Tag Archive for: zerodays

Microsoft’s February 2024 Patch Tuesday Addresses 2 Zero-Days and 73 Vulnerabilities

/in


Microsoft has released a substantial set of patches in its February 2024 Patch Tuesday. This update is particularly significant as it addresses a total of 73 vulnerabilities, which includes two zero-day exploits that have been detected in active use by cyber criminals. Among the vulnerabilities patched, five have been classified as critical due to their potential to cause serious harm, such as denial of service, remote code execution, information disclosure and elevation of privileges. Read on for more details.  

What are the zero-days mentioned in Microsoft’s February 2024 Patch Tuesday?  

The two zero-day vulnerabilities that have been actively exploited are particularly concerning: 

  • CVE-2024-21351: This is a Windows SmartScreen bypass vulnerability. SmartScreen is designed to warn users about running unrecognized applications that could potentially be harmful. The exploitation of this vulnerability could lead to unauthorized data exposure or render systems unavailable. 
  • CVE-2024-21412: This vulnerability is a security feature bypass flaw. It allows attackers to carry out their attacks without triggering the security checks that are in place to prevent such incidents. 

The implications of these vulnerabilities are severe, as they can be used to compromise user data, disrupt business operations and gain unauthorized access to sensitive information. The complete list of resolved vulnerabilities in the February 2024 Patch Tuesday updates can be viewed in the full report. 

What is Nuspire doing? 

In response to these updates, Nuspire has taken immediate action by applying the patches as recommended by the vendor. In addition to patching, Nuspire’s security team is actively threat hunting within client environments to detect any signs of compromise that might indicate the exploitation of these vulnerabilities. 

What should I do? 

It is crucial for organizations to take proactive measures to protect their systems and data from these vulnerabilities. Here are the recommended steps: 

  • Prioritize Patching: Given the active exploitation of the two zero-days, organizations should prioritize patching these vulnerabilities. The sooner these patches are applied, the less…

Source…

Microsoft patches two zero-days for Valentine’s Day

/in


Microsoft has patched two actively exploited zero-day vulnerabilities in its February Patch Tuesday – a pair of security feature bypasses affecting Internet Shortcut Files and Windows SmartScreen respectively – out of a total of just over 70 vulnerabilities disclosed in the second drop of 2024.

Among some of the more pressing issues this month are critical vulnerabilities in Microsoft Dynamics, Exchange Server, Office, and Windows Hyper-V and Pragmatic General Multicast, although none of these flaws are being used in the wild quite yet.

Water Hydra

The first of the two zero-days is tracked as CVE-2024-21412 and was found by Trend Micro researchers. It appears to be being used to target foreign exchange traders specifically by a group tracked as Water Hydra.

According to Trend Micro, the cyber criminal gang is leveraging CVE-2024-21412 as part of a wider attack chain in order to bypass SmartScreen and deliver a remote access trojan (RAT) called DarkMe, likely as a precursor to future attacks, possibly involving ransomware.

“CVE-2024-21412 represents a critical vulnerability characterised by sophisticated exploitation of the Microsoft Defender SmartScreen through a zero-day flaw,” explained Saeed Abbasi, product manager for vulnerability research at the Qualys Threat Research Unit.

“This vulnerability is exploited via a specially crafted file delivered through phishing tactics, which cleverly manipulates internet shortcuts and WebDAV components to bypass the displayed security checks.

“The exploitation requires user interaction, attackers must convince the targeted user to open a malicious file, highlighting the importance of user awareness alongside technical defences. The impact of this vulnerability is profound, compromising security and undermining trust in protective mechanisms like SmartScreen,” said Abbasi.

The second zero-day, tracked as CVE-2024-21351, is remarkably similar to the first in that ultimately, it impacts the SmartScreen service. In this case, however, it enables an attacker to get around the checks that it conducts for the so-called Mark-of-the-Web (MotW) that indicates whether a file can be trusted or not, and execute their own code.

“This…

Source…

Spyware behind nearly 50% of zero-days targeting Google products

/in


Google on Tuesday reported that commercial surveillance vendors (CSVs) are behind nearly 50% of the known zero-day exploits targeting Google products.

The news brought to light the increased prevalence of CSVs and the potential threat of spyware being used against not just famous journalists, politicians and academics, but ordinary citizens and businesspeople.   

Google’s 50-page report found that from mid-2014 through 2023, security researchers discovered 72 in-the-wild zero-day exploits affecting Google products with the Google Threat Analysis Group (TAG) attributing 35 of the zero-days to the CSVs.

“The commercial surveillance industry has emerged to fill a lucrative market niche: selling cutting edge technology to governments around the world that exploit vulnerabilities in consumer devices and applications to surreptitiously install spyware on individuals’ devices,” wrote the Google researchers. “By doing so, commercial surveillance vendors (CSVs) are enabling the proliferation of dangerous hacking tools.”

Morgan Wright, chief security advisor at SentinelOne, said Google’s new information means that anyone, anywhere, any place, is at risk.

The proliferation of mobile computing, along with continuous discoveries of zero-day exploits, means spyware will become a booming market that will continue to grow because there’s demand for these capabilities, Wright said. What’s of most concern, Wright continued, is that the spyware capabilities that were once the exclusive province of nation-state intelligence organizations are available off-the-shelf to anyone with a big enough bank account.

“The number of threat actors will grow exponentially, making it a very challenging exercise to identify and defend against these threats,” said Wright. “For the security community, this means there is no rest. Ever. The vectors of attack will change minute-by-minute and hour-by-hour. Once a threat pops up and is identified and dealt with, many more will develop to take its place. This will force certain decisions about open versus closed platforms. To have more freedom and security, it may require tighter controls.”

Marina Liang, threat intelligence engineer at Interpres, said…

Source…

Spyware industry develops most zero-days and governments promote it

/in


Commercial spyware vendors appear to be the largest developers of zero-day vulnerabilities. Through these vulnerabilities, spyware such as Pegasus and Predator can be installed on devices worldwide. This was stated in a report by Google, in which the tech company is also calling for greater actions against the practices of the spyware industry. Governments should ban those actions, but that is hard because they themselves are buyers of the spyware.

Last year, the Threat Analysis Group (TAG) at Google closely monitored the activities of 40 commercial spyware vendors (CSVs). With the study, TAG determined that these vendors were responsible for 80 percent of the zero-day vulnerabilities found by TAG in 2023. It means that these vendors sought and exploited the vulnerability. The exploitation was aimed at spying on devices around the world.

Pegasus and Predator

In the report, TAG mentions several of these CSVs by name. They are said to include Cy4Gate, RCS Lab, Negg Group and Variston. Intellexa is also named as the developer of the Predator spyware. This spyware came into the spotlight late last year following an Amnesty International investigation. Predator was allegedly purchased by at least 25 countries and deployed to spy on U.S. and EU politicians.

Another vendor, perhaps even better known, is NSO Group. This company made plenty of headlines after the discovery of Pegasus spyware. This software came to light after Apple contacted top European officials on the possibility of spyware on their Apple devices.

Only a fraction of the reality

Commercial spyware vendors appear to have increasingly focused on zero-day vulnerabilities over the years. Over ten years, Google can attribute 35 of the 72 zero-day vulnerabilities found and exploited to these vendors.

So over a ten-year period, the percentage does not even reach 50 percent. Last year, however, it had already reached 80 percent. It seems like these commercial vendors have, mainly in recent years, scaled up their activities to find and exploit zero-day vulnerabilities.

Still, there is another possible conclusion. Namely, TAG’s study assumes the zero-day vulnerabilities found. Researchers have…

Source…