as Formal Verification/Formal Specifications to root out 0-day vulnerabilities such as log4shell? [closed]

More Log4j News

Posted on by

Log4j is being exploited by all sorts of attackers, all over the Internet:

At that point it was reported that there were over 100 attempts to exploit the vulnerability every minute. “Since we started to implement our protection we prevented over 1,272,000 attempts to allocate the vulnerability, over 46% of those attempts were made by known malicious groups,” said cybersecurity company Check Point.

And according to Check Point, attackers have now attempted to exploit the flaw on over 40% of global networks.

And a second vulnerability was found, in the patch for the first vulnerability. This is likely not to be the last…

Continue reading More Log4j News

On the Log4j Vulnerability

Posted on by

It’s serious:

The range of impacts is so broad because of the nature of the vulnerability itself. Developers use logging frameworks to keep track of what happens in a given application. To exploit Log4Shell, an attacker only needs to get the system to log a strategically crafted string of code. From there they can load arbitrary code on the targeted server and install malware or launch other attacks. Notably, hackers can introduce the snippet in seemingly benign ways, like by sending the string in an email or setting it as an account username…

Continue reading On the Log4j Vulnerability

Zero day vulnerabilities & Cybersecurity Supply Chain Risk Management – how to move from a reactive posture to a proactive posture? [duplicate]

Posted on by

I refer to the Log4j logging framework vulnerability – Source: https://www.wired.com/story/log4j-flaw-hacking-internet/
Since software vulnerabilities is an inevitable part of life, and speed is of an essence when it comes to patching vuln… Continue reading Zero day vulnerabilities & Cybersecurity Supply Chain Risk Management – how to move from a reactive posture to a proactive posture? [duplicate]

MacOS Zero-Day Used against Hong Kong Activists

Posted on by

Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected.

From an article:

Google’s researchers were able to trigger the exploits and study them by visiting the websites compromised by the hackers. The sites served both iOS and MacOS exploit chains, but the researchers were only able to retrieve the MacOS one. The zero-day exploit was similar to another in-the-wild vulnerability analyzed by another Google researcher in the past, according to the report…

Continue reading MacOS Zero-Day Used against Hong Kong Activists