zero-day exploits Archives

Winsage

March 25, 2025

EncryptHub linked to zero-day attacks targeting Windows systems

A newly identified threat actor, EncryptHub, is involved in Windows zero-day attacks exploiting a vulnerability in the Microsoft Management Console (MMC), known as 'MSC EvilTwin' (CVE-2025-26633). This vulnerability allows attackers to bypass Windows file reputation protections by manipulating MSC files on unpatched systems. Attackers can execute code without user alerts through email or web-based attacks. Trend Micro's research indicates that EncryptHub has used CVE-2025-26633 to deploy various malicious payloads, including the EncryptHub stealer and DarkWisp backdoor, to extract data from compromised systems. The threat actor employs multiple delivery methods and custom payloads to maintain persistence and exfiltrate sensitive information. EncryptHub has been linked to breaches affecting at least 618 organizations globally and is known to deploy ransomware after stealing sensitive data. Microsoft has also patched another zero-day vulnerability (CVE-2025-24983) in the Windows Win32 Kernel Subsystem.

Winsage

March 15, 2025

Microsoft Pays Hackers $16.6 Million—But Windows Zero Days Continue

Microsoft's bug bounty program, established in 2013, has paid over million to ethical hackers for identifying vulnerabilities in its products. In the latest reporting period, Microsoft allocated .6 million to reward these contributions. External security researchers, referred to as hackers, are compensated through this program, which promotes coordinated vulnerability disclosure. A zero-day attack occurs when a vulnerability is known to the vendor but not yet patched, creating a risk for exploitation. While ethical hackers help reduce zero-day threats, some individuals exploit vulnerabilities for profit, highlighting that bug bounty programs cannot fully eliminate these risks.

Winsage

March 12, 2025

Critical Windows Warning As 6 Zero-Day Attacks Confirmed—Update Now

In March, Microsoft confirmed six zero-day vulnerabilities in its Patch Tuesday security announcement, marking an increase from five reported in January and February combined. The March update includes a total of 57 Common Vulnerabilities and Exposures (CVEs), with all six zero-days classified as critical. These vulnerabilities can be addressed with a single cumulative update, requiring no additional configuration steps post-patch. The zero-days affect critical components such as the Microsoft Management Console, NTFS, Fast FAT, and the Win32 Kernel Subsystem. The specific vulnerabilities are: 1. CVE-2025-26633: Security feature bypass in the Microsoft Management Console, requiring social engineering to exploit. 2. CVE-2024-24993: Heap-based buffer overflow in Windows NTFS, allowing unauthorized code execution through a specially crafted virtual hard disk. 3. CVE-2025-24991: Information disclosure vulnerability affecting Windows 10 to 11 and Server 2008 to 2025, deemed critical. 4. CVE-2025-24985: Vulnerability in the Windows fast FAT file system driver, posing a risk of remote code execution via a specially crafted virtual hard disk. 5. CVE-2025-24983: Elevation of privilege vulnerability in the Windows Win32 kernel subsystem, potentially granting unauthorized access to sensitive data. 6. CVE-2025-24984: Another information disclosure vulnerability in Windows NTFS, also affecting the same range of Windows editions and considered critical.

Winsage

March 12, 2025

March Patch Tuesday fixes 6 Windows zero-day exploits

A total of 57 unique vulnerabilities have been addressed in Microsoft's latest security updates, including six zero-day exploits that require immediate attention. The Windows operating system accounts for the majority of these vulnerabilities. Among them is a critical security feature bypass (CVE-2025-26633) with a CVSS rating of 7.0, which requires user interaction for exploitation. Three additional zero-day vulnerabilities are found in the Windows NTFS, including two information disclosure vulnerabilities (CVE-2025-24984 and CVE-2025-24991) and a critical remote-code execution vulnerability (CVE-2025-24993). Another zero-day vulnerability (CVE-2025-24985) affects the Windows Fast FAT driver with a CVSS score of 7.8 and also requires user interaction. The final zero-day vulnerability (CVE-2025-24983) is an elevation-of-privilege flaw with a CVSS score of 7.0. Additionally, a notable public disclosure involves a remote-code execution vulnerability in Microsoft Access (CVE-2025-26630) with a CVSS score of 7.8. Microsoft has also republished four older vulnerabilities with updates. Furthermore, Microsoft is preparing to implement stricter authentication measures for Windows machines, transitioning to mandatory "Enforcement" mode for certain vulnerabilities next month.

Tech Optimizer

March 1, 2025

I compared Norton vs McAfee’s antivirus software to see which one is best

Norton 360 provides robust malware protection, including features to combat malicious email attachments, phishing attacks, and ransomware, with a Community Watch program for enhanced threat detection. McAfee uses a cloud-based infrastructure and machine learning for threat identification, with a malware scanner that analyzes suspicious code on its servers. Norton excels in malware detection but has some false positives, while McAfee achieved a perfect score in detecting existing malware and zero-day exploits, also with some false positives. Norton includes a two-way firewall, password manager, and 2GB of online storage, while McAfee focuses on phishing protection and personal data privacy tools, often at an additional cost. Benchmark tests show Norton has minimal system impact, while McAfee significantly slows down during full scans. Norton offers two interface options and is user-friendly, while McAfee's interface is simple but lacks customization. McAfee has a quick installation process under five minutes and 24/7 support, while Norton’s installation is longer but includes conflict checking and extensive support options. Ultimately, Norton is noted for comprehensive security features and performance, while McAfee is recognized for its user-friendly interface and quick installation.

Tech Optimizer

February 14, 2025

PostgreSQL bug played key role in zero-day Treasury attack

A significant SQL injection vulnerability, identified as CVE-2025-1094, exists within the PostgreSQL interactive tool and was exploited alongside a zero-day vulnerability that led to a breach of the US Treasury in December 2024. This vulnerability is critical for executing the BeyondTrust zero-day (CVE-2024-12356). CVE-2025-1094 affects all versions of the PostgreSQL interactive tool, and while BeyondTrust patched CVE-2024-12356, it did not resolve the underlying issue of CVE-2025-1094. The vulnerability can lead to arbitrary code execution (ACE) and arises from a flawed assumption about SQL injection attacks and PostgreSQL's string escaping routines. Attackers can exploit this vulnerability independently of CVE-2024-12356, and it allows for the execution of shell commands and arbitrary SQL statements through psql's meta-commands. Users are advised to update to the latest versions released on February 13 to mitigate these vulnerabilities.

Winsage

February 11, 2025

Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391)

February 2025 Patch Tuesday has resulted in a significant update from Microsoft addressing 56 vulnerabilities, including two critical zero-day exploits: CVE-2025-21418 and CVE-2025-21391. CVE-2025-21418 is a vulnerability in the Windows Ancillary Function Driver (AFD.sys) that allows attackers to elevate their privileges on the target system. It requires an authenticated user to run a specially-crafted program that executes code with SYSTEM privileges. Since 2022, there have been nine elevation of privilege vulnerabilities associated with AFD.sys, with one previously exploited as a zero-day. The North Korean APT group, Lazarus Group, previously leveraged a related vulnerability (CVE-2024-38193) to implant a rootkit. CVE-2025-21391 affects Windows Storage across various Windows and Windows Server versions, allowing attackers to delete targeted files and potentially escalate privileges. This vulnerability is noted as the first time the technique has been exploited in the wild. Both zero-days are included in CISA’s Known Exploited Vulnerabilities catalog. Other vulnerabilities addressed include CVE-2025-21194, a security feature bypass affecting Microsoft Surface laptops, and CVE-2025-21377, an NTLMv2 hash disclosure vulnerability that could enable unauthorized authentication. CVE-2025-21376 is a critical remote code execution vulnerability that could be exploited by unauthenticated attackers through crafted requests to vulnerable LDAP servers, with Microsoft indicating that exploitation is likely.

Tech Optimizer

February 9, 2025

The Best Antivirus Software For 2025

The necessity for robust antivirus software has become imperative due to the rise of malware, ransomware, phishing attacks, and zero-day exploits, which pose significant risks to personal data and system performance. Modern antivirus programs utilize artificial intelligence, machine learning, and real-time behavioral analysis to identify emerging threats. They offer features such as encrypted browsing, webcam and microphone protection, identity theft monitoring, and built-in VPN services. Key factors for selecting antivirus solutions include detection rates, system impact, and additional features like file encryption and dark web monitoring. The eleven best antivirus options for 2025 include: 1. Norton 360 Deluxe 2025 | 5 Devices: Fast scanning, built-in VPN, cloud backup; requires annual subscription, limited VPN locations, higher price. 2. McAfee Total Protection 3-Device 2025: Advanced AI threat detection, automatic VPN; setup requires credit card, complicated activation, higher renewal pricing. 3. McAfee Total Protection | 5-Device 2025: Smart AI protection, built-in VPN; VPN may slow internet, dated interface. 4. McAfee+ Premium Individual Unlimited Devices 2025: Smart AI technology, unlimited VPN; cluttered interface, some features need configuration. 5. Norton 360 Deluxe 2025 | 3 Devices: Excellent malware detection, built-in VPN; frequent promotional pop-ups, higher renewal price. 6. Malwarebytes Premium Security – 2 Device: Powerful scanning tools, real-time ransomware protection; higher price, limited iOS features. 7. McAfee AntiVirus 2025 – 1 Device: Fast malware scanning, intuitive interface; renewal issues, frequent marketing notifications. 8. Norton 360 Premium 2025 – 10 Devices: Comprehensive protection, includes VPN; tricky auto-renewal, higher price. 9. Webroot Internet Security Complete 2025 – 5 Device: Fast scans, minimal system load; higher renewal prices, special installer for Windows 7. 10. Bitdefender Total Security 2025 (5 Device): Outstanding malware protection, minimal system impact; VPN limited to 200MB daily, complex interface. 11. Malwarebytes Premium 2025 | 5 Device: Excellent malware detection, user-friendly; slow premium support, lacks advanced customization. Choosing the right antivirus software involves evaluating features such as real-time protection, privacy features, malware detection rates, system performance impact, update frequency, and customer support availability. Pricing structures vary, with tiers offering different levels of protection and features.

Tech Optimizer

February 7, 2025

What is Managed Endpoint Protection?

Managed Endpoint Protection involves outsourcing endpoint security for devices like laptops, desktops, and servers to specialized providers. These services offer continuous monitoring, automated responses, and compliance checks, utilizing advanced analytics and real-time threat intelligence. Key features include continuous monitoring, automated threat containment, vulnerability management, forensic analysis, compliance tools, and threat hunting. Managed services address various threats such as ransomware, phishing, zero-day exploits, credential theft, insider threats, DDoS attacks, and data exfiltration. Benefits include 24/7 expert coverage, access to specialized threat intelligence, faster incident response, reduced operational complexity, predictable pricing, and improved compliance. Challenges include the rapidly evolving threat landscape, skills shortage, budget constraints, and ensuring real-time visibility. Best practices for implementation involve maintaining asset inventories, defining roles, fine-tuning detection thresholds, conducting regular drills, and integrating with broader security measures. When choosing a provider, factors to consider include technical expertise, service level agreements, integration capabilities, pricing, compliance, and ongoing support. SentinelOne offers an autonomous cybersecurity platform that enhances endpoint security through superior visibility, automated responses, and customizable features.

AppWizard

February 4, 2025

Google warns Android users of a zero-day software exploit causing instability

Google has warned Android users about a significant zero-day exploit, identified as CVE-2024-53104, that could cause software instability and allow attackers to manipulate devices. This vulnerability operates at the Linux kernel level and affects all Android devices, including the Galaxy S25 and S24. A fix is included in the February security patch, but OEMs must distribute it. Current reports indicate that exploitation attempts are limited, but users are urged to update their devices promptly. Additionally, another flaw affecting Qualcomm technology may grant remote access to devices, with no reported victims yet. In 2023, 97 zero-day vulnerabilities were exploited, a 50% increase from 2022, primarily impacting Android devices.