Details

The Hacker News

13 June 2024

Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as a zero-day, according to new findings from Symantec.

The security flaw in question is CVE-2024-26169 (CVSS score: 7.8), an elevation of privilege bug in the Windows Error Reporting Service that could be exploited to achieve SYSTEM privileges. It was patched by Microsoft in March 2024.

"Analysis of an exploit tool deployed in recent attacks revealed evidence that it could have been compiled prior to patching, meaning at least one group may have been exploiting the vulnerability as a zero-day," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News. Read More..

Details

BleepingComputer

24 May 2024

Microsoft has highlighted a novel attack dubbed "Dirty Stream," which could allow malicious Android apps to overwrite files in another application's home directory, potentially leading to arbitrary code execution and secrets theft.

The flaw arises from the improper use of Android's content provider system, which manages access to structured data sets meant to be shared between different applications.

This system incorporates data isolation, URI permissions, and path validation security measures to prevent unauthorized access, data leaks, and path traversal attacks.

When implemented incorrectly, custom intents, which are messaging objects that facilitate communication between components across Android apps, could bypass these security measures.

Examples of incorrect implementations include trusting unvalidated filenames and paths in intents, misuse of the 'FileProvider' component, and inadequate path validation. Read More..

Details

The Hacker News

05 April 2024

Bogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan.

The starting point of the attack is a PDF file written in Portuguese that, when opened, shows a blurred image and asks the victim to click on a link to download the Reader application to view the content.

According to Fortinet FortiGuard Labs, clicking the URL leads to the delivery of an installer ("Reader_Install_Setup.exe") that activates the infection sequence. Details of the campaign were first disclosed by the AhnLab Security Intelligence Center (ASEC) last month.

The attack chain leverages techniques like DLL hijacking and Windows User Access Control (UAC) bypass to load a malicious dynamic-link library (DLL) file named "BluetoothDiagnosticUtil.dll," which, in turn, loads unleashes the final payload. It also deploys a legitimate installer for a PDF reader like Wondershare PDFelement. Read More..

Details

The Hacker News

05 April 2024

Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies.

The high-severity zero-day vulnerabilities are as follows -

• CVE-2024-29745 - An information disclosure flaw in the bootloader component
• CVE-2024-29748 - A privilege escalation flaw in the firmware component

"There are indications that the [vulnerabilities] may be under limited, targeted exploitation," Google said in an advisory published April 2, 2024.

While the tech giant did not reveal any other information about the nature of the attacks exploiting these shortcomings, the maintainers of GrapheneOS said they "are being actively exploited in the wild by forensic companies." Read More..