Zero-day Threats Zeroing-in Again

Zero-day vulnerabilities are one of the preferred attack techniques used by several attackers, and such attacks are increasing again. Threat actors are actively abusing new zero-day vulnerabilities to accomplish multiple goals such as espionage, gaining access, data theft, or malware delivery. Recently, a zero-day vulnerability has been discovered in Windows 10 which can corrupt an NTFS-formatted hard drive with a one-line command.

Recent zero-day attacks

Several attackers have been observed targeting their victims via zero-day attacks.

• A few days ago, some hackers had reset passwords for admin accounts on WordPress sites via abusing a zero-day vulnerability in Easy WP SMTP 1.4.2.
• Additionally, the Pegasus spyware was used to exploit a zero-day in the iMessage feature of iPhones.

Zero-day for access-as-a-service

Cybercriminals have been observed selling Zero-day vulnerabilities on the dark web for money, which is then used as an access-as-a-service, for deploying ransomware, malware, or for creating a botnet network.

Recent zero-day vulnerabilities

In the past two months, several well-known software and hardware vendor products have been found impacted by zero-day vulnerabilities. Most of these products belonged to Microsoft, WordPress, Apple, Hewlett Packard Enterprise, and D-Link.  

• Recently, a zero-day local privilege escalation vulnerability was discovered in the Windows PsExec management tool.
• A few weeks ago, Google’s Project Zero team disclosed a patched zero-day security vulnerability in the Windows print spooler API.
• Last month, a zero-day vulnerability (CVE-2020-7200) was discovered in Insight Manager (SIM) software for Windows and Linux. 
• In addition, a number of D-Link VPN router models were having Zero-Day vulnerabilities.

Conclusion

Zero-day attacks usually abuse publicly unknown vulnerabilities, making it harder for organizations to detect them. Thus, experts suggest deploying a reliable web application firewall, always updating and patching software, using only essential applications, and having a multi-layered security architecture to protect their enterprise environment.

Source: https://cyware.com/news/zero-day-threats-zeroing-in-again-0d1e72ef