zero-day exploit Archives

AppWizard

February 4, 2025

Google warns Android users of a zero-day software exploit causing instability

Google has warned Android users about a significant zero-day exploit, identified as CVE-2024-53104, that could cause software instability and allow attackers to manipulate devices. This vulnerability operates at the Linux kernel level and affects all Android devices, including the Galaxy S25 and S24. A fix is included in the February security patch, but OEMs must distribute it. Current reports indicate that exploitation attempts are limited, but users are urged to update their devices promptly. Additionally, another flaw affecting Qualcomm technology may grant remote access to devices, with no reported victims yet. In 2023, 97 zero-day vulnerabilities were exploited, a 50% increase from 2022, primarily impacting Android devices.

Tech Optimizer

December 18, 2024

Can Antivirus Software Protect Against Zero-Day Exploits?

The text discusses the increasing threat of cyberattacks due to reliance on digital devices without adequate protection, particularly antivirus software. It highlights the dangers of phishing and ransomware attacks, especially for businesses. Zero-day threats are described as vulnerabilities in software unknown to developers, which hackers exploit before a fix is available. Traditional antivirus systems primarily use signature-based detection and heuristic analysis, which are ineffective against zero-day exploits. To combat these threats, advanced strategies like Endpoint Detection and Response (EDR), artificial intelligence (AI), and Next-Generation Antivirus (NGAV) are being developed. A multi-layered security strategy is recommended, combining various tools and practices to enhance protection against cyber threats.

Winsage

December 7, 2024

New Windows 7 To 11 Warning As Zero-Day With No Official Fix Strikes

A zero-day vulnerability has been discovered by researchers at Acros Security, affecting all versions of Windows from 7 to 11 and Windows Server 2008 R2 and later. This vulnerability targets the Windows NT LAN Manager and allows attackers to obtain a user's NTLM credentials by having the user view a malicious file in Windows Explorer. Currently, there is no official patch from Microsoft. The 0patch platform has released a free "micropatch" for users to protect their systems until an official fix is available.

Tech Optimizer

December 4, 2024

How hackers are using corrupted Microsoft Office files to fool everyone

Corrupted Microsoft Office documents and ZIP files are being used in a phishing campaign that evades antivirus detection, as reported by cybersecurity firm ANY.RUN. This tactic, active since at least August 2024, involves corrupting files to bypass email security protocols while allowing harmful content recovery. The documents are designed to avoid detection by email filters and antivirus software, using QR codes to direct users to fake Microsoft account login pages. Analysis shows these attachments often do not trigger alerts on VirusTotal, as they exploit Microsoft Word and WinRAR's recovery features. This method is categorized as a potential zero-day exploit, aiming to deceive users into opening the files and activating the QR codes for credential harvesting or malware delivery. Security experts stress the importance of user awareness and training to identify phishing attempts, while organizations are enhancing email filtering to detect file corruption patterns. The rise of QR code phishing, or "quishing," adds complexity, as many users are unaware of the risks of scanning codes.

Tech Optimizer

December 1, 2024

Get 50% off Malwarebytes during Black Friday 2024

Malwarebytes is offering a 50% discount on various subscription plans for its cybersecurity products until December 8th, 2024. The discounted prices for the 1-year subscriptions are as follows: - Malwarebytes Standard: .49 (originally .99) - Malwarebytes Plus: .99 (originally .99) - Malwarebytes Ultimate: .99 (originally .99) - Malwarebytes Family Device Security: .99 (originally .99) - Malwarebytes Family Ultimate Security: .49 (originally 4.99) - Malwarebytes Teams: .99 (originally .99) The Malwarebytes Premium version 5.2 includes features such as advanced antivirus, anti-malware, anti-spyware, phishing protection, ransomware defense, scam protection, and real-time threat protection. Malwarebytes has also introduced new services like Malwarebytes VPN, Identity Theft Protection, and Personal Data Remover. The VPN service offers anonymous browsing with a no-log policy, while the Identity Protection service includes credit monitoring and ID theft insurance. The Personal Data Remover helps users remove personal information from data broker databases.

Tech Optimizer

August 25, 2024

Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited – Help Net Security

- PostgreSQL databases on Linux systems are being targeted by cryptojacking attacks due to inadequate security. - Cisco Talos has found vulnerabilities in Microsoft applications for macOS that could allow unauthorized access to microphones and cameras. - Google has fixed a zero-day vulnerability in Chrome, CVE-2024-7971, which was being actively exploited. - OpenCTI, an open-source cyber threat intelligence platform, has been launched to help organizations manage cyber threat data. - A compilation of cybersecurity job openings indicates a growing demand for professionals in the field. - A critical vulnerability in GitHub Enterprise Server, CVE-2024-6800, has been patched to prevent unauthorized access. - SolarWinds has released a patch for a critical flaw in its Web Help Desk solution following a previous fix for a code-injection vulnerability. - Hiya reported nearly 20 billion calls flagged as spam in the first half of 2024, with a rise in AI-driven scams. - Microsoft will implement mandatory multi-factor authentication for all Azure sign-ins. - North Korean hackers exploited a zero-day vulnerability in a Windows driver, CVE-2024-38193, to deploy a rootkit. - NGate malware has been identified, which uses NFC technology to steal funds from victims' payment cards on Android devices. - Many organizations face security vulnerabilities in APIs, particularly with exposed secrets. - Microchip Technology Incorporated experienced operational disruptions due to a cyberattack. - Experts are questioning the future of national data privacy legislation in the U.S. amid discussions on federal privacy laws. - Research indicates that fraudsters can exploit digital wallet apps to use stolen payment cards even after they are reported compromised. - x64dbg is gaining popularity among security professionals for malware analysis and reverse engineering. - Current vulnerability management approaches focus on risk prioritization as a starting point for security strategy. - Building a positive cybersecurity culture within organizations is essential for risk reduction and resilience. - Higher education institutions are exploring ways to enhance cybersecurity measures despite resource constraints. - A new phishing campaign targeting Android and iPhone users has been uncovered by ESET researchers. - Organizations are recognizing the importance of managing enterprise data to improve cybersecurity, despite challenges from siloed systems. - The federal government is focusing on food security as a critical infrastructure issue. - Organizations are adopting biometric solutions to counter the risks posed by deepfake technology. - New information security products have been released by companies including Entrust, Fortanix, McAfee, Own, RightCrowd, and Wallarm.

Winsage

August 22, 2024

North Korean hackers used a Windows zero-day exploit

North Korean hackers, specifically the Lazarus group, have exploited the CVE-2024-38193 Windows vulnerability, which was actively targeted as recently as June. This vulnerability allows attackers to gain extensive access to Windows systems and execute untrusted code. Microsoft has released a patch for this security issue. The attacks are highly targeted, focusing on individuals with access to sensitive information in sectors like cryptocurrency and aerospace.

AppWizard

August 1, 2024

Telegram zero-day for Android allowed malicious files to masquerade as videos

Researchers from the cybersecurity firm ESET discovered a zero-day exploit named "EvilVideo" targeting the Telegram messaging app on Android devices. The exploit, found on an underground forum, allowed attackers to send harmful payloads disguised as multimedia files by leveraging Telegram's automatic media download feature. Users could inadvertently download malicious files if they tapped the download button. Telegram released a patch in versions 10.14.5 and above to address the vulnerability by displaying malicious files as applications instead of videos. The exploit had a potential active window of about five weeks, but it remains unclear if it was used in the wild or the identity of the hacker behind it. The same forum account that promoted the exploit also advertised undetectable Android cryptomining malware.

AppWizard

July 23, 2024

Cursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android

A zero-day exploit targeting Telegram for Android was discovered, allowing malicious payloads to be disguised as multimedia files. The exploit was effective on Telegram versions 10.14.4 and older, but Telegram released a patch with version 10.14.5 to address the vulnerability.

AppWizard

July 22, 2024

ESET Research discovers EvilVideo: Telegram app for Android targeted by zero-day exploit sending malicious videos

ESET researchers discovered a zero-day exploit targeting the Telegram app for Android, known as "EvilVideo," being sold on an underground forum in June 2024. The exploit allowed attackers to share malicious Android payloads via Telegram channels, groups, and chats, disguising them as multimedia files. Telegram fixed the issue with the release of version 10.14.5 on July 11, affecting all versions of Telegram for Android up to 10.14.4.