zero days – Page 3 – WindowsTechs.com

Malware spammers aim to leverage Kaseya ransomware drama in email campaign

Posted on July 7, 2021 by Tim Starks

First came the ransomware rampage stemming from the breach of Miami-based software firm Kaseya. Now comes a wave of malicious emails seeking capitalize on the rush to find a fix. Security vendor MalwareBytes highlighted the malware spam campaign Tuesday, describing how unidentified attackers send “malspam” messages with both a URL and a file that purports to be a Microsoft update of the Kaseya VSA vulnerability. Clicking on the the link, or “SecurityUpdates.exe,” drops Cobalt Strike on a victim. Cybercriminals have increasingly leveraged that security testing tool for attacks, according to recent research. It’s another example of how cyberattacks can have long tails after their initial infections. The zero-day vulnerability that the ransomware gang REvil apparently used to infiltrate Kaseya systems turned into a way for intruders to access the systems of Kaseya’s managed service provider customers, who provide IT services to a wider range of potential victims. It has turned […]

The post Malware spammers aim to leverage Kaseya ransomware drama in email campaign appeared first on CyberScoop.

Continue reading Malware spammers aim to leverage Kaseya ransomware drama in email campaign→

Belgium uproots cyber-espionage campaign with suspected ties to China

Posted on May 26, 2021 by Tim Starks

A Belgian government ministry said this week that it was the victim of a cyber-espionage campaign that began two years ago, one that has apparent links to Beijing. The Federal Public Service Interior said it began an investigation in March after Microsoft revealed that Chineses state-sponsored hackers had used zero-days to attack its Exchange Server technology. The ministry called in the Centre for Cyber Security Belgium for aid. “The complexity of this attack indicates an actor who has cyber capacities and extensive resources,” the ministry aid in a statement on it website Tuesday. “The perpetrators acted in a targeted manner, which suggests espionage.” A ministry spokesperson didn’t immediately answer a message about whether the attack it endured dating back to 2019 were explicitly linked to the espionage Microsoft first alleged two months ago, instead of merely triggering a probe that uncovered a separate campaign. The earliest reported attacks exploiting the […]

The post Belgium uproots cyber-espionage campaign with suspected ties to China appeared first on CyberScoop.

Continue reading Belgium uproots cyber-espionage campaign with suspected ties to China→

Market for software exploits is often focused on Microsoft flaws, years-old technology

Posted on May 17, 2021 by Sean Lyngaas

Every month Microsoft releases software updates to fix vulnerabilities across the company’s vast line of technology products. The ritual, known as Patch Tuesday, often involves security experts urging users to update their software, and researchers gaining some public recognition after months of quietly working to mitigate the flaws. A new study from antivirus vendor Trend Micro found that cybercriminal forums continue to advertise exploits for a vulnerability years after a patch has been released, though, with sellers adjusting prices to market demand and bundling multiple old exploits together to maximize profits. The study, which spanned nearly two years and numerous illicit marketplaces, found that nearly half of the software exploits requested on forums were for vulnerabilities that were at least three years old. The demand for exploits is also catered to the popularity of software: Microsoft products accounted for 47% of the exploits that forum users requested, according to Trend […]

The post Market for software exploits is often focused on Microsoft flaws, years-old technology appeared first on CyberScoop.

Continue reading Market for software exploits is often focused on Microsoft flaws, years-old technology→

After more than a decade, SentinelOne researchers weed out Dell vulnerabilities

Posted on May 4, 2021 by Tim Starks

Since 2009, vulnerabilities have lurked in Dell drivers that potentially affect hundreds of millions of machines, SentinelOne researchers said on Tuesday. Hackers could use the vulnerabilities to instigate a range of attacks, from ransomware to wipers that can erase hard drives, said J.A. Guerrero-Saade, principle threat researcher at the security firm. “They can basically do whatever they want,” Guerrero-Saade told CyberScoop. Dell released mitigation steps on Tuesday in advance of SentinelOne publishing its research. Those flaws sitting undiscovered for 12 years is not unheard of, despite a whole industry of security researchers dedicated to weeding out bugs that could abet cyberattacks. A 2017 study found that a quarter of zero-day vulnerabilities remain hidden for more than nine and a half years. In the case of the Dell flaws, Guerrero-Saade said their dormant nature reflects a “target-rich environment,” especially as it pertains to drivers that allow computers to communicate with hardware. […]

The post After more than a decade, SentinelOne researchers weed out Dell vulnerabilities appeared first on CyberScoop.

Continue reading After more than a decade, SentinelOne researchers weed out Dell vulnerabilities→

Google releases update to fix another zero-day flaw in Chrome browser

Posted on April 21, 2021 by Shannon Vavra

Google released an updated version of the Chrome browser on Tuesday that included seven security fixes, including a patch for a zero-day flaw that hackers may have actively been exploiting, Google said. Google has been dealing with several serious flaws in recent days. The update details four other vulnerabilities and fixes Google had to roll out this week. Google previously fixed another zero-day flaw on April 12, as well. If the zero-day flaw, classified as CVE-2021-21224, was exploited in concert with another vulnerability, hackers would have been able to execute arbitrary code on victims’ systems. VerSprite Inc’s Jose Martinez reported the vulnerability, which Google describes as a Type Confusion in V8, several days ago, linking it to a proof-of-concept exploit that took advantage of the bug. That proof-of-concept code was available on Twitter, and thus accessible to the public, though there were no reports of attackers leveraging the bug in […]

The post Google releases update to fix another zero-day flaw in Chrome browser appeared first on CyberScoop.

Continue reading Google releases update to fix another zero-day flaw in Chrome browser→

Hackers exploit SonicWall email software in a banner week for zero-day flaws

Posted on April 21, 2021 by Sean Lyngaas

It’s only Wednesday, and it’s already been a banner week for previously unknown exploits in popular security software. Unidentified hackers have exploited three “zero-day,” or newly discovered, vulnerabilities in email software made by SonicWall to access an unnamed victim organization’s network, according to Mandiant, the incident response unit of security firm FireEye. “The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application, to install a backdoor, access files and emails, and move laterally into the victim organization’s network,” Mandiant said in a blog on Tuesday evening. Security fixes are available for the flaws, and SonicWall urged customers to apply them. The news came after Mandiant revealed on Tuesday that suspected Chinese hackers had used bugs in another popular enterprise software made by Pulse Secure to break into government and defense-sector networks. Those breaches followed separate intrusion campaigns allegedly carried out by Russian and Chinese hackers exploiting software made […]

The post Hackers exploit SonicWall email software in a banner week for zero-day flaws appeared first on CyberScoop.

Continue reading Hackers exploit SonicWall email software in a banner week for zero-day flaws→

State-linked hackers hit American, European organizations with Pulse Secure exploits

Posted on April 20, 2021 by Sean Lyngaas

Two hacking groups, including one with ties to China, have in recent months exploited popular enterprise software to break into defense, financial and public sector organizations in the U.S. and Europe, security firm FireEye warned Tuesday. Attackers are exploiting old vulnerabilities — and one new one — in virtual private networking software made by Pulse Secure. Corporations and governments alike use the technology to manage data on their networks, though it has proven a popular foothold for spies over the years. One of the hacking groups in question uses techniques similar to a Chinese state-backed espionage group, according to FireEye incident response unit Mandiant. “We have also uncovered limited evidence to suggest that [the hacking group] operates on behalf of the Chinese government,” Mandiant said in a blog post. The company did not say, specifically, what evidence it uncovered tying the incident to China. More broadly, Mandiant Senior Vice President and […]

The post State-linked hackers hit American, European organizations with Pulse Secure exploits appeared first on CyberScoop.

Continue reading State-linked hackers hit American, European organizations with Pulse Secure exploits→

Google rushes out fix for another Chrome zero-day flaw

Posted on March 15, 2021 by Sean Lyngaas

Google has released an urgent software update for a flaw in the popular Chrome browser amid reports that an exploit for the bug is already available. The vulnerability is in Blink, the feature that Chrome uses to convert HTML code to web pages, and could allow an attacker to execute code remotely or conduct a denial-of-service attack on a machine, according to IBM. An anonymous researcher reported the issue to Google on March 9, and the company released a fix for the bug on March 12. It’s the third so-called zero-day, or previously unknown, vulnerability that Chrome has addressed this year. It’s an example of the high-stakes cat-and-mouse game between attackers searching for holes in popular software and vendors moving to plug them. In a blog post, Google Chrome’s Prudhvikumar Bommana did not offer additional details on the bug. “Access to bug details and links may be kept restricted until […]

The post Google rushes out fix for another Chrome zero-day flaw appeared first on CyberScoop.

Continue reading Google rushes out fix for another Chrome zero-day flaw→

Amid widespread Exchange Server attacks, Microsoft issues patch for older versions

Posted on March 9, 2021 by Shannon Vavra

Microsoft issued a patch late Monday evening for older, unsupported versions of Microsoft Exchange servers in an attempt to lessen the blow of hackers exploiting recently uncovered software flaws. Microsoft released a security update earlier this month to address the four zero-day flaws in Exchange Server email software, which suspected Chinese hackers are actively exploiting as part of an espionage operation aimed at stealing the contents of targets’ emails. But those updates only addressed Exchange Server versions 2013 to 2019. “This is intended only as a temporary measure to help you protect vulnerable machines right now,” the Exchange Team at Microsoft warned in a blog post. The best course of action would be to update to the latest version and apply the patch, the company said. System administrators should be advised that the updates for unsupported Exchange Servers only address the four zero-day flaws revealed early this month, Microsoft said. […]

The post Amid widespread Exchange Server attacks, Microsoft issues patch for older versions appeared first on CyberScoop.

Continue reading Amid widespread Exchange Server attacks, Microsoft issues patch for older versions→

Federal officials scramble to assess widening Microsoft Exchange Server fallout

Posted on March 6, 2021 by Sean Lyngaas

The fallout from critical Microsoft software bugs exploited by suspected Chinese hackers deepened on Saturday as incident responders warned that state and local organizations across the U.S. could be exposed to the vulnerabilities. Federal officials rushed to get a better sense of the potential impact of the hacking amid multiple media reports that tens of thousands of organizations could be impacted by vulnerabilities as other hacking groups, in addition to the alleged Chinese, moved to exploit bugs in widely used Microsoft technology. Officials at the Department of Homeland Security’s cybersecurity agency held phone briefings with state and local officials Friday and Saturday to assess the scope of the compromises, and the White House National Security Council urged vulnerable organizations to “take immediate measures” to determine if they were affected. Two DHS officials said the agency was still gathering data on how many organizations might be breached. The malicious activity […]

The post Federal officials scramble to assess widening Microsoft Exchange Server fallout appeared first on CyberScoop.

Continue reading Federal officials scramble to assess widening Microsoft Exchange Server fallout→