Tag: zeroday | SpinSafe

State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage

April 25, 2024/in Internet Security

Apr 25, 2024NewsroomVulnerability / Zero-Day

A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments.

Cisco Talos, which dubbed the activity ArcaneDoor, attributed it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft).

“UAT4356 deployed two backdoors as components of this campaign, ‘Line Runner’ and ‘Line Dancer,’ which were used collectively to conduct malicious actions on-target, which included configuration modification, reconnaissance, network traffic capture/exfiltration and potentially lateral movement,” Talos said.

The intrusions, which were first detected and confirmed in early January 2024, entail the exploitation of two vulnerabilities –

CVE-2024-20353 (CVSS score: 8.6) – Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial-of-Service Vulnerability

CVE-2024-20359 (CVSS score: 6.0) – Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability

It’s worth noting that a zero-day exploit is the technique or attack a malicious actor deploys to leverage an unknown security vulnerability to gain access into a system.

While the second flaw allows a local attacker to execute arbitrary code with root-level privileges, administrator-level privileges are required to exploit it. Addressed alongside CVE-2024-20353 and CVE-2024-20359 is a command injection flaw in the same appliance (CVE-2024-20358, CVSS score: 6.0) that was uncovered during internal security testing.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the shortcomings to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the vendor-provided fixes by May 1, 2024.

The exact initial access pathway used to breach the devices is presently unknown, although UAT4356 is said to have started preparations for it as early as July 2023.

A successful foothold is followed by the deployment of two implants named Line Dancer and Line Runner, the former of which is an…

Source…

GPT-4 can exploit zero-day security vulnerabilities all by itself, a new study finds

April 23, 2024/in Internet Security

A hot potato: GPT-4 stands as the newest multimodal large language model (LLM) crafted by OpenAI. This foundational model, currently accessible to customers as part of the paid ChatGPT Plus line, exhibits notable prowess in identifying security vulnerabilities without requiring external human assistance.

Researchers recently demonstrated the ability to manipulate (LLMs) and chatbot technology for highly malicious purposes, such as propagating a self-replicating computer worm. A new study now sheds light on how GPT-4, the most advanced chatbot currently available on the market, can exploit extremely dangerous security vulnerabilities simply by examining the details of a flaw.

According to the study, LLMs have become increasingly powerful, yet they lack ethical principles to guide their actions. The researchers tested various models, including OpenAI’s commercial offerings, open-source LLMs, and vulnerability scanners like ZAP and Metasploit. They found that advanced AI agents can “autonomously exploit” zero-day vulnerabilities in real-world systems, provided they have access to detailed descriptions of such flaws.

In the study, LLMs were pitted against a database of 15 zero-day vulnerabilities related to website bugs, container flaws, and vulnerable Python packages. The researchers noted that more than half of these vulnerabilities were classified as “high” or “critical” severity in their respective CVE descriptions. Moreover, there were no available bug fixes or patches at the time of testing.

The study, authored by four computer scientists from the University of Illinois Urbana-Champaign (UIUC), aimed to build on previous research into chatbots’ potential to automate computer attacks. Their findings revealed that GPT-4 was able to exploit 87 percent of the tested vulnerabilities, whereas other models, including GPT-3.5, had a success rate of zero percent.

UIUC assistant professor Daniel Kang highlighted GPT-4’s capability to autonomously exploit 0-day flaws, even when open-source scanners fail to detect them. With OpenAI already working on GPT-5, Kang foresees “LLM agents” becoming potent tools for democratizing vulnerability exploitation and cybercrime among script-kiddies…

Source…

Trust Wallet Warns About iOS Zero-Day Exploit

April 20, 2024/in Internet Security

Last updated:

April 16, 2024 17:55 EDT
| 1 min read

Popular crypto wallet provider Trust Wallet disclosed on April 15 that it received “credible intel” about a high-risk zero-day exploit being sold on the Dark Web to target iOS users.

According to the software developer, this flaw could allow hackers to gain unauthorized access to users’ personal data.

Trust Wallet Reports Personal Information Sale on Dark Web

Trust Wallet shared its discovery in an X post, explaining the dangers of the zero-day exploit targeted at iMessage.

1/2: ⚠️ Alert for iOS users: We have credible intel regarding a high-risk zero-day exploit targeting iMessage on the Dark Web.

This can infiltrate your iPhone without clicking any link. High-value targets are likely. Each use raises detection risk. #CyberSecurity

— Trust Wallet (@TrustWallet) April 15, 2024

A zero-day exploit is a cyber attack that takes advantage of a previously unknown vulnerability in software. These exploits can go undetected for an extended period and are used to gain unauthorized access to systems and steal data. As detailed in the X post, iOS users and the entire crypto ecosystem could be at risk.

Trust Wallet CEO Eowyn Chen also shared a screenshot on X that reportedly depicts a zero-day exploit for sale on the Dark Web for $2 million.

Neither the crypto wallet provider nor its CEO disclosed where this information came from or if there were any casualties, however.

Due to this post getting a lot of views & comments, we thought we’d elaborate further for the community:

How did we come by this intel?
Trust Wallet is constantly monitoring multiple avenues for any and all security…

Source…

Alert: Pixel Phones’ Exploited Android Zero-Day Flaw Patched

April 19, 2024/in Mobile Security

In the realm of smartphone security, the recent spotlight has fallen on Google Pixel devices, where two zero-day vulnerabilities have been unearthed and promptly addressed by Google. As per recent reports, the Android zero-day flaw, and others like it, were exploited by forensic firms, shedding light on the intricacies of smartphone security and the measures taken to safeguard user data and protect against these mobile security risks.

Exploited Vulnerabilities, Unique Fixes

Google Pixel phones, although running on the Android operating system, operate under a distinct update mechanism. Unlike other Android devices, Pixels receive tailored updates owing to their specialized hardware platform directly managed by Google. This bespoke approach ensures that Pixel users benefit from exclusive features and heightened security measures.

In the latest security bulletin for April 2024, while the broader Android ecosystem didn’t face significant threats, Pixel devices faced active exploitation of two vulnerabilities: CVE-2024-29745 and CVE-2024-29748. These vulnerabilities posed risks of vulnerability disclosure and elevation of privilege, respectively, highlighting the intricate nature of smartphone security.

A Peek into the Android Zero-Day Flaw

Forensic companies, adept at navigating device vulnerabilities, seized upon these flaws to unlock Pixel phones and access their stored data without the need for PIN authentication. GrapheneOS, a renowned name in privacy-focused Android distributions, uncovered these exploits, shedding light on the clandestine world of smartphone security breaches.

CVE-2024-29745, identified as a high-severity information disclosure flaw in the Pixel’s bootloader, and CVE-2024-29748, characterized as an elevation of privilege bug in the Pixel firmware, were the focal points of exploitation. These Zero-day exploits enabled unauthorized access to device memory, raising concerns regarding data integrity and user privacy.

Patching the Android Zero-Day Flaw in Pixel Phones

Responding swiftly to the looming threat, Google deployed fixes aimed at patching vulnerabilities. By implementing measures such as zeroing memory during booting and restricting USB…

Source…

Tag Archive for: zeroday

Trust Wallet Reports Personal Information Sale on Dark Web

Exploited Vulnerabilities, Unique Fixes

A Peek into the Android Zero-Day Flaw

Patching the Android Zero-Day Flaw in Pixel Phones