Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Security Vulnerabilities. Show all posts
Zscaler
Cyber Attacks CyberCrime Cybersecurity Data Exploit Digital Security Ransomware Security Infrastructure Security Vulnerabilities VPN Zero Trust Zscaler

Sharp Increase in Ransomware Incidents Hits Energy Sector

 


The cyber threat landscape is constantly evolving, and ransomware attacks have increased in both scale and sophistication, highlighting how urgent it is for enterprises to take a strategic approach to cybersecurity. A survey conducted by Zscaler in 2025 found that ransomware incidents increased 146% over the past year. 

Ten prominent groups took 238 terabytes of data from their servers over the past year, nearly doubling the 123 terabytes they stole a year ago. There has been an alarming 900% increase in attacks in the oil and gas industry, largely attributed to the development of digital infrastructure as well as unresolved security vulnerabilities. Additionally, manufacturing, technology, and healthcare have all been affected by this increase, resulting in more than 2,600 reported incidents combined. 

A large percentage of ransomware cases were reported in the United States, which accounts for more than twice the total number of cases reported in the next 14 most affected countries combined. According to experts, threat actors are increasingly turning to generative artificial intelligence (AI) in order to streamline operations and perform more targeted and efficient attacks. This shift corresponds with the growing preference for data extortion over traditional file encryption, resulting in more effective attacks. 

In response to these evolving tactics, cybersecurity leaders are advocating the widespread adoption of Zero Trust architecture in order to prevent large-scale data loss and contain lateral movement within networks. The rise of digital transformation is accelerating the use of ransomware actors to launch increasingly sophisticated attacks on critical infrastructure sectors while automating and leveraging vulnerable industrial control systems as a source of attack. 

A dramatic increase in the number of attacks on the oil and gas industry was attributed to expanding digital footprints and security lapses, whereas Zscaler's latest research indicates that manufacturing, information technology, and healthcare are the sectors that are most frequently targeted by cybercriminals. This attack disproportionately affected the United States, as there were 3,671 ransomware incidents registered in this country, which is more than any of the next 14 most targeted countries combined. 

Over the past year, 238 terabytes of data were exfiltrated in ransomware campaigns, a 92% increase over last year. In the April-to-April period, RansomHub emerged as the most active ransomware group, followed by Akira and Clop in a close second place. These intrusions were largely caused by vulnerabilities that were known to exist in widely used enterprise technologies, such as VMware hypervisors, Fortinet and SonicWall VPNs, and Veeam backup software, making the critical need for proactive vulnerability management and real-time threat detection to be implemented across all levels of IT and operational infrastructure even clearer.

In recent years, cybercriminal groups have adopted more targeted and scalable approaches to extortion, which is reshaping the global ransomware landscape. According to Zscaler's ThreatLabz Ransomware Report for 2025, RansomHub, Akira, and Clop are the three most prolific groups, each of which has claimed more than 850 victims, 520 victims, and 488 victims, respectively. 

The success of Ariara is attributed primarily to its affiliate-based operation model and close collaboration with initial access brokers, while Clop has continued to exploit vulnerabilities in commonly used third-party software to execute impactful supply chain attacks in the last few years. In spite of the high-profile actors involved in this reporting period, Zscaler tracked 425 ransomware groups, so this is just a small part of a much broader and rapidly growing ecosystem. 34 new ransomware groups were created during the reporting period. 

In addition, according to this report, a significant proportion of ransomware campaigns were exploiting a limited range of critical software vulnerabilities, primarily in internet-facing technologies such as SonicWall VPNs and Fortinet VPNs, VMware hypervisors, Veeam backup tools, and SimpleHelp remote access servers. 

It is due to their widespread deployment and ease of discovery through simple scanning techniques that these vulnerabilities remain so attractive. This allows both veteran and newly formed groups of hackers to launch high-impact attacks more effectively and with greater precision. The ransomware ecosystem continues to grow at an alarming rate, and there have been unprecedented numbers of groups launching ransomware attacks. 

There have been 34 new ransomware gangs reported by Zscaler between April 2024 and April 2025, totalling 425 groups that have been tracked so far. Clearly, the significant growth in ransomware over recent years is a reflection of the enduring appeal of ransomware as an attractive criminal model, and it demonstrates how sophisticated and agile cybercriminal organisations have become over the last few years. 

Even though the continued rise in new ransomware actors is a concern, some signs sustained law enforcement action and stronger cybersecurity frameworks are beginning to help counteract this trend, as well as strong cybersecurity frameworks. To dismantle ransomware infrastructures, sixteen illicit assets, and disrupt cybercrime networks, international efforts are increasing pressure on cybercriminals. Not only can these actions impede operational capabilities, but they may also serve as a psychological deterrent, preventing emerging gangs from maintaining momentum or evading detection. 

Experts suggest, even in spite of the complexity and evolution of ransomware threats, that efforts by law enforcement agencies, cybersecurity professionals, and private sector stakeholders are beginning to make a meaningful contribution to combating ransomware threats. In spite of the growth of the number of threat groups, it is becoming increasingly difficult for these groups to sustain operations over the long run. 

In the face of the global ransomware threat, there is a cautious but growing sense of optimism, as long as we continue to collaborate and be vigilant. In terms of ransomware activity, there is still a stark imbalance in the distribution of attacks across the globe. The United States remains, by a wide margin, the nation that has been hit the most frequently. 

The 2025 ThreatLabz report from Zscaler indicates that 50 per cent of all ransomware attacks originated from U.S.-based organisations, totalling 3,671 incidents - more than double the total number of attacks reported across the next 14 most targeted countries combined. The United Kingdom and Canada ranked distantly behind the US and Canada, respectively, with only 5 and 4 per cent of global incidents.
This concentration of attacks is a result of the strategic targeting of highly dense, high-value economies by threat actors looking for maximum disruption and financial gain as a result of their actions. In this surge, several prominent ransomware groups were at the forefront, including RansomHub, which had 833 victims publicly identified by the media. 

As an affiliate program and partnership with initial access brokers helped Akira rise to prominence, involving 520 victims, it became a leading ransomware group. A close second was Clop, which had 488 victims, using its proven tactics to leverage vulnerable third-party software, in order to carry out large-scale supply chain attacks using vulnerable third-party software. 

Zscaler identified 34 new ransomware families in the past year, increasing the total number of tracked groups from 425 to 425. There are more than 1,000 ransomware notes available on GitHub, with 73 new samples being added every day within the past year, highlighting the scale of the threat and its persistence. With the increasing threat landscape, Zscaler continues to advance its Zero Trust Exchange framework, powered by artificial intelligence, to combat ransomware at every stage of its lifecycle. 

By replacing legacy perimeter-based security models with this platform, you will be able to minimise attack surfaces, block initial compromises, eliminate lateral movement, and stop data exfiltration that was previously possible. 

As part of Zscaler’s architecture, which is enhanced with artificial intelligence-driven capabilities like breach prediction, phishing and command and control detection, inline sandboxing, segmentation, dynamic policy enforcement, and robust data loss prevention, we can take an active and scalable approach to ransomware mitigation, aligning with the evolving needs of modern cybersecurity. 

Increasingly, ransomware is becoming a systemic risk across digital economies, which makes it essential for enterprises and governments to develop comprehensive, forward-looking cyber defence strategies. As a result of the convergence of industrial digitisation, widespread software vulnerabilities, and the emergence of ransomware-as-a-service (RaaS) models, the global threat landscape is changing in ways that require both public and private sectors to take immediate action. 

The attacks have not only caused immediate financial and operational losses, but they have also now threatened national security, supply chain resilience, and public infrastructure, particularly within high-value, interconnected industries like the energy industry, manufacturing industry, healthcare industry, and technology industry. Leaders in cybersecurity have increasingly advocated for a paradigm shift from reactive control measures to proactive cyber resilience strategies. 

Embedding zero trust principles into organization infrastructure, modernising legacy systems, and investing in artificial intelligence-driven threat detection are some of the steps that are required to achieve this objective, as well as building intelligence-sharing ecosystems between private companies, governments, and law enforcement agencies. 

There is also a constant need to evaluate the role of artificial intelligence in both attack and defence cycles, where defenders have the need to outperform their adversaries by automating, analysing, and enforcing policy in real time. As for the policy level, the increased use of ransomware underscores the need for globally aligned cybersecurity standards and enforcement frameworks. 

Isolated responses cannot be relied upon anymore when transnational threat actors leverage decentralized infrastructure and exploit jurisdictional loopholes in order to exploit them. In order to disrupt the ransomware economy and regain trust in the digital world, a holistic collaboration is essential that involves advanced technologies, legal deterrents, and public awareness.

While there is no indication that ransomware is going away anytime soon, the progress being made in detecting threats, managing vulnerabilities, and coordinating cross-border responses offers a path forward as long as we work together on these improvements. The need to protect digital assets and ensure long-term operational continuity is not just a matter of IT hygiene anymore – it has become a foundational pillar of enterprise risk management, and therefore a crucial component for the management of business continuity in today's environment.
Read more »
Security Vulnerabilities
Cyber Attacks cybercriminal threats DoS home network safety internet Security IoT Public Wifi Security Vulnerabilities

Deauthentication Attacks Leave Wi-Fi Networks at Risk

 

A recent report from Nozomi Networks has revealed that the vast majority of Wi-Fi networks are highly vulnerable to deauthentication attacks, a common form of denial-of-service (DoS) attack. After analyzing telemetry from hundreds of operational technology (OT) and internet of things (IoT) environments, the study found that 94% of Wi-Fi networks lacked the necessary security measures to prevent these types of cyber intrusions. 

Deauthentication attacks exploit weaknesses in network protocols to force devices off a Wi-Fi network, causing disruptions that can pave the way for more severe cyber threats. Attackers manipulate a feature in the Wi-Fi protocol by sending fraudulent deauthentication frames, tricking devices into disconnecting. While the immediate impact may seem limited to temporary network interruptions, these attacks are often the first step in larger cyber operations, leading to data breaches and unauthorized access. 

One of the key findings of the report is that only 6% of wireless networks analyzed had management frame protection (MFP), a critical security feature that prevents attackers from spoofing network management frames. Without MFP, networks—including those supporting critical national infrastructure (CNI)—are left exposed to malicious actors. The consequences of such vulnerabilities are particularly concerning in high-stakes industries. 

In healthcare, cybercriminals could exploit weak wireless security to access sensitive patient data or interfere with critical medical systems. Industrial environments are also at risk, where a network disruption could halt production lines, disrupt automated processes, or even create safety hazards for workers. With increasing cyberattacks targeting essential sectors, wireless security has become a pressing issue. State-sponsored hacking groups, such as Volt Typhoon and Salt Typhoon, have been linked to breaches in U.S. telecom networks, compromising sensitive communications and establishing persistent access to critical infrastructure networks. 

These incidents highlight how Wi-Fi vulnerabilities can have far-reaching consequences beyond just business operations. The report also identified several other major threats to wireless networks. Rogue access points, for instance, allow attackers to impersonate legitimate networks, tricking devices into connecting and exposing sensitive data. Jamming attacks can overwhelm networks, causing disruptions, while eavesdropping attacks on unencrypted protocols enable cybercriminals to steal credentials and monitor activity. 

To counter these risks, Nozomi Networks recommends a proactive approach to wireless security. Organizations should conduct regular security audits, prioritize anomaly detection, and strengthen endpoint security. Implementing network segmentation can also help limit the impact of potential breaches. By adopting dynamic security strategies rather than static defenses, businesses can reduce their risk exposure and enhance their overall cybersecurity posture.
Read more »
Security Vulnerabilities
Apple Apple security vulnerability CPU Cyber Security data security Security Issues Security Vulnerabilities

New Apple Processor Vulnerabilities: FLOP and SLAP Exploit Speculative Execution

 

Security researchers have uncovered two new vulnerabilities in modern Apple processors, named FLOP and SLAP, which could allow attackers to remotely steal sensitive data through web browsers. Discovered by researchers from the Georgia Institute of Technology and Ruhr University Bochum, these flaws exploit speculative execution, a performance optimization feature in Apple’s processors, to extract private user data from browsers like Safari and Chrome.

How FLOP and SLAP Exploit Speculative Execution

Speculative execution is a technique used by modern processors to predict and execute instructions in advance, improving performance. However, flaws in its implementation have led to significant security issues in the past, such as the Spectre and Meltdown attacks. FLOP and SLAP build on these exploits, demonstrating how Apple’s latest chips can be manipulated to leak private information.

FLOP (False Load Output Prediction) affects Apple’s M3, M4, and A17 processors. These chips attempt to predict not only which memory addresses will be accessed but also the actual data values stored in memory. If a misprediction occurs, the CPU may use incorrect data in temporary computations. Attackers can exploit this by measuring cache timing differences, allowing them to extract sensitive information before the system corrects itself. Researchers demonstrated FLOP by stealing private user data, including email details from Proton Mail, Google Maps location history, and iCloud Calendar events.

SLAP (Speculative Load Address Prediction) impacts Apple’s M2 and A15 processors, along with later models. Unlike FLOP, which predicts data values, SLAP manipulates the processor’s ability to anticipate which memory address will be accessed next. By training the CPU to follow a specific pattern and then suddenly altering it, attackers can force the processor to read sensitive data. The CPU processes this information before realizing the mistake, leaving traces that hackers can analyze. Researchers used SLAP to extract Gmail inbox content, Amazon order history, and Reddit activity.

Implications and Mitigation Efforts

Both FLOP and SLAP are particularly concerning because they can be executed remotely. A victim only needs to visit a malicious website running JavaScript or WebAssembly code designed to exploit these vulnerabilities. The attack does not require malware installation or direct access to the device, making it difficult to detect or prevent.

The researchers disclosed the flaws to Apple in early 2024. While Apple has acknowledged the issues, security patches have not yet been released. Apple has stated that it does not consider the vulnerabilities an immediate risk but has not provided a timeline for fixes. In the meantime, users concerned about potential data exposure can disable JavaScript in their browsers, though this may break many websites.

These findings highlight the growing sophistication of web-based attacks and the need for stronger security measures in modern processors. As Apple works on mitigating these vulnerabilities, users should stay informed about security updates and exercise caution when browsing unfamiliar websites.

The discovery of FLOP and SLAP underscores the ongoing challenges in securing modern processors against advanced exploits. While speculative execution enhances performance, its vulnerabilities continue to pose significant risks. As cyber threats evolve, both hardware manufacturers and users must remain vigilant, adopting proactive measures to safeguard sensitive data and maintain digital security.

Read more »
Security Vulnerabilities
Cyberattacks 2023 Data Breach data security Ransomeware Security Vulnerabilities

Exploring the Spike in Data Breaches in 2023

 

In 2023, there has been a significant surge in data breaches, raising concerns globally. The upswing in cyber incidents can be attributed to various factors, reflecting the intricate dynamics of our digital age. 

Firstly, the rapid pace of digital transformation across industries has created an expansive attack surface. The interconnected systems, cloud services, and IoT devices have inadvertently provided cyber criminals with more opportunities to exploit vulnerabilities. 

Coupled with this, the sophistication of cyber threats has increased. Threat actors are now utilizing advanced techniques such as ransomware, zero-day exploits, and social engineering tactics, outpacing traditional cybersecurity measures. 

Many organizations still grapple with inadequate cybersecurity postures. The failure to implement robust security measures, conduct regular updates, and provide comprehensive employee training leaves entities vulnerable to a wide array of cyber attacks. 

The vulnerabilities within supply chains have also become apparent. Cybercriminals often exploit weak links in supply chains, targeting smaller partners or third-party vendors with less stringent cybersecurity measures as gateways to larger targets. 

Insider threats, whether intentional or unintentional, are significant contributors to data breaches. Employees with access to sensitive information may inadvertently compromise data security through human error, or malicious insiders may intentionally exploit their positions for personal gain. 

Despite the growing awareness of cybersecurity threats, some organizations continue to underinvest in cybersecurity measures. Limited budgets, competing priorities, and a lack of cybersecurity awareness at the executive level can result in insufficient resources being allocated to protect against evolving cyber threats. 

Ransomware attacks have become more prevalent and sophisticated. The profitability of ransomware attacks, coupled with the difficulty of tracing cryptocurrency payments, incentivizes cybercriminals to target a wide range of organizations, from small businesses to critical infrastructure. 

Global geopolitical tensions can spill over into cyberspace, leading to an increase in state-sponsored cyber attacks. Nation-state actors may engage in cyber espionage, targeting critical infrastructure, government institutions, or private businesses, contributing to the overall spike in data breaches. 

In some cases, lax regulatory compliance and enforcement contribute to the rise in data breaches. Organizations may neglect to implement necessary security measures or fail to report breaches promptly due to lenient regulatory frameworks. 

The surge in data breaches in 2023 is a complex issue with multiple contributing factors. Addressing this challenge requires a comprehensive and proactive approach to cybersecurity that considers technological, human, and systemic vulnerabilities. As organizations and governments grapple with these multifaceted issues, the need for strengthened cybersecurity measures, improved regulatory frameworks, and heightened global cooperation becomes increasingly evident.
Read more »
Volt Typhoon
APTs AWS Cyber Security DDoS botnets honeypot system MadPot Sandworm Security Vulnerabilities Threat Intelligence Volt Typhoon

AWS Employs MadPot Decoy System to Thwart APTs and Botnets

 

Amazon Web Services (AWS), a prominent player in cloud computing, has unveiled its internal defense system, MadPot, which has proven effective in luring and trapping malicious activities, including those orchestrated by nation-state-backed Advanced Persistent Threats (APTs) such as Volt Typhoon and Sandworm.

Conceived by AWS software engineer Nima Sharifi Mehr, MadPot is described as an advanced network of monitoring sensors equipped with automated response capabilities. This system ensnares malicious actors, monitors their actions, and generates protective data for various AWS security products.

MadPot is ingeniously designed to mimic numerous plausible targets, thwarting Distributed Denial of Service (DDoS) botnets, and preemptively blocking formidable threat actors like Sandworm from compromising AWS customers.

According to AWS, the sensors are vigilant over a staggering 100 million potential threat interactions and probes daily worldwide. Out of these, about 500,000 are identified as malicious activities, and this colossal trove of threat intelligence is meticulously analyzed to provide actionable insights on potentially harmful online activities. 

The response capabilities automatically shield the AWS network from identified threats, and they also reach out to other companies whose infrastructure is being exploited for malicious purposes.

In the case of Sandworm, the honeypot effectively intercepted the actor's attempt to exploit a security vulnerability in WatchGuard network security appliances. AWS not only identified IP addresses but also other distinct attributes linked to the Sandworm threat involved in the attempted breach of an AWS customer.

MadPot's remarkable capability to simulate a range of services and engage in extensive interactions enabled AWS to gather additional insights about Sandworm campaigns. This included specific services targeted by the actor and post-exploitation commands initiated by them. Armed with this intelligence, AWS promptly informed the affected customer, who took swift action to rectify the vulnerability.

Furthermore, AWS highlighted that the data and insights gathered by MadPot are harnessed to enhance the efficacy of their security tools, including AWS WAF, AWS Shield, AWS Network Firewall, and Amazon Route 53 Resolver DNS Firewall. These are complemented by detective and reactive services like Amazon GuardDuty, AWS Security Hub, and Amazon Inspector.
Read more »
Vulnerabilities and Exploits
CISA Critical Flaws Exploits Security Flaws Security Vulnerabilities Vulnerabilities and Exploits

CISA’s vulnerabilities in KEV: Federal Agencies Have to Fix Them

 

CISA has included 6 vulnerabilities to its “Known Exploited Vulnerabilities Catalog” and has ordered the federal agencies to patch them with the help of vendor’s instructions. 

The CISA, U.S.-based cybersecurity and infrastructure security agency has given a deadline of 6th October to the government agencies to fix the security flaws that surfaced between 2010 and 2022. CISA has instructed the federal agencies to fix the newly added security vulnerabilities as per the directive. 

Exploiting the majority of the vulnerabilities that have been added to the list, gives cyber attackers local privilege escalation or admin-level access to the system, whereas the two of them permit to execution of a malicious code remotely, known as Remote Code Execution. 

These vulnerabilities that were found between the stretch of 2010 and 2022 comprise the most that were identified in 2013 and were engineered as spyware  especially for getting into the social media accounts of android users by using Tizi malware. 

The list of security flaws discovered in 2013 includes: 

  • CVE-2013-6282: it gives local privilege escalation and is used for rooting android devices.
  • CVE-2013-2597: it gives local privilege escalation and is used for overflow in Code Aurora audio driver.
  • CVE-2013-2596: it gives local privilege escalation and deals with Linux kernel integer overflow.
  • CVE-2013-2094: it gives local privilege escalation and manages Linux kernel privilege escalation. 

The CISA also added the oldest bug in KEV which was disclosed in 2010; this was the bug held responsible for spreading the Stuxnet worm, which caused a slowdown in the country’s development in the field of nuclear weapons by destroying the machines at the Natanz Uranium Enrichment Plant. 

The bug found in 2010 was named CVE-2010-2568,  it allows remote access to inject malicious code into the system. The latest security issue added to the vulnerability list was identified a month ago. It was also the only security flaw found this year. The cyber attackers exploited it and affected Trend Micro Apex One and Apex one as services. The recently identified bug was CVE-2022-40139, it was described as an improper validation issue. 

The list of all of the vulnerabilities is available publically on the official website of known exploited vulnerabilities. The directive from November 2021, “Binding operational directive 22-01”, legally states, that resolving all the vulnerabilities added by CISA and making them 'Known Exploited Vulnerabilities' is the responsibility of all federal civilian agencies to regulate a secure environment.
Read more »
Vulnerabilities and Exploits
Bugs Critical Flaw Local privilege escalation vulnerability Microsoft Privilege Escalation Flaw Security Bug Security flaw Security Vulnerabilities Vulnerabilities and Exploits

ExtraReplica: Microsoft Patches Cross-Tenant Bug in Azure PostgreSQL

 

Recently, Microsoft has patched pair of security vulnerabilities in its Azure Database for PostgreSQL Flexible Server which could have been exploited to execute malicious code. On Thursday, cyber security researchers from Wiz Research published an advisory on "ExtraReplica," wherein they described it as a "cross-account database vulnerability" in Azure's infrastructure. 

The first is a privilege escalation bug in a modification that Microsoft made to the PostgreSQL engine and the second bug leverages the privilege escalation enabled by the former to give attackers cross-account access. 

Microsoft Azure is a hybrid cloud service and accounts for hundreds of thousands of enterprise customers, it also provides various services to different enterprises including software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS). 

It supports various programming languages, frameworks, and tools including both Microsoft-specific and third-party software and systems, as well as housing the data for various other Microsoft tools is one of its key features. 

According to the report, security vulnerabilities in the software could be used to bypass Azure's tenant isolation, which prevents software-as-a-service (SaaS) systems users from accessing resources belonging to other tenants. 

Also, ExtraReplica's core attack vector is based on a flaw that gave full access to customer data across multiple databases in a region without authorization, researchers from cloud security vendor Wiz Research recently added. 

"An attacker could create a full copy of a target database in Azure PostgreSQL [Flexible Server], essentially exfiltrating all the information stored in the database…," 

 “…The vulnerabilities would have allowed attackers to bypass firewalls configured to protect the hosted databases unless an organization had configured it for private access only but this is not the default configuration," says Ami Luttwak, co-founder and CTO at Wiz. 

Following the attack, Microsoft said it has mitigated the security vulnerabilities in the second week of January 2022, less than 48 hours after Wiz had warned about the attack. However, the company said that its research showed no evidence that hackers has exploited the vulnerabilities to access customer data.
Read more »
Vulnerabilities and Exploits
CVE vulnerability Microsoft Security Vulnerabilities Vulnerabilities and Exploits

New Windows Vulnerability Allows Domain Takeover, Microsoft Released Patch



 A new vulnerability named Zerologon has been identified by cybersecurity organization, Secura who tracked the high rated vulnerability as CVE-2020-1472; it allows attackers to gain admin control of a Windows domain, inducing the ability to steal credentials from individual Windows account.

In order to exploit Zerologon, the attacker is required to be on the network, access to which can be acquired by various methods such as phishing, drive-by exploits or etc.

The attacker disables security features that protect the Netlogen process and change a system's password linked with its Active Directory account. Zerologon exploits a weak cryptographic algorithm used in the Netlogon authentication process, as per the expert findings at Secura.

 While exploiting the vulnerability and attempting to authenticate against the domain controller, the bug impersonates the identity of any computer on a network and disables security features. In order to obtain domain administrator access to carry out malicious activities, the attacker needs to connect to a domain controller through a Netlogon secure channel connection. The attack is carried out swiftly, lasting not more than three seconds.

In August 2020, Microsoft effectively disrupted the operations of numerous companies in the patching process that took place in two phases and finally released patches for a severe 10/10 rated security flaw that was described as an elevation of privilege in Netlogon. The task has been an arduous one for Microsoft.

 In their blog post on Zerologon, Secura explained, "It would not be necessary to wait for some other user to attempt to log in. Instead, the attacker can login themselves, pretending to only support NTLM and providing some invalid password. The service they are logging in to will forward the NTLM handshake to the domain controller and the domain controller would reply with a negative response. This message could then be replaced by a spoofed reply (also containing a recalculated session key) indicating that the password was correct and, by the way, the user trying to log in happened to be a member of the domain admin group (meaning they also have administrative privileges on the target machine),"
"This vulnerability can be particularly dangerous when an attacker has a foothold in an internal network because it allows for both elevation of privileges (to local admin) and lateral movement (gaining RCE on other machines on the network)," the blog post further read.
Read more »
Vulnerabilities and Exploits
Browser Vulnerability Google Chrome Security Vulnerabilities User Data Vulnerabilities and Exploits

New Security Flaw in Google's Chrome Browser Lets Hackers Access Sensitive User Data



Hackers are always finding new ways to exploit bugs and compromise sensitive user data, a recently discovered flaw in Google Chrome which could lead to arbitrary code execution, allows attackers to view, edit or even delete confidential data.

The vulnerability in the browser was initially reported by the Centre for Internet Security (CIS) and it could have allowed hackers to execute arbitrary code in the context of the browser. In order to keep the flaw in check, Google Chrome released an immediate update for its users round the globe.

In the upcoming week, Google will be releasing patches for Mac, Windows and Linux, as per the reports. However, the older versions of the search engine, which are the versions before 76.0.3809.132 are prone to attack.

To be on a safe side, users are advised to have their browsers updated and be aware of suspicious websites. The report also recommends users to avoid following the hyperlinks from unknown sources.

“A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.” Reads the report.

Read more »
Security Vulnerabilities
App vulnerability Browser Vulnerability Google Google Chrome Google Play Store Security Vulnerabilities

Google now pays more for disclosing vulnerabilities in Chrome OS and some Play Store apps

One of the hardest aspects of maintaining a cross-platform product is ensuring its security. Vulnerabilities can be exploited on various platforms in various scenarios, and it’s almost impossible for literally any company’s security department to fix all of them on their own. That’s why companies often use vulnerability disclosure rewards programs, which basically means giving money to someone who finds an issue in your product. Google has several programs of this kind. One of them is the Chrome Vulnerability Rewards Program, which awards security researchers for exploiting vulnerabilities in Chromium, Chrome, and Chrome OS. As you already know, there are a lot of Chromium-based browsers on the market, so the security of this product is crucial.

Today, Google is increasing the minimum rewarding amount for this program. Currently, security researchers receive a maximum amount of $5,000 on baseline reports. These exploits are mostly around escaping the sandboxing. Google is tripling the amount of reward for high severity baseline reward, bringing it up to $15,000. The price of high-quality reports with functional exploits of the same category got doubled. Previously it was $15,000, but after today Google will pay $30,000 for these kinds of exploits. Google is also increasing the bonus from $500 to $1,000 for exploits found via Chrome Fuzzer, which lets security researchers use Google’s hardware and scale to replicate the exploits.

The Google Play Security Reward Program got an update, too. This program only covers apps that have specifically opted-in.

- The reward for remote code execution bug went from $5,000 to $20,000
- The reward for theft of insecure private data went from $1,000 to $3,000
- The reward for accessing protected app components went from $1,000 to $3,000

To put it in short, Google decided to show more appreciation for all the security researchers that help ensure the security of their product. The changes will go into action today. You can start looking for vulnerabilities if you are competent enough. Maybe you’ll get some reward from Google.
Read more »
User Security
EA Origin Gaming Hijacking Security flaw Security Vulnerabilities User Privacy User Security

EA Origin Security Flaw Exposed over 300 Million Gamers to Account Takeovers



In the wake of the discovery of an EA based vulnerability, EA origin has been forced to re-examine its module for security and safety as the flaw could have potentially exposed millions of gamers to account takeovers.

As per the findings and research of specialists at Check Point and CyberInt, the vulnerability affected over 300 million gaming enthusiasts playing online games namely FIFA, Madden NFL, NBA Live and Battlefield.

The vulnerability relied on an alternate authentication method known as, Access Tokens which are like passwords; by stealing a Single Sign-On authorization token, the security flaw would have given complete authority into the hands of the hackers, who further would have been able to hijack player's accounts without needing the login or password.

Stealing 'Access Tokens' can be a bit more complex than stealing passwords, however, it still is possible. It's because users have been enlightened against providing passwords on dubious websites, hackers now resort to accessing access tokens rather than the passwords. Moreover, it can be carried out behind the scenes without needing any active participation from the user.

On Wednesday, commenting on the matter, Oded Vanunu, head of products vulnerability research for Check Point, told, "EA's Origin platform is hugely popular, and if left unpatched, these flaws would have enabled hackers to hijack and exploit millions of users' accounts,"

Referencing from the statements given by Alexander Peleg in an email in the regard, "We had the vulnerabilities under control so no other party could have exploited them during the period it took EA to fix," 
Read more »
South Korea
4G Network LTE Network Security researcher Security Vulnerabilities Smartphone Hacks South Korea

LTE vulnerabilities could allow eavesdroping


There are new vulnerabilities discovered with the 4G network used by smartphones. South Korean researchers discovered 36 new flaws using a technique called 'fuzzing'.

It turns out that our mobile networks may not be the safest. As LTE gets ready to make way for 5G, researchers have discovered several flaws in the Long-Term Evolution (LTE) standard, which could allow an attacker to intercept data traffic or spoof SMS messages.

The 4G LTE standard has vulnerabilities that could allow a hacker to intercept data that is being transferred on the networks. Although there has been plenty of research about LTE security vulnerabilities published in the past,  what's different about this particular study is the scale of the flaws identified and the way in which the researchers found them.

Researchers at the Korea Advanced Institute of Science and Technology Constitution (KAIST) have discovered 51 vulnerabilities with the 4G LTE standard—this includes 15 known issues and 36 new and previously undiscovered flaws with the standard.

LTE, although commonly marketed as 4G LTE, isn’t technically 4G. LTE is widely used around the world and often marketed as 4G. LTE can be more accurately described as 3.95G.

Given the widespread use of LTE, the latest findings have massive implications and clearly show wireless networks that consumers often take for granted aren't foolproof.

In their research paper [PDF], the researchers claim to have found vulnerabilities enabling attackers to eavesdrop and access user data traffic, distribute spoofed text messages, interrupt communications between base station and phones, block calls, disconnect users from the network and also access as well as manipulate data that is being transferred. The researchers are planning to present these at the IEEE Symposium on Security and Privacy in May.

“LTEFuzz successfully identified 15 previously disclosed vulnerabilities and 36 new vulnerabilities in design and implementation among the differ- ent carriers and device vendors. The findings were categorized into five vulnerability types. We also demonstrated several attacks that can be used for denying various LTE services, sending phishing messages, and eavesdropping/manipulating data traffic. We performed root cause analysis of the identified problems by reviewing the related standard and interviewing collaborators of the carriers,” said the researchers in the report.
Read more »
Zero Day exploit
Firefox Firefox 66.0.1 Firefox update Security Vulnerabilities TrendMicro Zero Day exploit

Firefox update fixes critical security vulnerability

Firefox 66.0.1 Released with Fix for Critical Security Vulnerabilities that discovered via Trend Micro’s Zero Day Initiative. The vulnerability affects all the versions of Firefox below 66.0.1.

An attacker could exploit these vulnerabilities to take complete control over the target system of the process.

CVE-2019-9810: Incorrect alias information

Incorrect alias information with IonMonkey JIT compiler for Array.prototype.slice leads to missing bounds check and a buffer overflow.

The bounds checking is a method used for detecting the variable is present within the bounds, a failed bound check would through the exception and results in security vulnerabilities.

CVE-2019-9813: Ionmonkey type confusion with proto mutations

Mishandling of proto mutations leads to the type of confusion vulnerability in IonMonkey JIT code.

The type confusion vulnerability occurs, when the code doesn’t verify what objects it is passed to, and blindly uses it without type-checking.

By exploiting this vulnerability an attacker can execute arbitrary commands or code on a target machine or in a target process without user interaction.

This vulnerability discovered by an independent researcher Niklas Baumstark targeting Mozilla Firefox with a sandbox escape in Trend Micro Zero-day initiative contest and he successfully demonstrates the JIT bug in Firefox, for that he earned $40,000.

In Pwn2Own 2019 contents researchers exploit multiple bugs with leading providers such as Edge, Mozilla Firefox, Windows, VMware and earned $270,000 USD in a single day by submitting 9 unique zero-day exploits.

The Firefox bug was introduced in the second day of the contest by Fluoroacetate team and an individual security researcher Niklas Baumstark.
Read more »
Sensitive data.
malware Security Vulnerabilities Sensitive data.

Researchers Discover Critical Flaws Inside AMD’s Processors


Researchers on the AMD front claim to have found "multiple critical security vulnerabilities and exploitable manufacturer backdoors inside AMD’s latest Epyc, Ryzen, Ryzen Pro, and Ryzen Mobile processors."

If attackers somehow managed to misuse the blemishes, at that point the situations extending from AMD's processors being infected with tenacious malware that would be relatively difficult to recognize to attackers taking sensitive data the researchers say.

Israel-based CTS-Labs published a site committed to the 13 critical blemishes, and along with it a 20-page whitepaper, "Severe Security Advisory on AMD Processors." They code-named the four classes of vulnerabilities as Ryzenfall, Fallout, Chimera, and Masterkey.






It is vital to take note of that before the vulnerabilities could be exploited; the attackers would first need to gain administrative rights (root access) on a targeted computer or network. The report aims to describe the multiple, potential attacks.

Despite the fact that CTS conceded that it gave AMD, one of the largest semiconductor firms having expertise in processors for PCs and servers, just a 24-hour heads-up before opening up to the world about the flaws however even Microsoft, Dell, HP, and "select merchants" were likewise advised one day before the announcement of the vulnerabilities was made public.

Further adding CTS said that AMD's Ryzen chipset, which AMD outsourced to a Taiwanese chip manufacturer, AS Media, "is as of now being shipped with exploitable manufacturer backdoors inside." Which could without much of a stretch allow attackers "to inject malignant code into the chip" and make "a perfect target" for hackers.

"The vulnerabilities we have discovered allow bad actors who infiltrated the network to persist in it, surviving computer reboots and reinstallations of the operating system. This allows attackers to engage in persistent, virtually undetectable espionage, buried deep in the system." says the report.

The California-based organization later assured in an announcement that they are researching this report; to comprehend the approach and merit of the discoveries made so as to provide proper protection against the vulnerabilities as soon as they can.


Read more »
Subscribe to: Posts (Atom)