Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Zero Day. Show all posts
Zero Day
Amnesty International Android Google Qualcomm Vulnerabilities and Exploits Zero Day

Millions of Android Devices at Risk, New Chip Bug Exploited in Targeted Attacks

 



Overview of the Exploit

Hackers recently leveraged a serious security weakness, said to be a "zero-day," that exists within the Qualcomm chipsets used in many popular Android devices. Qualcomm confirmed that at the time they were first exploited by hackers, they were unaware of the bug, which was tracked under CVE-2024-43047. This flaw actually existed in real-world cyberattacks where it could have impacted millions of Android users globally.

Vulnerability Details

This zero-day flaw was uncovered in 64 different Qualcomm chipsets, including the highly sought-after flagship Snapdragon 8 (Gen 1), a chipset used by many Android devices from reputable brands such as Motorola, Samsung, OnePlus, Oppo, Xiaomi, and ZTE. In their advisory, Qualcomm states that attackers have been able to exploit the flaw, but the company does not elaborate on who the attackers are or what their motive might be or who they specifically targeted. In light of both Google's Threat Analysis Group (TAG) and the Amnesty International Security Lab investigating the incidents, Qualcomm believes these instances constitute "limited, targeted exploitation," rather than widespread attacks.

Response to Attack

The vulnerability was apparently noticed by the CISA US, who have listed it on their known exploited vulnerabilities list. Qualcomm has issued appreciation to Google Project Zero and Amnesty International's Security Lab for coordinated disclosure of this vulnerability. Through such coordination, Qualcomm has been able to develop its fixes starting from September 2024 that it has since issued to customers, which includes Android device manufacturers operating its own chipsets.

Patch Distribution and User Security

So far, patch development is the task of Android device manufacturers. As Qualcomm has publicly released the fix, users need to ensure that their devices are up to date with respect to security patches from their device manufacturer.

Investigation Continues

The broader investigation into the hack is still going on with Google and Amnesty International digging deeper into the details of the targeted attack. Google TAG didn't have anything further to say, but an Amnesty spokesperson confirmed that it would soon publish more research findings on this vulnerability.

The necessity for security research and collaboration from technology entities and organisations to prevent new threats from happening is highlighted in this case. Android users of devices that use Qualcomm should thus remain vigilant and roll out whichever system updates for now.


Read more »
Zero Day
Browser Data Google Chrome Vulnerability and Exploits Zero Day

Google Issues Emergency Update for New Chrome Vulnerability

 



Google has announced an urgent security update for its Chrome browser to fix a newly discovered vulnerability that is actively being exploited. This recent flaw, identified as CVE-2024-5274, is the eighth zero-day vulnerability that Google has patched in Chrome this year.

Details of the Vulnerability

The CVE-2024-5274 vulnerability, classified as high severity, involves a 'type confusion' error in Chrome's V8 JavaScript engine. This type of error occurs when the software mistakenly treats a piece of data as a different type than it is, potentially leading to crashes, data corruption, or allowing attackers to execute arbitrary code. The vulnerability was discovered by Google security researcher Clément Lecigne.

Google has acknowledged that the flaw is being exploited in the wild, which means that malicious actors are already using it to target users. To protect against further attacks, Google has not yet disclosed detailed technical information about the flaw.

To address the issue, Google has released a fix that is being rolled out via the Chrome Stable channel. Users on Windows and Mac will receive the update in versions 125.0.6422.112/.113, while Linux users will get the update in version 125.0.6422.112. Chrome typically updates automatically, but users need to relaunch the browser for the updates to take effect. To ensure the update is installed, users can check their Chrome version in the About section of the Settings menu.

Ongoing Security Efforts

This marks the third actively exploited zero-day vulnerability in Chrome that Google has fixed in May alone. Earlier this year, Google adjusted its security update schedule, reducing it from twice weekly to once weekly. This change aims to close the patch gap and reduce the time attackers have to exploit known vulnerabilities before a fix is released.

Previous Zero-Day Vulnerabilities Fixed This Year

Google has been actively addressing several critical vulnerabilities in Chrome throughout 2024. Notable fixes include:

1. CVE-2024-0519: An out-of-bounds memory access issue in the V8 engine, which could lead to heap corruption and unauthorised data access.

2. CVE-2024-2887: A type confusion vulnerability in the WebAssembly standard, which could be exploited for remote code execution.

3. CVE-2024-2886: A use-after-free bug in the WebCodecs API, allowing arbitrary reads and writes, leading to remote code execution.

4. CVE-2024-3159: An out-of-bounds read in the V8 engine, enabling attackers to access sensitive information.

5. CVE-2024-4671: A use-after-free flaw in the Visuals component, affecting how content is rendered in the browser.

6. CVE-2024-4761: An out-of-bounds write issue in the V8 engine.

7. CVE-2024-4947: Another type confusion vulnerability in the V8 engine, risking arbitrary code execution.

Importance of Keeping Chrome Updated

The continuous discovery and exploitation of vulnerabilities surfaces that it's imperative to keep our softwares up to date. Chrome’s automatic update feature helps ensure users receive the latest security patches without delay. Users should regularly check for updates and restart their browsers to apply them promptly.

Overall, Google’s quick response to these vulnerabilities highlights the critical need for robust security measures and careful practices in maintaining up-to-date software to protect against potential cyber threats.


Read more »
Zero Day
Antivirus Detection Honeypot honeypot system malware Zero Day

Empowering Global Cybersecurity: The Future with Dianoea Darwis Honeypot

 

The digital world, vast and interconnected, demands robust cybersecurity measures that can keep pace with rapidly evolving threats. The Dianoea Darwis Honeypot and the initiatives of the Cyber Security and Privacy Foundation are pivotal in shaping this future. This final section explores the broader impact of these efforts and the global call to action for enhanced cybersecurity. 
 
A Global Network in Need of Protection In our digitally interconnected world, a threat to one is a threat to all. The Dianoea Darwis Honeypot isn't just a tool for individual organizations; it's a guardian for the global digital network. Its ability to identify and analyze cyber threats has far-reaching implications, helping to safeguard not just individual systems but entire infrastructures. 
 
The Significance of Collaboration in Cybersecurity 
 
The challenges posed by cyber threats are too vast for any single entity to tackle alone. The Foundation's initiative highlights the importance of collaboration in cybersecurity. By providing tools like the Dianoea Darwis Honeypot and its analysis API, they are fostering a community-oriented approach where shared knowledge leads to stronger defenses for everyone. 
 

Preparing for the Future 

 
As we look towards the future, the role of technologies like the Dianoea Darwis Honeypot becomes increasingly significant. Cybersecurity is an ever-evolving field, and staying ahead requires tools that are not only advanced but also adaptable. The Foundation's ongoing efforts to enhance and update the honeypot ensure that it remains a potent weapon against cyber threats. 
 

Join the Cybersecurity Revolution 

 
The journey to a safer digital world is a collective effort. The Dianoea Darwis Honeypot and the Foundation's free analysis API are open to use, inviting everyone to play a role in this revolution. Whether you're a cybersecurity expert, part of an organization, or an individual with an interest in the field, your involvement can make a difference. 
 

A Unified Stand Against Cyber Threats 

 
The Cyber Security and Privacy Foundation's initiative, highlighted by the Dianoea Darwis Honeypot, is more than just a technological advancement; it's a call to arms in the digital realm. As we embrace these tools and join forces in the fight against cybercrime, we forge a path towards a more secure and resilient digital future for all. 

Written by Founder, Cyber Security And Privacy Foundation
Read more »
Zero Day
API security Artificial Intelligence Chat Bot Chat GPT Cyber Security Encryption Malicious Codes Sensitive data Unauthorized access Zero Day

Adopting ChatGPT Securely: Best Practices for Enterprises

As businesses continue to embrace the power of artificial intelligence (AI), chatbots are becoming increasingly popular. One of the most advanced chatbots available today is ChatGPT, a language model developed by OpenAI that uses deep learning to generate human-like responses to text-based queries. While ChatGPT can be a powerful tool for businesses, it is important to adopt it securely to avoid any potential risks to sensitive data.

Here are some tips for enterprises looking to adopt ChatGPT securely:
  • Conduct a risk assessment: Before implementing ChatGPT, it is important to conduct a comprehensive risk assessment to identify any potential vulnerabilities that could be exploited by attackers. This will help organizations to develop a plan to mitigate risks and ensure that their data is protected.
  • Use secure channels: To prevent unauthorized access to ChatGPT, it is important to use secure channels to communicate with the chatbot. This includes using encrypted communication channels and secure APIs.
  • Monitor access: It is important to monitor who has access to ChatGPT and ensure that access is granted only to authorized individuals. This can be done by implementing strong access controls and monitoring access logs.
  • Train employees: Employees should be trained on the proper use of ChatGPT and the potential risks associated with its use. This includes ensuring that employees do not share sensitive data with the chatbot and that they are aware of the potential for social engineering attacks.
  • Implement zero-trust security: Zero-trust security is an approach that assumes that every user and device on a network is a potential threat. This means that access to resources should be granted only on a need-to-know basis and after proper authentication.
By adopting these best practices, enterprises can ensure that ChatGPT is used securely and that their data is protected. However, it is important to note that AI technology is constantly evolving, and businesses must stay up-to-date with the latest security trends to stay ahead of potential threats.
Read more »
Zero Day
Atlassian CISA Critical Flaw Exploits Flaws Microsoft Exchange Microsoft Exchange Server Vulnerabilities and Exploits Zero Day

CISA: Atlassian Bitbucket Server Flaws added to KEV Catalog List

 

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three recently disclosed security flaws to its list of Known Exploited Vulnerabilities (KEV ) Catalog, including critical vulnerability in Atlassian’s Bitbucket Server and Data Center, and two Microsoft Exchange zero-days.

At the end of August, Atlassian rectified a security flaw, tracked as CVE-2002-36804 (CVSS score 9.9) in Bitbucket Server and Data Center. The flaw is a critical severity and is related to a command injection vulnerability that enables malicious actors access to arbitrary code execution, by exploiting the flaw through malicious HTTP requests.

"All versions of Bitbucket Server and Datacenter released after 6.10.17 including 7.0.0 and newer are affected, this means that all instances that are running any versions between 7.0.0 and 8.3.0 inclusive are affected by this vulnerability," Atlassain states in an advisory released in late August.

Although CISA did not provide further details on how the security flaw is being exploited or how widespread the exploitation efforts are, researchers at GreyNoise, on September 20 and 23 confirms to have detected evidence of in-the-wild abuse.

The other two KEV flaws, Microsoft Exchange zero-days (tracked as CVE-2022-41040 and CVE-2022-41082) exploited in limited, targeted attacks according to Microsoft.

"Microsoft is also monitoring these already deployed detections for malicious activity and will take necessary response actions to protect customers. [..] We are working on an accelerated timeline to release a fix," states Microsoft.

The Federal Civilian Executive Branch Agencies (FCEB) have applied patches or mitigation measures for these three security vulnerabilities after being added to CISA’s KEV catalog as required by the binding operational directive (BOD 22-01) from November.

Since the directive was issued last year, CISA has added more than 800 security vulnerabilities to its KEV catalog, while requiring federal agencies to direct them on a tighter schedule.

Although BOD 22-01 only applies to U.S. FCEB agencies, CISA has suggested to all the private and public sector organizations worldwide to put forward these security flaws, as applying mitigation measures will assist in containing potential attacks and breach attempts. In the same regard, CISA furthermore stated, “These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise”
Read more »
Zero Day
Exchange Server Microsoft Vulnerabilities and Exploits Zero Day

Microsoft Accepts Breach of Two Zero Day Vulnerabilties

Exchange Server Vulnerabilities

Microsoft accepted that it knows about the two Exchange Server zero-day vulnerabilities that have been compromised in targeted cyberattacks. GSTC, a cybersecurity agency from Vietnam, reports finding attacks comprising two latest Microsoft Exchange zero-day vulnerabilities. It thinks that the attacks, which first surfaced in August and aimed at crucial infrastructure, were orchestrated by Chinese threat actors. 

Technical details about the vulnerabilities have not been disclosed publicly yet, however, GSTC says that the attacker's exploitation activities following the attack include the installation of backdoors, deployment of Malware, and lateral movement. 

Details about zero-day vulnerabilities

Microsoft was informed about vulnerabilities through the Zero Day Initiative (ZDI), by Trend Micro. Microsoft posted a blog telling its customers that the company is looking into two reported zero-day vulnerabilities. As per Microsoft, one flaw is a server-side request forgery (SSRF) issue, identified as CVE-2022-41040 and the second flaw is an RCE (remote code execution) flaw identified as CVE-2022-41082. The security loopholes seem to affect Exchange Server 2013, 2016, and 2019. 

According to Microsoft, it is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems. In these attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082. It should be noted that authenticated access to the vulnerable Exchange Server is necessary to successfully exploit either of the two vulnerabilities. 

Microsoft fixing the issue

Microsoft is currently working on an accelerated timeline to fix the vulnerabilities. For the time being, it has given detailed guidelines to protect against the vulnerability. It believes that its products should identify post-exploitation malware and any malicious activities related to it. Microsoft Online Exchange users don't have to do anything. 

"Security researcher Kevin Beaumont has named the vulnerabilities ProxyNotShell due to similarities with the old ProxyShell flaw, which has been exploited in the wild for more than a year. In fact, before Microsoft confirmed the zero-days, Beaumont believed it might just be a new and more effective variant of the ProxyShell exploit, rather than an actual new vulnerability," reports Security Week.

Read more »
Zero Day
Cyber Security Cybersecurity Google Project Zero Zero Day

Project Zero- Exploited Flaws in H1 2022 Variants of Previous Flaws

Project Zero

Google Project Zero says that in H1 2022, around half of the Zero-day vulnerabilities exploited in attacks were linked to old flaws not appropriately patched. Maddie Stone, a researcher in Google Project Zero posted a blog post continuing part of her speech at the First conference held in June 2022, her presentation is called "0-day In The Wild Exploitation in 2022...so far." 

Stone disclosed that 9 out of 18 zero-day vulnerabilities identified and revealed as exploited in-the-wild in 2022 are variants of earlier patched vulnerabilities. 

"As of June 15, 2022, 18 0-days detected and disclosed as exploited in-the-wild in 2022. When we analyzed those 0-days, we found that at least nine of the 0-days are variants of previously patched vulnerabilities. At least half of the 0-days we’ve seen in the first six months of 2022 could have been prevented with more comprehensive patching and regression tests.” said Stone in her blog. “On top of that, four of the 2022 0-days are variants of 2021 in-the-wild 0-days. Just 12 months after the original in-the-wild 0-day patched, attackers came back with a variant of the original bug.” It suggests that the attacks in most incidents weren't sophisticated and the players that exploited the flaws returned and triggered the known vulnerability via a different technique. 

For instance, the Follina Windows vulnerability found recently, known as CVE-2022-30190, is another variant for CVE-2021-40444. 

"When 0-day exploits are detected in-the-wild, it’s the failure case for an attacker. It’s a gift for us security defenders to learn as much as we can and take action to ensure that that vector can’t be used again. The goal is to force attackers to start from scratch each time we detect one of their exploits: they’re forced to discover a whole new vulnerability, they have to invest the time in learning and analyzing a new attack surface, and they must develop a brand new exploitation method.” writes Stone. "To do that effectively, we need correct and comprehensive fixes." 

To deal properly with Zero-day vulnerabilities, Google experts suggest platform security teams and other freelance security experts invest in root cause analysis, patch analysis, variant analysis, and exploit technique analysis. 
Read more »
Zero Day
Chinese developers Smart contract Vulnerability and Exploits Zero Click Exploit Zero Day

University of California Researchers Develop a Technique to Discover Inconsistencies in Smart Contracts


Researchers from the University of California, Santa Barbara, presented a "scalable technique" to check smart contracts and minimize state-inconsistency bugs, finding forty-seven zero-day vulnerabilities on the Ethereum blockchain during the process. Smart contracts are programs stored on the blockchain that are executed automatically when default conditions are met, depending on the encoded terms of the agreement. 

These programs let authorized transactions agreements be used by unknown parties without having the need of a central authority. In simple terms, the code is in itself a final party of the trade it is presenting, the program controls all the execution aspects, also provides an immutable evidentiary audit chain of transactions, both irreversible and trackable. As per the paper and researchers, "since smart contracts are not easily upgradable, auditing the contract's source pre-deployment, and deploying a bug-free contract is even more important than in the case of traditional software."

About Sailfish 

It aims to find inconsistencies in smart contracts, that allows an attacker to meddle with execution order or transactions, affecting control flow in a single transaction, for instance, reentrancy. Sailfish is a tool that converts a contract into a dependency graph, capturing control and data flow relations between state-changing instructions and storage variables of a smart contract. The tool helps to find potential inconsistencies. The researchers analyzed Sailfish on 89,853 contracts retrieved from Etherscan. 

Finding forty-seven zero-day vulnerabilities that can be exploited to extract Ether and might also comprise application-specific metadata. This will include vulnerable contracts implementing a house tracker that may be exploited so that house owners can do multiple active listings. "This is not the first time problematic smart contracts have attracted attention from academia. In September 2020, Chinese researchers designed a framework for categorizing known weaknesses in smart contracts with the goal of providing a detection criterion for each of the bugs," reports the hacker news.
Read more »
Subscribe to: Posts (Atom)