Security News

Threat attackers continue to exploit the Microsoft Zerologon vulnerability, a situation that's been a persistent worry to both the company and the U.S. government over the last few months. Despite patching awareness efforts, Microsoft said it is still receiving "a small number of reports from customers and others" about active exploits of the bug tracked as CVE-2020-1472, or Zerologon, according to a blog post by Aanchal Gupta, vice president of engineering for MSRC, on Thursday.

Over the six-month period from March to August 2020, over 925,000 malicious emails managed to bypass Office 365 defenses and well-known secure email gateways, an Area 1 Security study reveals. Attackers increasingly use highly sophisticated, targeted campaigns like business email compromise​ to evade traditional email defenses, which are based on already-known threats.

Last year, HackerOne had paid over $62 million in bug bounty rewards, with the figure surpassing $100 million this year according to the platform's latest report. Over the weekend, security professional Guido Vranken alleged that a vulnerability reported to Monero's bug bounty program run by HackerOne was a verbatim copy of his previously discovered exploit.

SentinelOne announced it has secured a new patent from the U.S. Patent & Trademark Office. SentinelOne's latest patent, USPTO Patent No. 10,762,200, titled System and Methods for Executable Code Detection, Automatic Feature Extraction, and Position-Independent Code Detection, recognizes SentinelOne for its unique approach to uncovering exploits in their initial payload stage.

A critical vulnerability in a SonicWall enterprise VPN firewall can be exploited to crash the device or remotely execute code on it, reverse engineers said this week. In a statement SonicWall said it "Was contacted by a third-party research team regarding issues related to SonicWall next-generation virtual firewall models." The spokesman went on to say that SonicWall's own engineers discovered even more vulns while reproducing Tripwire's findings, going on to develop patches for the whole lot.

Cybercriminals are chaining Microsoft's Zerologon flaw with other exploits in order to infiltrate government systems, putting election systems at risk, a new CISA and FBI advisory warns. The advisory details how attackers are chaining together various vulnerabilities and exploits - including using VPN vulnerabilities to gain initial access and then Zerologon as a post-exploitation method - to compromise government networks.

To this effect, cybersecurity researchers on Friday detailed a new methodology to identify exploit authors that use their unique characteristics as a fingerprint to track down other exploits developed by them. "Instead of focusing on an entire malware and hunting for new samples of the malware family or actor, we wanted to offer another perspective and decided to concentrate on these few functions that were written by an exploit developer," Check Point Research's Itay Cohen and Eyal Itkin noted.

Proof-of-concept exploit code has been released for a Windows flaw, which could allow attackers to infiltrate enterprises by gaining administrative privileges, giving them access to companies' Active Directory domain controllers. "This attack has a huge impact: It basically allows any attacker on the local network to completely compromise the Windows domain," said researchers with Secura, in a Friday whitepaper.

Researchers have discovered a new Android spyware campaign pushing a "Pro" version of the TikTok app that is exploiting fears among its young and gullible users that the popular social media app is on the cusp of being banned in the United States. The rogue app called TikTok Pro is being promoted by threat actors using a variant of a campaign already making the rounds, which urges users via SMS and WhatsApp messages to download the latest version of TikTok from a specific web address, said Zscaler senior security researcher Shivang Desai, in a report published Tuesday.

Researchers are warning of a critical remote code-execution flaw in the Windows version of Cisco Jabber, the networking company's video-conferencing and instant-messaging application. The flaw has a CVSS score of 9.9 out of 10, making it critical in severity, Cisco said in a Wednesday advisory.