Nov 26 2021

Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices

Category: Zero dayDISC @ 9:38 am
Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices

Resecurity, a Los Angeles-based cybersecurity company has identified an active a zero-day vulnerability in the TP-Link device with model number TL-XVR1800L (Enterprise AX1800 Dual Band Gigabit Wi-Fi 6 Wireless VPN Router), which is primarily suited to enterprises.

The identified vulnerability enables Remote Code Execution (RCE) which grants the ability to takeover of the device and then use it for malicious purposes, as well as to steal sensitive data too. It’s likely this vulnerability is present in other devices from the same family.

The affected device is orientated towards the enterprise segment and supports Wi-Fi 6 (the next-generation wireless standard which is faster than 802.11ac). Wi-Fi 6 officially arrived in late 2019, and Wi-Fi 6 enabled hardware was released throughout 2020. The main goal of this new standard is enhancing throughput-per-area in high-density scenarios, such as corporate offices, shopping malls and dense residential apartments.

Resecurity notified TP-Link on November 19th 2021, and received acknowledgment the very next day. TP-Link said they’re going to release a patch in a week (currently the 0-day vulnerability is in the wild). Resecurity shared Proof-of-Concept with TP-Link of how Remote Code Execution was achieved on the target device, along with multiple other vulnerabilities.

TP-Link

Below is the video PoC of the zero-day exploitation:

The Life and Times of Zero-Day Vulnerabilities and Their Exploits

Tags: TP-Link Wi-Fi, zero-day

Sep 26 2021

STILL ALIVE! iOS 12 gets 3 zero-day security patches – update now

Category: Mobile Security,Zero dayDISC @ 11:20 am
STILL ALIVE! iOS 12 gets 3 zero-day security patches – update now

If you’ve already listened to this week’s Naked Security Podcast you’ll know that we had finally concluded that iOS 12, the version before the version before the latest-and-greatest iOS 15, which arrived this Monday…

…had been dumped forever by Apple.

Apple notoriously won’t tell you anything about the security situation in its products unless and until it has a patch out.

So when iOS 14 got updated in the last couple of patch cycles, but iOS 12 didn’t, we couldn’t tell whether it was still safe and didn’t need the patches, whether it needed the patches but they’d be a bit late, or whether it needed the patches but would never get them.

And with iOS 15 arriving as the new kid on the block this week, we assumed the worst, following the “one-in-one-out” principle.

We haven’t finished because we haven’t even started

iOS Application Security

Tags: iOS 12, iOS Application Security

Sep 14 2021

Apple products vulnerable to FORCEDENTRY zero-day attack – patch now!

Category: Zero dayDISC @ 9:41 am
Apple products vulnerable to FORCEDENTRY zero-day attack – patch now!

You know what we’re going to say, so we’ll say it right away.

Patch early, patch often.

Canadian privacy and cybersecurity activist group The Citizen Lab just announced a zero-day security hole in Apple’s iPhone, iPad and Macintosh operating systems.

They’ve given the attack the nickname FORCEDENTRY, for rather obvious reasons, though its official designation is CVE-2021-30860.

Citizen Lab has attributed the vulnerability, and the code that exploits it, to controversial device surveillance company NSO Group, already well-known for its so-called Pegasus line of spyware-like products.

According to Citizen Lab, this exploit relies on booby-trapped PDF files, and was spotted in the wild when a Saudi Arabian activist handed over their phone for analysis after suspecting that spyware had somehow been implanted on the device.

The Citizen Lab report coincides with Apple’s own security bulletin HT21807, which credits Citizen Lab for reporting the hole, and says simply:

Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. […] An integer overflow was addressed with improved input validation.

The problem with integers

The Art of Mac Malware: The Guide to Analyzing Malicious Software

Tags: Apple products, FORCEDENTRY zero-day

Sep 08 2021

Windows zero-day MSHTML attack

Category: Windows Security,Zero dayDISC @ 9:51 am
Windows zero-day MSHTML attack – how not to get booby trapped!

Details are scarce so far, but Microsoft is warning Office users about a bug that’s dubbed 

CVE-2021-40444
, and described as Microsoft MSHTML Remote Code Execution Vulnerability.

The bug doesn’t have a patch yet, so it’s what’s known as a zero-day, shorthand for “the Good Guys were zero days ahead of the Bad Guys with a patch for this vulnerability.”

In other words: the crooks got there first.

As far as we can tell, the treachery works like this:

  1. You open a booby-trapped Office file from the internet, either via an email attachment or by downloading a document from a criminal-controlled web link.
  2. The document includes an ActiveX control (embedded add-on code) that ought not to have unrestricted access to your computer.
  3. The ActiveX code activates the Windows MSHTML component, used for viewing web pages, exploits a bug in it to give itself the same level of control that you yourself would have right from the Windows desktop, and uses it to implant malware of the attacker’s choice.

MSHTML isn’t a full-on browser, like Internet Explorer or Edge, but is a part of the operating system that can be used to create browsers or browser-like applications that need or want to display HTML files.

Even though HTML is most closely associated with web browsing, many apps other than browsers find it useful to be able to render and display web content, for example as a convenient and good-looking way to present documentation and help files, or to let users fill in and submit support tickets.

This “stripped down minibrowser” concept can be found not only on Windows but also on Google’s Android and Apple’s iOS, where the components Blink and WebKit respectively provide the same sort of functionality as MSHTML on Microsoft platforms. Mozilla products such as Firefox and Thunderbird are based on a similar idea, known as Gecko. On iOS, interestingly, Apple not only uses WebKit as the core of its own browser, Safari, but also mandates the use of WebKit in browsers or browser-like apps from all other vendors. That’s why Firefox on iOS is the only version of that product that doesn’t include Gecko -it has no choice but to use WebKit instead.

how not to get booby trapped!

Tags: MSHTML attack

Aug 12 2021

Trend Micro warns customers of zero-day attacks against its products

Category: Zero dayDISC @ 2:47 pm
Trend Micro warns customers of zero-day attacks against its products

Security firms Trend Micro is warning its customers of attacks exploiting zero-day vulnerabilities in its Apex One and Apex One as a Service products.

On July 28, Trend Micro released security patches for multiple incorrect permission assignment privilege escalation, incorrect permission preservation authentication bypass, arbitrary file upload, and local privilege escalation vulnerabilities in Apex One and Apex One as a Service products. The security firm also reported that attackers are already exploits at least two of the flaws (CVE-2021-32464, CVE-2021-32465, CVE-2021-36741, CVE-2021-36742) in attacks in the wild.

The vulnerabilities affect the Trend Micro Apex One (On Premise) and Apex One as a Service (SaaS) on Windows.

“Trend Micro has observed an active attempt of exploitation against two of these vulnerabilities (chained) in-the-wild (ITW) in a very limited number of instances, and we have been in contact with these customers already. All customers are strongly encouraged to update to the latest versions as soon as possible.” reads the advisory.

The company did not share info about the attacks in the wild that exploited the above vulnerabilities.

In April, the security firm revealed that attackers were actively exploiting a vulnerability, tracked as 

CVE-2020-24557
, in its antivirus solutions to gain admin rights on Windows systems.

The 

CVE-2020-24557
 vulnerability affects the Apex One and OfficeScan XG enterprise security products. 

Zero Days - Featurette - YouTube

Tags: Trend Micro, zero-day

Jul 15 2021

China Taking Control of Zero-Day Exploits

Category: Zero dayDISC @ 11:39 am
China Taking Control of Zero-Day Exploits

Countdown to #ZeroDay: #Stuxnet and the Launch of the World’s First #DigitalWeapon

Tags: china, cybersecurity, cyberweapons, Digital Weapons, disclosure, Stuxnet, vulnerabilities, zero-day, Zero-Day Exploits

Jul 09 2021

Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

Category: Hacking,Zero dayDISC @ 3:22 pm
Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

A threat actor that goes online with the name “integra” has deposited 26.99 Bitcoins on one of the cybercrime forums with the intent to purchase zero-day Exploits from other forum members, researchers from threat intelligence firm Cyble.

According to the experts, the member “integra” has joined the cybercrime forum in September 2012 and has gained a high reputation over the course of time. The threat actor is also a member of another cybercrime forum since October 2012.  

The threat actor aims at buying malware with zero detection,

The TA is willing to buy the following things with the deposited money zero-day exploits for RCE and LPE, in the latter case the member is offering up to $3 Million.

“The TA is willing to buy the following things with the deposited money.” states Cyble.

  • 1. Buy the best Remote Access Trojan (RAT) that has not yet been flagged as malicious by any of the security products. 
  • 2. Buy unused startup methods in Windows 10 such as living off the land (LotL) malware and hiding in the registry evasion technique. The TA is willing to offer up to USD 150K for the original solution. 
  • 3. Buy Zero Day Exploit for Remote Code Executions and Local Privileges Escalations. The TA has mentioned that the budget for this particular exploit is USD 3Million. 

The significant amount deposited as an escrow by the threat actor is concerning, the circumstance suggests that the threat actor is going to use the exploits for attacks or to resell them.  

zero-day exploits

“Organizations should patch all known security updates and conduct timely internal Security Audits, in addition to being prepared for such attacks in the future.” concludes Cyble.

The Dark Web

Tags: cybercrime marketplace, dark web

Jun 02 2021

Critical 0day in the Fancy Product Designer WordPress plugin actively exploited

Category: Crypto,Zero dayDISC @ 9:41 pm
Critical 0day in the Fancy Product Designer WordPress plugin actively exploited

Researchers from the Wordfence team at WordPress security company Defiant warn that a critical zero-day vulnerability, tracked as CVE-2021-24370, in the Fancy Product Designer WordPress plugin is actively exploited in the wild.

Fancy Product Designer is a premium plugin that allows customers to design and customize any kind of product in their online stores, it is currently installed on more than 17,000 websites.

Experts pointed out that the vulnerability could be exploited only in certain configurations, but even if the plugin is not active.

Attackers are exploiting the flaw to extract order information from site databases, anyway, this vulnerability is likely not being attacked on a large scale.

Users could modify their products by uploading images and PDF files, but experts noticed that the checks in place to prevent malicious files from being uploaded are not sufficient and could be easily be bypassed

“Fancy Product Designer is a WordPress plugin that offers the ability for customers to upload images and PDF files to be added to products. Unfortunately, while the plugin had some checks in place to prevent malicious files from being uploaded, these checks were insufficient and could easily be bypassed, allowing attackers to upload executable PHP files to any site with the plugin installed.” reads the post published by the experts. “This effectively made it possible for any attacker to achieve Remote Code Execution on an impacted site, allowing full site takeover.”

The flaw has been rated with a CVSS score of 9.8 out of 10, an attacker could exploit the issue to upload executable PHP files to online stores that have the plugin installed.

Tags: plugin exploited

Apr 11 2021

Google’s Project Zero Finds a Nation-State Zero-Day Operation

Category: Zero day,Zero trustDISC @ 9:44 am
Google’s Project Zero Finds a Nation-State Zero-Day Operation

Google’s Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by “Western government operatives actively conducting a counterterrorism operation”:

The exploits, which went back to early 2020 and used never-before-seen techniques, were “watering hole” attacks that used infected websites to deliver malware to visitors. They caught the attention of cybersecurity experts thanks to their scale, sophistication, and speed.

Zero Days

Review: 'Zero Days' Examines Cyberwarfare's Potential Online Apocalypse - The New York Times

The Stuxnet virus cyber-attack launched by the U.S. and Israel unleashed malware with unforeseen consequences. Delve deep into the burgeoning world of digital warfare in this documentary thriller from Academy Award® winning filmmaker Alex Gibney.

Tags: Stuxnet, watering hole attacks

Mar 24 2021

Microsoft says China-backed hackers are exploiting Exchange zero-days

Category: Email Security,Zero dayDISC @ 9:58 pm
Microsoft says China-backed hackers are exploiting Exchange zero-days

Tags: Exchange zero-days

Mar 20 2021

A threat actor exploited 11 zero-day flaws in 2020 campaigns

Category: Zero dayDISC @ 11:46 pm
A threat actor exploited 11 zero-day flaws in 2020 campaigns

Google researchers observed two separate waves of attacks that took place in February and October 2020, respectively. Threat actors set up malicious sites in a series of watering hole attacks that were redirecting visitors to exploit servers hosting exploit chains for Android, Windows, and iOS devices.

“In October 2020, Google Project Zero discovered seven 0-day exploits being actively used in-the-wild. These exploits were delivered via “watering hole” attacks in a handful of websites pointing to two exploit servers that hosted exploit chains for Android, Windows, and iOS devices.” wrote the popular Project Zero researcher Maddie Stone. “These attacks appear to be the next iteration of the campaign discovered in February 2020 and documented in this blog post series.”

A threat actor exploited 11 zero-day flaws in 2020 campaigns

Tags: zero-day flaws

Mar 03 2021

Exchange Servers targeted via zero-day exploits, have yours been hit?

Category: Email Security,Zero dayDISC @ 8:59 am
Exchange Servers targeted via zero-day exploits, have yours been hit?

Microsoft has released out-of-band security updates for seven bugs affecting Microsoft Exchange Servers, four of which are zero-day vulnerabilities being exploited by attackers in the wild to plunder on-premises machines.

Source: The zero-day bugs affecting Exchange Servers

Tags: Exchange Servers

Feb 18 2021

Security researchers warn of critical zero-day flaws in ‘age gap’ dating app Gaper

Category: Zero dayDISC @ 6:22 pm
Security researchers warn of critical zero-day flaws in 'age gap' dating app Gaper
We identified that it was possible to compromise any account on the application within a 10-minute timeframe’

Critical zero-day vulnerabilities in Gaper, an ‘age gap’ dating app, could be exploited to compromise any user account and potentially extort users, security researchers claim.

The absence of access controlsbrute-force protection, and multi-factor authentication in the Gaper app mean attackers could potentially exfiltrate sensitive personal data and use that data to achieve full account takeover within just 10 minutes.

More worryingly still, the attack did not leverage “0-day exploits or advanced techniques and we would not be surprised if this had not been previously exploited in the wild”, said UK-based Ruptura InfoSecurity in a technical write-up published yesterday (February 17).

Despite the apparent gravity of the threat, researchers said Gaper failed to respond to multiple attempts to contact them via email, their only support channel.

GETting personal data

Gaper, which launched in the summer of 2019, is a dating and social networking app aimed at people seeking a relationship with younger or older men or women.

Ruptura InfoSecurity says the app has around 800,000 users, mostly based in the UK and US.

Because certificate pinning was not enforced, the researchers said it was possible to obtain a manipulator-in-the-middle (MitM) position through the use of a Burp Suite proxy.

This enabled them to snoop on “HTTPS traffic and easily enumerate functionality”.

Source: Security researchers warn of critical zero-day flaws in ‘age gap’ dating app Gaper

Zero Days

Feb 05 2021

Chrome zero-day browser bug found

Category: Web Security,Zero dayDISC @ 10:20 am
Chrome zero-day browser bug found – patch now!

Tags: Chrome zero-day

Feb 04 2021

Google: Proper patching would have prevented 25% of all zero-days found in 2020

Category: Zero dayDISC @ 12:31 am
zero-day.png

Google said today that a quarter of all the zero-day vulnerabilities discovered being exploited in the wild in 2020 could have been avoided if vendors had patched their products correctly.

The company, through its Project Zero security team, said it detected 24 zero-days exploited by attackers in 2020.

Six of these were variations of vulnerabilities disclosed in previous years, where attackers had access to older bug reports so they could study the previous issue and deploy a new exploit version.

“Some of these 0-day exploits only had to change a line or two of code to have a new working 0-day exploit,” Maddie Stone, a member of the Project Zero team, said today in a blog post.

Source: Proper patching would have prevented 25% of all zero-days

Nov 11 2020

Google patches two more Chrome zero-days

Category: Zero dayDISC @ 5:57 pm

Google has now patched five Chrome zero-days in three weeks.

Source: Google patches two more Chrome zero-days | ZDNet

URGENT Google Chrome Zero Day flaw security update
httpv://www.youtube.com/watch?v=8u5jGXbaF0w



Zer0 Days




Mar 30 2019

Expert disclosed two Zero-Day flaws in Microsoft browsers

Category: Zero dayDISC @ 2:54 pm

A 20-year-old security researcher publicly disclosed details and proof-of-concept exploits for two zero-day vulnerabilities in Microsoft web browsers.

Source: Expert disclosed two Zero-Day flaws in Microsoft browsers


  • Zero Day Vulnerability titles





    • Jan 21 2019

    Windows Zero-Day Bug That Lets Attackers Read Any File Gets Micropatch

    Category: Zero dayDISC @ 1:12 pm

    A micropatch is now available for a zero-day vulnerability in Windows that allows unauthorized read access with the highest privileges to any file on the operating system.

    Source: Windows Zero-Day Bug That Lets Attackers Read Any File Gets Micropatch





    « Previous Page