zero days – Page 2 – WindowsTechs.com

Likely state-based hackers infected Hong Kong websites to spy on Apple users, Google says

Posted on November 12, 2021 by Tim Starks

Suspected foreign government-backed hackers infected websites belonging to a Hong Kong-based media outlet and a pro-democracy group in a bid to install malware on visitors’ Apple devices, Google researchers say. Google’s Threat Analysis Center discovered the watering hole attack in August, which relied on a previously unreported backdoor, or zero-day flaw. “Based on our findings, we believe this threat actor to be a well-resourced group, likely state backed, with access to their own software engineering team based on the quality of the payload code,” Google’s Eyre Hernandez wrote in a blog post on Thursday. While Google didn’t attribute the attackers to a specific nation, China has long been suspected of conducting cyber-espionage and sowing disinformation aimed at democracy advocates in Hong Kong. The hackers relied on a previously known vulnerability in macOS Catalina to set up the backdoor, Google said. Apple patched the zero-day flaw on Sept. 23. The backdoor […]

The post Likely state-based hackers infected Hong Kong websites to spy on Apple users, Google says appeared first on CyberScoop.

Continue reading Likely state-based hackers infected Hong Kong websites to spy on Apple users, Google says→

Google pushes emergency update for Chrome zero-days, the latest in a hectic year for vulnerabilities

Posted on October 1, 2021 by Tim Starks

Google Chrome has issued emergency updates for two zero-day flaws that attackers are exploiting, the second pair for the browser in a month. It’s been a record year for such flaws, which previously unknown to the vendor. Chrome itself has caught 12 zero-days to date in 2021 compared to eight in all of 2020, according to Google’s Project Zero “0day in the Wild” database, which tracks zero-days. By many measurements, Chrome is the world’s most popular browser, with one report putting its user count at nearly 3.3 billion. That makes it a lucrative target for hackers. There doesn’t appear to be just one answer for the rise in zero-days in 2021, even as more people seem to invest in hacking techniques. Defenders are also improving their own detection skills. “Google is aware the exploits” for the two flaws “exist in the wild,” the company wrote on Thursday. Google otherwise didn’t […]

The post Google pushes emergency update for Chrome zero-days, the latest in a hectic year for vulnerabilities appeared first on CyberScoop.

Continue reading Google pushes emergency update for Chrome zero-days, the latest in a hectic year for vulnerabilities→

Malware spammers aim to leverage Kaseya ransomware drama in email campaign

Posted on July 7, 2021 by Tim Starks

First came the ransomware rampage stemming from the breach of Miami-based software firm Kaseya. Now comes a wave of malicious emails seeking capitalize on the rush to find a fix. Security vendor MalwareBytes highlighted the malware spam campaign Tuesday, describing how unidentified attackers send “malspam” messages with both a URL and a file that purports to be a Microsoft update of the Kaseya VSA vulnerability. Clicking on the the link, or “SecurityUpdates.exe,” drops Cobalt Strike on a victim. Cybercriminals have increasingly leveraged that security testing tool for attacks, according to recent research. It’s another example of how cyberattacks can have long tails after their initial infections. The zero-day vulnerability that the ransomware gang REvil apparently used to infiltrate Kaseya systems turned into a way for intruders to access the systems of Kaseya’s managed service provider customers, who provide IT services to a wider range of potential victims. It has turned […]

The post Malware spammers aim to leverage Kaseya ransomware drama in email campaign appeared first on CyberScoop.

Continue reading Malware spammers aim to leverage Kaseya ransomware drama in email campaign→

Belgium uproots cyber-espionage campaign with suspected ties to China

Posted on May 26, 2021 by Tim Starks

A Belgian government ministry said this week that it was the victim of a cyber-espionage campaign that began two years ago, one that has apparent links to Beijing. The Federal Public Service Interior said it began an investigation in March after Microsoft revealed that Chineses state-sponsored hackers had used zero-days to attack its Exchange Server technology. The ministry called in the Centre for Cyber Security Belgium for aid. “The complexity of this attack indicates an actor who has cyber capacities and extensive resources,” the ministry aid in a statement on it website Tuesday. “The perpetrators acted in a targeted manner, which suggests espionage.” A ministry spokesperson didn’t immediately answer a message about whether the attack it endured dating back to 2019 were explicitly linked to the espionage Microsoft first alleged two months ago, instead of merely triggering a probe that uncovered a separate campaign. The earliest reported attacks exploiting the […]

The post Belgium uproots cyber-espionage campaign with suspected ties to China appeared first on CyberScoop.

Continue reading Belgium uproots cyber-espionage campaign with suspected ties to China→

Market for software exploits is often focused on Microsoft flaws, years-old technology

Posted on May 17, 2021 by Sean Lyngaas

Every month Microsoft releases software updates to fix vulnerabilities across the company’s vast line of technology products. The ritual, known as Patch Tuesday, often involves security experts urging users to update their software, and researchers gaining some public recognition after months of quietly working to mitigate the flaws. A new study from antivirus vendor Trend Micro found that cybercriminal forums continue to advertise exploits for a vulnerability years after a patch has been released, though, with sellers adjusting prices to market demand and bundling multiple old exploits together to maximize profits. The study, which spanned nearly two years and numerous illicit marketplaces, found that nearly half of the software exploits requested on forums were for vulnerabilities that were at least three years old. The demand for exploits is also catered to the popularity of software: Microsoft products accounted for 47% of the exploits that forum users requested, according to Trend […]

The post Market for software exploits is often focused on Microsoft flaws, years-old technology appeared first on CyberScoop.

Continue reading Market for software exploits is often focused on Microsoft flaws, years-old technology→

After more than a decade, SentinelOne researchers weed out Dell vulnerabilities

Posted on May 4, 2021 by Tim Starks

Since 2009, vulnerabilities have lurked in Dell drivers that potentially affect hundreds of millions of machines, SentinelOne researchers said on Tuesday. Hackers could use the vulnerabilities to instigate a range of attacks, from ransomware to wipers that can erase hard drives, said J.A. Guerrero-Saade, principle threat researcher at the security firm. “They can basically do whatever they want,” Guerrero-Saade told CyberScoop. Dell released mitigation steps on Tuesday in advance of SentinelOne publishing its research. Those flaws sitting undiscovered for 12 years is not unheard of, despite a whole industry of security researchers dedicated to weeding out bugs that could abet cyberattacks. A 2017 study found that a quarter of zero-day vulnerabilities remain hidden for more than nine and a half years. In the case of the Dell flaws, Guerrero-Saade said their dormant nature reflects a “target-rich environment,” especially as it pertains to drivers that allow computers to communicate with hardware. […]

The post After more than a decade, SentinelOne researchers weed out Dell vulnerabilities appeared first on CyberScoop.

Continue reading After more than a decade, SentinelOne researchers weed out Dell vulnerabilities→

Google releases update to fix another zero-day flaw in Chrome browser

Posted on April 21, 2021 by Shannon Vavra

Google released an updated version of the Chrome browser on Tuesday that included seven security fixes, including a patch for a zero-day flaw that hackers may have actively been exploiting, Google said. Google has been dealing with several serious flaws in recent days. The update details four other vulnerabilities and fixes Google had to roll out this week. Google previously fixed another zero-day flaw on April 12, as well. If the zero-day flaw, classified as CVE-2021-21224, was exploited in concert with another vulnerability, hackers would have been able to execute arbitrary code on victims’ systems. VerSprite Inc’s Jose Martinez reported the vulnerability, which Google describes as a Type Confusion in V8, several days ago, linking it to a proof-of-concept exploit that took advantage of the bug. That proof-of-concept code was available on Twitter, and thus accessible to the public, though there were no reports of attackers leveraging the bug in […]

The post Google releases update to fix another zero-day flaw in Chrome browser appeared first on CyberScoop.

Continue reading Google releases update to fix another zero-day flaw in Chrome browser→

Hackers exploit SonicWall email software in a banner week for zero-day flaws

Posted on April 21, 2021 by Sean Lyngaas

It’s only Wednesday, and it’s already been a banner week for previously unknown exploits in popular security software. Unidentified hackers have exploited three “zero-day,” or newly discovered, vulnerabilities in email software made by SonicWall to access an unnamed victim organization’s network, according to Mandiant, the incident response unit of security firm FireEye. “The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application, to install a backdoor, access files and emails, and move laterally into the victim organization’s network,” Mandiant said in a blog on Tuesday evening. Security fixes are available for the flaws, and SonicWall urged customers to apply them. The news came after Mandiant revealed on Tuesday that suspected Chinese hackers had used bugs in another popular enterprise software made by Pulse Secure to break into government and defense-sector networks. Those breaches followed separate intrusion campaigns allegedly carried out by Russian and Chinese hackers exploiting software made […]

The post Hackers exploit SonicWall email software in a banner week for zero-day flaws appeared first on CyberScoop.

Continue reading Hackers exploit SonicWall email software in a banner week for zero-day flaws→

State-linked hackers hit American, European organizations with Pulse Secure exploits

Posted on April 20, 2021 by Sean Lyngaas

Two hacking groups, including one with ties to China, have in recent months exploited popular enterprise software to break into defense, financial and public sector organizations in the U.S. and Europe, security firm FireEye warned Tuesday. Attackers are exploiting old vulnerabilities — and one new one — in virtual private networking software made by Pulse Secure. Corporations and governments alike use the technology to manage data on their networks, though it has proven a popular foothold for spies over the years. One of the hacking groups in question uses techniques similar to a Chinese state-backed espionage group, according to FireEye incident response unit Mandiant. “We have also uncovered limited evidence to suggest that [the hacking group] operates on behalf of the Chinese government,” Mandiant said in a blog post. The company did not say, specifically, what evidence it uncovered tying the incident to China. More broadly, Mandiant Senior Vice President and […]

The post State-linked hackers hit American, European organizations with Pulse Secure exploits appeared first on CyberScoop.

Continue reading State-linked hackers hit American, European organizations with Pulse Secure exploits→

Google rushes out fix for another Chrome zero-day flaw

Posted on March 15, 2021 by Sean Lyngaas

Google has released an urgent software update for a flaw in the popular Chrome browser amid reports that an exploit for the bug is already available. The vulnerability is in Blink, the feature that Chrome uses to convert HTML code to web pages, and could allow an attacker to execute code remotely or conduct a denial-of-service attack on a machine, according to IBM. An anonymous researcher reported the issue to Google on March 9, and the company released a fix for the bug on March 12. It’s the third so-called zero-day, or previously unknown, vulnerability that Chrome has addressed this year. It’s an example of the high-stakes cat-and-mouse game between attackers searching for holes in popular software and vendors moving to plug them. In a blog post, Google Chrome’s Prudhvikumar Bommana did not offer additional details on the bug. “Access to bug details and links may be kept restricted until […]

The post Google rushes out fix for another Chrome zero-day flaw appeared first on CyberScoop.

Continue reading Google rushes out fix for another Chrome zero-day flaw→