New Hacker Attack Confirmed By Google, Microsoft

[Kloudkicker 4,561]

This affects Windows 7 through 10 Users

A small quote from the article link below  "As Microsoft confirms a Google-disclosed and unpatched zero-day vulnerability is being targeted by attackers right now, here’s what you need to know. Microsoft has confirmed that an unpatched ‘zero-day’ vulnerability in the Windows operating system, affecting every version from Windows 7 through to Windows 10, is being actively targeted.... Microsoft failed to issue a security patch within that hugely restrictive timeframe, and Google went ahead and published details of the zero-day vulnerability, which is tracked as CVE-2020-17087.....The bug itself sits within the Windows Kernel Cryptography Driver, known as cng.sys, and could allow an attacker to escalate the privileges they have when accessing a Windows machine. The full technical detail can be found within the Google Project Zero disclosure, but slightly more simply put, it’s a memory buffer-overflow problem that could give an attacker admin-level control of the targeted Windows computer.....How big a threat is this to your average Windows user? That remains to be seen, but currently I’d classify it as a be aware but don’t panic situation."

Here is the original article link  posted on Nov 1, 2020,08:58am EST by Davey Winder Senior Contributor of Forbes Cybersecurity,

https://www.forbes.com/sites/daveywinder/2020/11/01/windows-10-users-beware-new-hacker-attack-confirmed-by-google-microsoft/amp/

[Kloudkicker 4,561]

Chrome users are advised to update their browser to version 86.0.4240.183 or later.

SECOND ZERO-DAY IN TWO WEEKS

"As Google revealed last week on Friday, this Chrome zero-day was utilized together with a Windows zero-day. The Chrome zero-day was used to execute malicious code inside Chrome, while the Windows zero-day was used to elevate the code's privileges and attack the underlying Windows OS. Microsoft is expected to patch this zero-day on November 10, during the company's next Patch Tuesday." quoted from https://www.zdnet.com/article/google-patches-second-chrome-zero-day-in-two-weeks/ by:By Catalin Cimpanu for Zero Day 

~Hacker group uses Solaris zero-day to breach corporate networks~ by  Catalin Cimpanu: https://www.zdnet.com/google-amp/article/hacker-group-uses-solaris-zero-day-to-breach-corporate-networks/

[NMUSpidey 3,956]

This should probably be in the Current Events forum. I'll move it over there.

[Kloudkicker 4,561]

Newest entries are Cisco AnyConnect Secure Mobility Client- a Secure VNP, Linux version, and CAPCON

~Cisco discloses AnyConnect VPN zero-day, exploit code available~ by Sergiu Gatlan- posted November 4, 2020: 

 https://www.bleepingcomputer.com/news/security/cisco-discloses-anyconnect-vpn-zero-day-exploit-code-available/amp/

quoted "Cisco has disclosed today a zero-day vulnerability in the Cisco AnyConnect Secure Mobility Client software with proof-of-concept exploit code publicly available. While security updates are not yet available for this arbitrary code execution vulnerability, Cisco is working on addressing the zero-day, with a fix coming in a future AnyConnect client release."

 

~Hackers are exploiting unpatched VoIP flaws to compromise business accounts~ by Danny Palmer- posted November 5, 2020:  

https://www.zdnet.com/google-amp/article/hackers-are-exploiting-unpatched-voip-flaws-to-compromise-business-accounts/

quoted "Over 1,200 organizations' have fallen victim to a campaign that uses known exploits to remotely gain access to VoIP accounts - and the attackers are selling access to the highest bidder....A hacking campaign has compromised VoIP (Voice over Internet Protocol) phone systems at over 1,000 companies around the world over the past year in a campaign designed to make profit from selling compromised accounts."

 

~Linux version of RansomEXX ransomware discovered~ by Catalin Cimpanu- posted November 6, 2020:

 https://www.zdnet.com/google-amp/article/linux-version-of-ransomexx-ransomware-discovered/

quoted "This marks the first time a major Windows ransomware strain has been ported to Linux to aid hackers in their targeted intrusions...RansomEXX is what security researchers call a "big-game hunter" or "human-operated ransomware." These two terms are used to describe ransomware groups that hunt large targets in search for big paydays, knowing that some companies or government agencies can't afford to stay down while they recover their systems...But Linux ransomware is also not unique. In the past years, other ransomware gangs have created Linux ransomware strains as well, such as the Snatch group. However, those groups were small-time operations that relied on spam campaigns to infect victims, were rarely successful, and did not engage in targeted intrusions like the current generation of ransomware groups we see today."

 

~CAPCOM HACKER GROUP IS ALLEGEDLY DEMANDING $11M FOR STOLEN DAT~ by  Andy Robinson- posted 2 days ago: 

https://www.videogameschronicle.com/news/capcom-hacker-group-is-allegedly-demanding-11m-for-stolen-data/amp/

quoted "Resident Evil and Monster Hunter publisher Capcom has allegedly had over 1TB of data stolen by a hacker group. That allegedly includes banking files, intellectual property, client and employee personal information (such as passports and Visas), corporate contracts and email correspondence. 

Bleeping Computers claims to have seen samples of the leak, including images showing employee termination agreements, Japanese passports, Steam sales reports, Bank statements, contractor agreements and more.

The hacker group is allegedly asking for $11,000,000 in bitcoins for return of the files, which it claims it will also delete and provide a network penetration security report for. If no deal is made, then the data will be published or sold, it’s claimed."

[Kloudkicker 4,561]

I have some good news to report, finally. Windows fixes zero-day with new update. Chrome users are still advised to update to v86.0.4240.198

~Microsoft November 2020 Patch Tuesday arrives with fix for Windows zero-day~ by  Catalin Cimpanu posted November 10, 2020: https://www.zdnet.com/google-amp/article/microsoft-november-2020-patch-tuesday-arrives-with-fix-for-windows-zero-day/

partial quote "The Microsoft November 2020 Patch Tuesday fixes 112 vulnerabilities, 24 of which are remote code execution (RCE) bugs. This month's patches also include a fix for a Windows zero-day vulnerability that was exploited in the wild...But besides the Windows zero-day, there are 111 other vulnerabilities that need to be patched as well, including 24 bugs that can allow remote code execution (RCE) attacks in apps such as Excel, Microsoft Sharepoint, Microsoft Exchange Server, the Windows Network File System, the Windows GDI+ component, the Windows printing spooler service, and even in Microsoft Teams."

Further detail links of additional Microsoft Patch Tuesday and security updates released by other tech companies, can be fund at above site, include: 

Chrome 86 security updates

Android security updates

Intel security updates

VMWare security updates

SAP security updates

Adobe's security updates

~ Windows 10, iOS, Chorme, Firefox and others Hacked at Tianfu Cup~ by Ravie Lakshmanan posted November 09,  2020:   https://amp.thehackernews.com/thn/2020/11/windows-10-ios-chrome-firefox-and.html

Tianfu Cup 2020 is a international cybersecurity contest

partial quote "Multiple software products from Adobe, Apple, Google, Microsoft, Mozilla, and Samsung were successfully pwned with previously unseen exploits in Tianfu Cup 2020, the third edition of the international cybersecurity contest held in the city of Chengdu, China...The two-day event, which happened over the weekend, saw white hat hackers from 15 different teams using original vulnerabilities to break into widely used software and mobile devices in 5 minutes over three attempts...The idea, in a nutshell, is to use various web browsers to navigate to a remote URL or use a flaw in the software to control the browser or the underlying operating system...Patches for all the demonstrated bugs demonstrated are expected to be released in the coming days."

~Google patches two more Chrome zero-days~ by Catalin Cimpanu posted November 11, 2020:   https://www.zdnet.com/google-amp/article/google-patches-two-more-chrome-zero-days/

partial quote "Google has now patched five Chrome zero-days in three weeks. Google has released today Chrome version 86.0.4240.198 to patch two zero-day vulnerabilities that were exploited in the wild. These two bugs mark the fourth and fifth zero-days that Google has patched in Chrome over the past three weeks.

While it's unclear the level of danger for regular users, Chrome users are still advised to update to v86.0.4240.198 via the browser's built-in update function (see Chrome menu, Help option, and About Google Chrome section) as soon as possible."