Zero Day – Page 21 – WindowsTechs.com

New DeadBolt Ransomware Targets NAT Devices

Posted on January 26, 2022 by Bruce Schneier

There’s a new ransomware that targets NAT devices made by QNAP:

The attacks started today, January 25th, with QNAP devices suddenly finding their files encrypted and file names appended with a .deadbolt file extension.

Instead of creating ransom notes in each folder on the device, the QNAP device’s login page is hijacked to display a screen stating, “WARNING: Your files have been locked by DeadBolt”….

[…]

BleepingComputer is aware of at least fifteen victims of the new DeadBolt ransomware attack, with no specific region being targeted.

As with all ransomware attacks against QNAP devices, the DeadBolt attacks only affect devices accessible to the Internet…

Continue reading New DeadBolt Ransomware Targets NAT Devices→

Applying Cleanroom Engineering Techniques such as Formal Verification/Formal Specifications to root out 0-day vulnerabilities such as log4shell? [closed]

Posted on December 17, 2021 by Nathan Aw

I refer to Cleanroom Software Engineering Reference Model (https://kilthub.cmu.edu/articles/journal_contribution/Cleanroom_Software_Engineering_Reference/6572228) and Zero-Defect Software (https://trace.tennessee.edu/cgi/viewcontent.cgi?ar… Continue reading Applying Cleanroom Engineering Techniques such as Formal Verification/Formal Specifications to root out 0-day vulnerabilities such as log4shell? [closed]→

More Log4j News

Posted on December 16, 2021 by Bruce Schneier

Log4j is being exploited by all sorts of attackers, all over the Internet:

At that point it was reported that there were over 100 attempts to exploit the vulnerability every minute. “Since we started to implement our protection we prevented over 1,272,000 attempts to allocate the vulnerability, over 46% of those attempts were made by known malicious groups,” said cybersecurity company Check Point.

And according to Check Point, attackers have now attempted to exploit the flaw on over 40% of global networks.

And a second vulnerability was found, in the patch for the first vulnerability. This is likely not to be the last…

Continue reading More Log4j News→

Blocking outbound connections to mitigate CVE-2021-44228 log4j?

Posted on December 14, 2021 by poke

As I understand it, a successful exploit requires a connection to an external server to download a payload. If a device can’t be patched or otherwise mitigated, does restricting its outbound access prevent a successful exploit?
Assuming th… Continue reading Blocking outbound connections to mitigate CVE-2021-44228 log4j?→

On the Log4j Vulnerability

Posted on December 14, 2021 by Bruce Schneier

It’s serious:

The range of impacts is so broad because of the nature of the vulnerability itself. Developers use logging frameworks to keep track of what happens in a given application. To exploit Log4Shell, an attacker only needs to get the system to log a strategically crafted string of code. From there they can load arbitrary code on the targeted server and install malware or launch other attacks. Notably, hackers can introduce the snippet in seemingly benign ways, like by sending the string in an email or setting it as an account username…

Continue reading On the Log4j Vulnerability→

Zero day vulnerabilities & Cybersecurity Supply Chain Risk Management – how to move from a reactive posture to a proactive posture? [duplicate]

Posted on December 12, 2021 by Nathan Aw

I refer to the Log4j logging framework vulnerability – Source: https://www.wired.com/story/log4j-flaw-hacking-internet/
Since software vulnerabilities is an inevitable part of life, and speed is of an essence when it comes to patching vuln… Continue reading Zero day vulnerabilities & Cybersecurity Supply Chain Risk Management – how to move from a reactive posture to a proactive posture? [duplicate]→

Check your patches – public exploit now out for critical Exchange bug

Posted on November 23, 2021 by Paul Ducklin

It was a zero-day bug until Patch Tuesday, now there’s an anyone-can-use-it exploit. Don’t be the one who hasn’t patched. Continue reading Check your patches – public exploit now out for critical Exchange bug→

MacOS Zero-Day Used against Hong Kong Activists

Posted on November 12, 2021 by Bruce Schneier

Google researchers discovered a MacOS zero-day exploit being used against Hong Kong activists. It was a “watering hole” attack, which means the malware was hidden in a legitimate website. Users visiting that website would get infected.

From an article:

Google’s researchers were able to trigger the exploits and study them by visiting the websites compromised by the hackers. The sites served both iOS and MacOS exploit chains, but the researchers were only able to retrieve the MacOS one. The zero-day exploit was similar to another in-the-wild vulnerability analyzed by another Google researcher in the past, according to the report…

Continue reading MacOS Zero-Day Used against Hong Kong Activists→

Why is 0-day called a 0-day? [closed]

Posted on November 6, 2021 by Nathan Aw

Why is 0-day called a 0-day? Why not just call 0-day a previously unknown vulnerability (PUV)?

Continue reading Why is 0-day called a 0-day? [closed]→

US Blacklists NSO Group

Posted on November 4, 2021 by Bruce Schneier

The Israeli cyberweapons arms manufacturer — and human rights violator, and probably war criminal — NSO Group has been added to the US Department of Commerce’s trade blacklist. US companies and individuals cannot sell to them. Aside f… Continue reading US Blacklists NSO Group→