All articles tagged with #zero day exploit
Researchers suggest that a leak of exploit details, possibly from a Pwn2Own competition, allowed attackers including Chinese spies and ransomware groups to exploit vulnerabilities in Microsoft SharePoint before patches could fully prevent the attacks, leading to widespread compromises and ongoing security concerns.
The US National Nuclear Security Administration was reportedly breached through a zero-day vulnerability in on-premises Microsoft SharePoint software, exploited by Chinese-affiliated hacking groups. Despite the breach, no sensitive information was leaked, and Microsoft has patched the flaw. The incident highlights ongoing cybersecurity risks associated with SharePoint vulnerabilities.
Microsoft has linked recent SharePoint server attacks to Chinese state-affiliated hacking groups, with vulnerabilities exploited to access sensitive data. Microsoft released patches for affected SharePoint versions, as investigations continue into ongoing threats from these groups, including Linen Typhoon, Violet Typhoon, and Storm-2603.
Hackers exploited a zero-day vulnerability in Microsoft's SharePoint server software to target various entities globally, including U.S. government agencies and businesses, prompting Microsoft to release an emergency patch and CISA to warn of active exploitation, with ongoing efforts to fix older versions.
Hackers are exploiting a zero-day vulnerability in Microsoft SharePoint servers, putting tens of thousands of on-premises servers at risk of data theft and unauthorized access. Microsoft has issued patches for some versions and is working on others, while authorities advise disconnecting affected servers from the internet until secured.
Approximately 2,000 Palo Alto Networks firewalls have been compromised due to two newly discovered vulnerabilities, CVE-2024-0012 and CVE-2024-9474, which allow attackers to gain unauthorized access and root privileges. Despite a decrease in internet-exposed interfaces, the Shadowserver Foundation reports significant exploitation, primarily in the US and India. Palo Alto Networks has released patches and shared indicators of compromise to help mitigate the threat, while emphasizing that most customers follow best practices to secure their systems.
Trust Wallet claimed that hackers may be targeting people with an iMessage "zero-day" exploit, urging iPhone users to turn off iMessage until Apple patches it. However, the "credible intel" is actually an advertisement on a dark web site offering the alleged exploit for $2 million in bitcoin, with no evidence of its existence. Cybersecurity experts suggest using Lockdown Mode instead, as there is no evidence of successful hacks while using it. The dark web site, CodeBreach Lab, appears to be new and lacks credibility, raising suspicions of a scam.
Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day by the North Korean Lazarus state hackers. The vulnerability impacts multiple versions of Windows and allows local attackers to gain SYSTEM privileges without user interaction. Lazarus exploited the flaw to gain kernel-level access, turn off security tools, and deploy a new remote access trojan (RAT) malware. Windows users are advised to install the February 2024 Patch Tuesday updates to block these attacks.
The Lazarus Group exploited a recently patched Windows Kernel flaw, CVE-2024-21338, as a zero-day to gain kernel-level access and disable security software on compromised hosts. This allowed them to run the FudModule rootkit, which can disable security solutions and manipulate Windows components. The attack showcases the group's technical sophistication and cross-platform focus, as they also target Apple macOS systems. This incident highlights the ongoing threat posed by the Lazarus Group as one of the most prolific and advanced persistent threat actors in the cybersecurity landscape.
Microsoft has warned about a critical vulnerability in Exchange Server, tracked as CVE-2024-21410, which was exploited as a zero-day before being fixed during this month's Patch Tuesday. The flaw allows remote unauthenticated threat actors to escalate privileges in NTLM relay attacks targeting vulnerable Microsoft Exchange Server versions. Microsoft has released Exchange Server 2019 Cumulative Update 14 (CU14) to address this vulnerability and enable NTLM credentials Relay Protections to mitigate authentication relay and man-in-the-middle attacks. Admins are advised to evaluate their environments and review Microsoft's documentation before toggling EP on their Exchange servers to avoid breaking functionality.
A zero-day exploit in Google's cookie generation process, known as "MultiLogin," allows hackers to gain unauthorized access to Google accounts without needing passwords. The exploit enables session persistence, making it difficult for the true account owner to kick out the hacker with a password reset. Hackers have already incorporated the exploit into info-stealing malware, and various threat groups have rapidly adopted the technique. Google is yet to roll out a comprehensive solution, and affected users are advised to log out of all devices and browsers before resetting their passwords with sufficiently complex and unique ones.
Google Chrome users are urged to update their browsers as a sixth zero-day exploit, CVE-2023-6345, has been discovered. The vulnerability allows a remote attacker to potentially perform a sandbox escape via a malicious file. The update includes seven security fixes, including patches for the zero-day exploit, and is being rolled out gradually over the coming days/weeks. Users can check their Chrome version in Settings > About Chrome and update if necessary.
Ahmed Eltantawy, a prominent Egyptian opposition politician and presidential hopeful, was targeted with a zero-day attack in an attempt to infect his iPhone with Predator spyware. The attack, which prompted Apple to release a security update, was discovered by Google and the University of Toronto's Citizen Lab. The lab has "high confidence" that the Egyptian government was responsible for the hacking attempt. Predator spyware, developed by Cytrox, can steal passwords, log keystrokes, and record calls. Eltantawy, an outspoken critic of the Egyptian government, had been receiving suspicious messages since May. The attack involved the use of PacketLogic, a product by Sandvine, a Canadian networking equipment company. The incident highlights the risks posed by commercial surveillance vendors and their impact on online user safety.
Google has released an emergency security update for Chrome users to address a zero-day threat affecting the WebP image format, just days after Apple released iOS 16.6.1 to protect against a critical zero-day exploit involving ImageIO. The vulnerability, known as CVE-2023-4863, is a heap buffer overflow issue that could potentially enable a zero-click attack when visiting a website with a malicious image. Other web browsers, including Brave, Edge, Firefox, Opera, and Vivaldi, have also issued updates to patch the WebP vulnerability. The connection between this vulnerability and the BLASTPASS exploit chain, which targeted iPhones, is still unconfirmed. Users are advised to update their browsers and check for security updates on other Chromium-powered browsers as well.
Apple has released emergency security updates to fix two zero-day vulnerabilities that were actively exploited to deploy NSO Group's Pegasus spyware onto fully patched iPhones. The vulnerabilities, known as CVE-2023-41064 and CVE-2023-41061, allowed attackers to infect iPhones running the latest version of iOS without any interaction from the victim. The exploit involved malicious images sent via iMessage. Apple has urged users to update their devices immediately and activate Lockdown Mode for those at risk of targeted attacks. This marks the latest in a series of zero-day vulnerabilities that Apple has addressed this year.