Security News

Google researchers have detailed a major hacking campaign that was detected in early 2020, which mounted a series of sophisticated attacks, some using zero-day flaws, against Windows and Android platforms. Working together, researchers from Google Project Zero and the Google Threat Analysis Group uncovered the attacks, which were "Performed by a highly sophisticated actor," Ryan from Project Zero wrote in the first of a six-part blog series on their research.

Microsoft has plugged 83 CVEs, including a Microsoft Defender zero-day. One of the latter - a zero-day RCE affecting Microsoft Defender antivirus - is being exploited in the wild, but Microsoft didn't reveal more about these attacks.

For the first patch Tuesday of 2021, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability. The most severe of the issues is a remote code execution flaw in Microsoft Defender that could allow attackers to infect targeted systems with arbitrary code.

Microsoft has addressed a zero-day vulnerability in the Microsoft Defender antivirus, exploited in the wild by threat actors before the patch was released. "Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products," Microsoft says.

Today is Microsoft's January 2021 Patch Tuesday, and it is the first Microsoft security update release in 2021, so please be very nice to your Windows administrators today. With the January 2021 Patch Tuesday security updates release, Microsoft has released fixes for 83 vulnerabilities, with ten classified as Critical and 73 as Important.

A free micropatch fixing a local privilege escalation vulnerability in Microsoft's Windows PsExec management tool is now available through the 0patch platform. This PsExec zero-day is caused by a named pipe hijacking vulnerability which allows attackers to trick PsExec into re-opening a maliciously created named pipe and giving it Local System permissions.

A piece of malware named by researchers Supernova and a zero-day vulnerability exploited to deliver this malware indicate that SolarWinds may have been targeted by a second, unrelated threat actor. "In an interesting turn of events, the investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor," Microsoft said in a recent blog post mentioning Supernova.

A high-severity Windows zero-day that could lead to complete desktop takeover remains dangerous after a "Fix" from Microsoft failed to adequately patch it. The local privilege-escalation bug in Windows 8.1 and Windows 10 exists in the Print Spooler API. It could allow a local attacker to elevate privileges and execute code in the context of the current user, according to Microsoft's advisory issued in June.

Back in June, Microsoft released a fix for a vulnerability in the Windows operating system that enabled attackers to increase their permissions to kernel level on a compromised machine. Google Project Zero security researcher Maddie Stone discovered that Microsoft's patch in June did not fix the original vulnerability and it can still be leveraged with some adjustments.

All of the operators used the NSO Group's infamous Pegasus spyware as their final payload. Pegasus is a mobile phone-surveillance solution that enables customers to remotely exploit and monitor devices. The latest version of the Pegasus implant has a number of capabilities, according to Citizen Lab, including: Recording audio from the microphone including both ambient "Hot mic" recording and audio of encrypted phone calls; taking pictures; tracking device location; and accessing passwords and stored credentials.