Two lucky winners scooped $200k for just 20 minutes’ work – if you don’t count the days, weeks and months of meticulous effort beforehandRead More Pwn2Own 2021: Zoom, Teams, Exchange, Chrome and Edge “fully owned”
Microsoft continues to monitor and investigate attacks exploiting the recent on-premises Exchange Server vulnerabilities. As organizations recover from this incident, we continue to publish guidance and share threat intelligence to help detect and evict threat actors from affected environments.
The post Analyzing attacks taking advantage of the Exchange Server vulnerabilities appeared first on Microsoft Security.Read More Analyzing attacks taking advantage of the Exchange Server vulnerabilities
F5 Networks recently released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, but their adversaries have begun to mass scan and target exposed and unpatched networking devices. This in the wild exploitation happened after a proo…Read More PoC Exploit Posted Online Leaves Critical F5 BIG-IP Bug Exposed
Microsoft Defender Antivirus and System Center Endpoint Protection will automatically mitigate CVE-2021-26855 on any vulnerable Exchange Server on which it is deployed. We have taken this additional step to further support our customers who are still vulnerable and have not yet implemented the complete security update.
The post Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus appeared first on Microsoft Security.Read More Automatic on-premises Exchange Server mitigation now in Microsoft Defender Antivirus
Read More Exploiting Spectre Over the Internet
A new botnet malware is hunting down and transforming infected routers, DVRs, and UPnP network devices into honeypots. The infected devices are helping the botnet to find other targets to infect. The malware was named ZHtrap by the 360 Netlab, the secu…Read More ZHtrap Botnet Malware Deploys Honeypots in the Search for More Targets
Check Point has evidence that (probably government affiliated) Chinese hackers stole and cloned an NSA Windows hacking tool years before (probably government affiliated) Russian hackers stole and then published the same tool. Here’s the timeline:
Read More Chinese Hackers Stole an NSA Windows Exploit in 2014
The timeline basically seems to be, according to Check Point:
- 2013: NSA’s Equation Group developed a set of exploits including one called EpMe that elevates one’s privileges on a vulnerable Windows system to system-administrator level, granting full control. This allows someone with a foothold on a machine to commandeer the whole box.
Salt is one of the largest open source communities in the world, based on automation and Infrastructure management. A vulnerability, named CVE-2020-28243, was identified as a privilege escalation bug impacting SaltStack Salt minions. This allowed an un…Read More A Minion Privilege Escalation Exploit was Fixed in SaltStack Project
Over 6,700 VMware vCenter servers have been exposed online and susceptible to a new cyberattack, writes Catalin Cimpanu. With a severity score of 9.8 out of 10, this bug can allow hackers to control unpatched devices and effectively take over companies…Read More More than 6,700 VMware servers exposed, susceptible to takeover attacks
At the virtual Enigma Conference, Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. In it, she talked about how often vendors fix vulnerabilities only to have the attackers tweak their exploits to work again. From a MIT Technology Review article:
Read More On Vulnerability-Adjacent Vulnerabilities
Soon after they were spotted, the researchers saw one exploit being used in the wild. Microsoft issued a patch and fixed the flaw, sort of. In September 2019, another similar vulnerability was found being exploited by the same hacking group.
More discoveries in November 2019, January 2020, and April 2020 added up to at least five zero-day vulnerabilities being exploited from the same bug class in short order. Microsoft issued multiple security updates: some failed to actually fix the vulnerability being targeted, while others required only slight changes that required just a line or two to change in the hacker’s code to make the exploit work again…