zero days – Page 6 – WindowsTechs.com

Google catches North Korean, Iranian hackers impersonating journalists in phishing efforts

Posted on March 26, 2020 by Jeff Stone

Indiscriminate email hacking campaigns are so 2018. Some attackers have shifted away from sending a high volume of malicious emails in favor of more customized attacks aimed at high value targets. Google’s Threat Analysis Group, which tries to stop state-sponsored hacking, sent nearly 40,000 warnings in 2019 to users alerting them that they were the target of a government-backed phishing attempt. That figure is down by nearly 25% from 2018, the company said in a blog post Thursday. One-in-five of the accounts targeted in 2019 was targeted multiple times. “If at first the attacker does not succeed, they’ll try again using a different lure, different account, or trying to compromise an associate of the target,” Toni Gidwani, a security engineering manager at the company’s Threat Analysis Group, said in the blog post. Yet that drop preceded an uptick in 2020 in attempted attacks. The hackers behind the most recent wave […]

The post Google catches North Korean, Iranian hackers impersonating journalists in phishing efforts appeared first on CyberScoop.

Continue reading Google catches North Korean, Iranian hackers impersonating journalists in phishing efforts→

Verisign, Amazon patch zero-day vulnerability that utilized homoglyph characters

Posted on March 4, 2020 by Shannon Vavra

Verisign has fixed an issue that could have allowed attackers to register bogus domains by using homoglyphs in place of more common characters, due to research from California-based security firm Soluble. Matt Hamilton, principal security researcher at Soluble, discovered the flaw when he attempted to register an Amazon Web Services S3 bucket with Unicode emoji characters. “It was possible to register Latin homoglyph characters, specifically Unicode Latin IPA Extension homoglyphs,” he wrote in a blog released Wednesday. “I then checked if it was possible to register domains with these homoglyph characters. Ruh-roh, it was.” Hamilton called out the abuse of the following characters: The “ɡ” (Voiced Velar Stop) The “ɑ” (Latin Alpha) The “ɩ” (Latin Iota) For years, domain providers have been aware of homoglyph attacks and have put in place restrictions to prevent their exploitation, such as barring the use of both Latin and Cyrillic characters at once. Verisign, which operates […]

The post Verisign, Amazon patch zero-day vulnerability that utilized homoglyph characters appeared first on CyberScoop.

Continue reading Verisign, Amazon patch zero-day vulnerability that utilized homoglyph characters→

5 new vulnerabilities expose the ‘backbone’ of an enterprise network to data theft

Posted on February 5, 2020 by Sean Lyngaas

A protocol that underpins widely used equipment made by telecommunications giant Cisco is vulnerable to multiple data-stealing attacks, researchers warned Wednesday. The five previously unreported vulnerabilities in implementations of the Cisco protocol — found by Armis Security, a California-based company — show the enduring challenge of keeping one insecure device from being a gateway to another for a hacker. The zero-day bugs affect the many voice-over-IP phones, routers, and switches at corporations around the world that use the protocol for communications. A hacker with enough skill and motivation to exploit the vulnerabilities could gain access to a company’s network and then, for example, take over the VOIP phones on the network to steal data or eavesdrop on calls. The routers and switches that are susceptible to the vulnerabilities form “the backbone of [an enterprise] network,” said Ben Seri, Armis’s vice president of research, who wrote a proof-of-concept for an attack on […]

The post 5 new vulnerabilities expose the ‘backbone’ of an enterprise network to data theft appeared first on CyberScoop.

Continue reading 5 new vulnerabilities expose the ‘backbone’ of an enterprise network to data theft→

Bug hunter unveils Cisco zero-days at ShmooCon

Posted on February 3, 2020 by Sean Lyngaas

Looks can be deceiving when a security researcher first studies a piece of code. What might seem mundane or straightforward on the surface — an insecure log-in page, for example — can lead to unexpected results when a security practitioner digs deeper. Without humans scanning for vulnerabilities, bugs are left to fester, and can be exploited to cause real issues if they fall into the wrong hands. That lesson lingers in Ken Pyle’s mind. During a security test for a client last year, Pyle, a partner at the security company DFDR Consulting, examined a networking switch made by Cisco. The equipment is popular with small businesses, including the managed service providers that handle remote connections, because it allows organizations to administer multiple devices across a network. What started as a simple web application vulnerability, upon closer inspection, turned out to be two previously-unreported flaws affecting hundreds of thousands of devices, […]

The post Bug hunter unveils Cisco zero-days at ShmooCon appeared first on CyberScoop.

Continue reading Bug hunter unveils Cisco zero-days at ShmooCon→

Idaho National Lab researcher shines a light on the market for ICS zero-days

Posted on January 22, 2020 by Sean Lyngaas

The market for previously unknown, or zero-day, software exploits has come out of the shadows in recent years as exploit brokers openly advertise million-dollar payouts. But while zero-day brokers like Zerodium and Crowdfense sometimes outline the types of exploits they buy — whether for mobile or desktop devices — much less has been said about the market for exploits that affect industrial control systems (ICS), which support critical infrastructure sectors like energy and transportation. Sarah Freeman, an analyst at the Department of Energy’s Idaho National Laboratory, is trying to help fill that void in data and, in the process, show how the ICS exploit market can be a bellwether for threats. Freeman’s hypothesis was that “if you track these bounties, you can use them as precursors or tripwires for future adversary activity.” She argues that current tallies of zero-day exploits with ICS implications are undercounted. In the first quarter of 2019, […]

The post Idaho National Lab researcher shines a light on the market for ICS zero-days appeared first on CyberScoop.

Continue reading Idaho National Lab researcher shines a light on the market for ICS zero-days→

Google researcher beefs up iMessage security by demonstrating clickless exploit

Posted on January 9, 2020 by Sean Lyngaas

Software exploits that don’t require a victim to click a link to be compromised are an intriguing and growing area of research for white-hat hackers. So it is no surprise that Google’s elite team of hackers, Project Zero, has dug into this stealthy mode of attack in recent months. On Thursday, Samuel Gross laid out how, armed with only a target’s Apple ID, he could remotely compromise an iPhone within minutes to steal passwords, text messages and emails, and activate the camera and microphone. The attack, which exploited an iOS 12.4 vulnerability for which Apple issued a patch in last August, shows how “small design decisions can have significant security consequences,” Gross wrote in a blog post. Gross poked holes in some conventional wisdom around security features used in the iPhone operating system. A data-randomizing security feature known as ASLR meant to guard against exploits “is not as strong in practice,” he […]

The post Google researcher beefs up iMessage security by demonstrating clickless exploit appeared first on CyberScoop.

Continue reading Google researcher beefs up iMessage security by demonstrating clickless exploit→

How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory.

Posted on September 5, 2019 by Shannon Vavra

A Chinese hacking group that has been using tools linked with the National Security Agency might have obtained at least one without breaching NSA systems, according to researchers at cybersecurity company Check Point. The Chinese hacking group APT3, which somehow had in its possession an NSA-linked tool in advance of public leaks in 2016 and 2017, appears to have acquired it by analyzing network traffic on a system that was potentially targeted by the NSA, Check Point says. The theory is that after observing the exploit in the wild, APT3 incorporated it into its own arsenal of attacks with some tweaks, the researchers say. “Check Point learned that the Chinese group was monitoring in-house machines that were compromised by the NSA, capturing the traffic of the attack and was leveraging it to reverse engineer the software vulnerabilities,” the researchers write. Check Point acknowledges that it “can’t prove this beyond any doubt.” The company says it does not know for sure […]

The post How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory. appeared first on CyberScoop.

Continue reading How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory.→

S2 Ep7: iPhone attack, Twitter hack and Android bots – Naked Security Podcast

Posted on September 5, 2019 by Alice Duckett

Episode 7 of the Naked Security podcast is available now! Continue reading S2 Ep7: iPhone attack, Twitter hack and Android bots – Naked Security Podcast→

Apple’s $1 million bug bounty makes a lot more sense after that iOS hacking spree

Posted on September 4, 2019 by Jeff Stone

Say what you will about Apple, but the company certainly knows how to get the security community fired up. Ivan Kristic, Apple’s head of security engineering, announced Aug. 8 at the Black Hat security conference that the company would offer up to $1 million, or $1.5 million under specific conditions, to hackers who disclosed new ways of infiltrating the iPhone’s operating system. That million-dollar promise instantly earned praise as the highest bug bounty offer from a technology company, and seemed to indicate the notoriously inaccessible company was becoming more transparent. The weeks since, though, have demonstrated that the stakes are higher for Apple than initially understood. The company’s stellar security reputation took a hit when Google’s Project Zero announced that hackers had spent two years targeting thousands of iPhones by combining 14 vulnerabilities into five exploit chains that allowed them to spy victims with few limitations. Now, researchers and bug bounty participants […]

The post Apple’s $1 million bug bounty makes a lot more sense after that iOS hacking spree appeared first on CyberScoop.

Continue reading Apple’s $1 million bug bounty makes a lot more sense after that iOS hacking spree→

Zerodium offers $2.5 million for Android zero-days, in keeping with market rates

Posted on September 3, 2019 by Jeff Stone

For the first time, exploit sellers who provide Zerodium with fresh break-in techniques for Android devices can now earn more money from those tools than they would for similar hacks of iOS devices, the company announced Tuesday. The Washington, D.C., firm just updated its price list, promising to pay $2.5 million to hackers who demonstrate a zero-click exploit chain, a powerful tool that requires no user interaction, for Android devices. Compare that to the $1 million reward available for a one-click iOS full chain exploit against iOS, knocked down today from $1.5 million. Zerodium, founded in 2015, is dedicated to purchasing unpatched security vulnerabilities then re-selling those zero-days to corporate and government clients. It didn’t offer any specific explanations for the latest price changes. A security researcher who pays attention to the market said this round of updates might be pointing to some shifts in how Zerodium’s customers view iOS devices. “The change in exploit prices is […]

The post Zerodium offers $2.5 million for Android zero-days, in keeping with market rates appeared first on CyberScoop.

Continue reading Zerodium offers $2.5 million for Android zero-days, in keeping with market rates→