Security

Previously unknown “zero-day” software vulnerabilities are mysterious and intriguing as a concept. But they're even more noteworthy when hackers are spotted actively exploiting the novel software flaws in the wild before anyone else knows about them. As researchers have expanded their focus to detect and study more of this exploitation, they're seeing it more often. Two reports this week from the threat intelligence firm Mandiant and Google's bug hunting team, Project Zero, aim to give insight into the question of exactly how much zero-day exploitation has grown in recent years.

Organizations using newer versions of Oracle’s Java framework woke up on Wednesday to a disquieting advisory: A critical vulnerability can make it easy for adversaries to forge TLS certificates and signatures, two-factor authentication messages, and authorization credentials generated by a range of widely used open standards.

Digital threat researchers at Citizen Lab have discovered a new zero-click iMessage exploit used to install NSO Group spyware on iPhones belonging to Catalan politicians, journalists, and activists.

The previously unknown iOS zero-click security flaw dubbed HOMAGE affects some versions before iOS 13.2 (the latest stable iOS version is 15.4).

GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from several organizations.

Threat actors abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. GitHub excludes that the attacker obtained these tokens via a compromise of GitHub or its systems, the company explained that the stolen tokens used to access the repositories are not stored by GitHub in their original, usable formats.

Today is Microsoft's April 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 119 flaws.

Microsoft has fixed 119 vulnerabilities (not including 26 Microsoft Edge vulnerabilities) with today's update, with ten classified as Critical as they allow remote code execution.

Microsoft said that it's currently tracking a "low volume of exploit attempts" targeting the critical Spring4Shell (aka SpringShell) remote code execution (RCE) vulnerability across its cloud services.

The Spring4Shell vulnerability (tracked as CVE-2022-22965) impacts the Spring Framework, described as the "most widely used lightweight open-source framework for Java."

Researchers late last week found a new remote access trojan (RAT) called Borat that unlike most other RATs, can execute ransomware and DDoS attacks.

Named after the popular movies starring Sacha Baron Cohen, Cyble researchers said in a blog post that the Borat RAT has an option to deliver a ransomware payload to the victim’s machine to encrypt users’ files as well as to demand a ransom.

For years, the hackers behind the malware known as Triton or Trisis have stood out as a uniquely dangerous threat to critical infrastructure: a group of digital intruders who attempted to sabotage industrial safety systems, with physical, potentially catastrophic results. Now the US Department of Justice has put a name to one of the hackers in that group—and confirmed the hackers' targets included a US company that owns multiple oil refineries.

More than 22,000 miles above Earth, the KA-SAT is locked in orbit. Traveling at 7,000 miles per hour, in sync with the planet’s rotation, the satellite beams high-speed Internet down to people across Europe. Since 2011, it has helped homeowners, businesses, and militaries get online. However, as Russian troops moved into Ukraine during the early hours of February 24, satellite Internet connections were disrupted. A mysterious cyberattack against the satellite’s ground infrastructure—not the satellite itself—plunged tens of thousands of people into Internet darkness.

We're closing in on one full month since Russia invaded Ukraine and the slow drip of related threats continues. The war is, after all, happening online as well, and the net cast by state-sponsored Russian hackers is getting wider every day. Whether it's attempting to break into systems to find classified data or worse, the cyberfront is active and there are plenty of targets. A recent report from cybersecurity software company Trend Micro about activity from the ominously-named Russian botnet Cyclops Blink is just the latest example.