Items tagged with Zero-Day
Companies like Microsoft and others are potentially getting more time to fix zero-day vulnerabilities before Google's Project Zero team discloses them to the public, as part of a new policy change for 2021. At the same time, end users can potentially expect zero-day security patches to arrive quicker and be more thorough. How so? On the surface, giving companies additional time to stomp out bugs seems counterintuitive to users receiving more timely patches for newly discovered vulnerabilities. And perhaps it will work out that way. But on the surface, the new "90+30" trial, as Project Zero calls the policy change, looks like a win-win for all involved. Under last year's policy, Project Zero held...
Read more...
With everyone using Zoom for both work and school, a vulnerability in the software can be especially concerning. This week, researchers competing in a zero-day hunting competition found a bug in Zoom that allowed them to remotely execute code without any necessary action from the target. This find netted the researchers a sum of cash and the concern of Zoom customers everywhere. Pwn2Own is a zero-day hunting contest organized by the Zero Day Initiative, which brings white hat hackers together to make software better by finding vulnerabilities. The multi-day event uncovered many issues in software, but the most interesting one that could have the most impact is with Zoom. We're still confirming...
Read more...
Google has released a new version of Google Chrome today after tackling two more high-profile, zero-day exploits. Over the last several weeks, Google has found multiple attack vectors and has been squashing them at a rapid pace, so this is just a couple more on the pile. Users are advised to upgrade Chrome ASAP, as the risk for these exploits is ranked “High” by Google. At the end of October, Google took care of several exploits that came up through Project Zero. The new exploits that were discovered make it seem like Google Chrome is Swiss cheese with all the security holes, but they are being patched at the very least. The first vulnerability, given the designation CVE-2020-16013,...
Read more...
Sophos has published an emergency security update to patch a zero-day vulnerability in its XG enterprise firewall product. The patch plugs a hole that was being abused in the wild by hackers. Sophos says that it learned of the zero-they exploit on Wednesday of last week, after receiving a report from one of its customers. The customer reported that it had seen "a suspicious field value visible in the management interface." After investigation, Sophos determined that it was an active attack on both physical and virtual XG Firewall systems, and not a misconfiguration in its product. The hackers were abusing an SQL injection bug in its database to steal passwords. Sophos says that the attack...
Read more...
Earlier this week, it was reported that a zero-day exploit has been running in the wild that targets the iOS Mail app. First discovered by the researchers at ZecOps, the vulnerability has been labeled as "zero-click" because it allegedly needs no intervention from the user to attack an iPhone or iPad running even the most recent versions of iOS 13. A total of two vulnerabilities were found by ZecOps, which included the possibility for remote code execution. Now, Apple is responding, and it is trying to throw some cold water on the severity of these exploits. The company released the following statement to news organizations on Friday: Apple takes all reports of security threats seriously....
Read more...
If you're an Apple iPhone or iPad owner that uses the native Mail app for emailing purposes (and that probably includes a marjory of iOS users), we have a word of caution for you. The folks over at ZecOps have uncovered a vulnerability in the app that is currently active in the wild, pending a fix from Apple. According to a blog that ZecOps researchers posted today, the vulnerability is "widely exploited" and has primarily targeted "VIPs, executive management across multiple industries, individuals from Fortune 2000 companies" around the globe. The exploit requires absolutely no user-intervention in iOS 13, and can be perpetrated by an email sent to a target while the Mail app is simply running...
Read more...
It is big news when a major vulnerability is discovered and exploited in Windows, because there is the potential to do a lot of harm. We saw this when WannaCry crippled UK hospitals for a short time (fortunately, it was mitigated rather quickly). Now, you may not have heard of VxWorks, a real-time operating system (RTOS), but a series of recently discovered security flaws is no less concerning. Wind River (acquired by Intel in 2006 and sold to TPG in 2018) describes VxWorks as "the most widely used operating system you may never have heard about." That is probably accurate for the average person. While not as widely known as Windows or macOS, VxWorks is installed on more than 2 billion embedded...
Read more...
SandboxEscaper is at it again, releasing another zero-day exploit into the wild without giving Microsoft a heads up before publication. If you recall, SandboxEscaper doesn't think too highly Microsoft and has published other zero-day vulnerabilities affecting the company's software dating back to the summer of 2018. The latest exploit leverages local privilege escalation (LPE) to compromise the Windows 10 task scheduler. If you recall, SandboxEscaper used a similar method to exploit the task scheduler back in August. According to the description of the vulnerability posted to GitHub, a malicious .job file targeting the task scheduler is the springboard for this latest attack. We...
Read more...
Although Microsoft is hoping for a big browser comeback with the Chromium-based version of the Microsoft Edge browser, there’s another browser in the company’s repertoire that many people have already forgotten about. Of course, we’re talking about the “undead” Internet Explorer. Internet Explorer has a long history of poor security (which was one of the reasons for its dwindling popularity), and now a new exploit that takes advantage of the browser has been brought to light. John Page, a security researcher, has discovered an XML eXternal Entity (XXE) vulnerability that takes advantage of MHT files. The main issue is that by default, Windows-based...
Read more...
Microsoft has released an emergency patch to fix a critical vulnerability discovered in Internet Explorer. If left unpatched, an attacker could exploit the security hole to remotely execute malicious code on a victim's PC when visiting a compromised website. Listed as CVE-2018-8653, the flaw affects all supported versions of Windows. "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current...
Read more...
It's been a rough October for Microsoft and its Windows 10 operating system. Now, to add insult to injury, another zero-day flaw has been published via Twitter. SandboxEscaper, who also published a zero-day Windows vulnerability via the social media platform back in late August, disclosed this latest exploit. The security researcher publishes a proof-of-concept on GitHub was demonstrates how it can affect a target system. In practices, this new flaw is similar to the one disclosed back in late August and exploits a Windows feature called impersonation to improperly gain access to elevated privileges. https://t.co/1Of8EsOW8z Here's a low quality bug that is a pain to exploit.....
Read more...
A former security researcher decided to go out with a bang after apparently deciding to retire from the security game and blog about traveling instead. Known on Twitter as SandboxEscaper, the researcher revealed in a tweet a zero-day vulnerability affecting Windows rather than submitting a bug report to Microsoft. The former security researchers also posted a link to a proof-of-concept on Github, in case anyone thought the vulnerability was not real. It is, and Microsoft is working on a fix. Here is the alpc bug as 0day: https://t.co/m1T3wDSvPX I don't fucking care about life anymore. Neither do I ever again want to submit to MSFT anyway. Fuck all of this shit. — SandboxEscaper (@SandboxEscaper)...
Read more...
A vulnerability researcher at Google is giving props to Microsoft for issuing a quick fix to what he described as a "crazy bad" remote code exploit in the company's malware protection engine. He also said it was the worst of its kind in recent memory, and that is because prior to the patch, a remote attacker could gain full control of a PC simply by sending a malicious email. The recipient needn't even open the communication for this nasty zero-day bug to work. "The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code...
Read more...
As always, be wary of opening email attachments, especially from untrusted sources. Security outfits FireEye and McAfee have both observed malicious Microsoft Office RTF documents in the wild that are exploiting a zero-day vulnerability in Microsoft Windows and Office that has not yet been patched. The samples observed are organized as RTF files with the .doc extension and appear as Word files. The vulnerability allows an attacker to execute a malicious Visual Basic script when the user opens the document containing an embedded exploit. FireEye says it has seen several Office documents exploiting this particular vulnerability that download and execute malware payloads from different well-known...
Read more...
When WikiLeaks revealed the Central Intelligence Agency’s (CIA’s) hacking arsenal to the world, it was made clear that the agency is capable of snooping on Samsung Smart TVs thanks to various security exploits. However, it’s not just Samsung Smart TVs that are susceptible, a new report suggests that a number of Samsung devices running the Tizen OS are at risk due to unpatched exploits. Tizen is Samsung’s homegrown operating system that can be found on its low-end smartphones, smartwatches and of course smart TVs. Like Android, it’s based on the Linux kernel. However, unlike Android, it isn’t nearly as popular, so perhaps Samsung has been reticent to fixing vulnerabilities that plague the operating...
Read more...
Newer versions of Windows, including Windows 10 are vulnerable right now to a new Server Message Block (SMB) zero-day exploit that has been shown as a proof-of-concept. The vulnerability was first demonstrated by @PythonResponder and requires a user to connect to a SMBv3 server for a successful attack. Given the severity of the exploit, the U.S. Computer Emergency Readiness Team (US-CERT) has already published an emergency advisory, officially labeling it VU#867968. US-CERT describes the memory corruption vulnerability in detail, noting: Microsoft Windows fails to properly handle traffic from a malicious server. In particular, Windows fails to properly handle a server response that...
Read more...
Microsoft has often said that Windows 10 offers the best security features and malware protection of any Windows OS to date. In case anyone doubts that claim, the Redmond outfit explained how Windows 10 with the Anniversary Update installed was able to thwart a pair of potentially dangerous zero-day exploits months before it had released a patch that dealt with them directly. The Anniversary Update that rolled out in August introduced a bunch of security upgrades to Windows 10, including improvements to Windows Defender. Many of the upgrades are intended to help Windows 10 identify and neutralize zero-day threats. That is no easy task, considering that new ones come out all the time, but recent...
Read more...
Once again Google and Microsoft are at odds over the former's decision to disclose a zero-day vulnerability affecting the latter's Windows operating system. Google alerted both Adobe and Microsoft on October 21, 2016, of previously disclosed security flaws it discovered and in the time that has passed Adobe has issued patch (CVE-2016-7855) and Microsoft has not. Google's policy on zero-day and other critical vulnerabilities it believes are being actively exploited in the wild is to give software makers seven days to issue a patch or advisory. Once that time period elapses, Google discloses the security to the public. In this case, Google waited 10 days before disclosing the vulnerability on Halloween....
Read more...
Adobe recently published a security advisory APSA16-03, which details a vulnerability in Adobe Flash Player version 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. This comes after a patch for a zero day exploit was released in early April. Adobe believes the attackers are a group called “ScarCruft”. ScarCruft is a relatively recently APT group that has launched attacks in countries such as Russia, Nepal, South Korea, China, India, Kuwait, and Romania. The group recently has taken advantage of two Adobe Flash and one Microsoft Internet Explorer exploits. ScarCruft currently has two operations called Operation Daybreak and Operation Erebus. Operation Daybreak...
Read more...
In the "vast majority of cases," when the U.S. government is made aware of a software vulnerability, it discloses that information to the vendor so that it can issue a patch to the public. What constitutes a "vast majority?" Nine times out of 10, or 91 percent of the time, according to the U.S. National Security Agency's own books. What about the other 9 percent of the time? The zero-day threats the NSA doesn't disclose are those that the vendors fixed before they were notified or, simply put, don't get disclosed in the interest of national security. "The National Security Council has an interagency process to consider when to disclose vulnerabilities," the NSA said. "The process requires the...
Read more...
Until the web at large adopts the open HTML5 <video> tag, there will still be some sites that continue to use Adobe's proprietary Flash Player runtime. Assuming you have the Flash Player installed, either on your Windows box or Mac machine, be advised that there's a "critical" vulnerability affecting both platforms. "Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system," Adobe stated in a Security Advisory. "We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below." Affected software versions...
Read more...
We're coming up on the second Tuesday of the month, which is when Microsoft rolls out a collection of security updates for Windows and Internet Explorer. Otherwise known as "Patch Tuesday," the one that's coming up tomorrow will be relatively light compared to previous ones as it contains only five security bulletins, however two of them are deemed Critical and three Important, and several of them require a restart. The first Bulletin addresses a zero-day vulnerability affecting IE versions 9 and 10, along with other security fixes for IE versions 6 through 11. This one is deemed Critical because of the zero-day exploit identified by FireEye last month, which was used to infect the U.S. Veterans...
Read more...
