fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Recently Fixed Windows Zero-day Actively Exploited Since Mid-2020

Recently Fixed Windows Zero-day Actively Exploited Since Mid-2020

Microsoft says that a high-severity Windows zero-day vulnerability patched during the February 2021 Patch Tuesday was exploited in the wild since at least the summer of 2020 according to its telemetry data.

The actively exploited zero-day bug is tracked as ‘CVE-2021-1732 – Windows Win32k Elevation of Privilege Vulnerability.’

It allows local attackers to elevate their privileges to the admin level by triggering a use-after-free condition in the win32k.sys core kernel component.

CVE-2021-1732 can be exploited by attackers with basic user privileges in low complexity attacks that don’t require user interaction.

Luckily, threat actors are required to have code execution privileges for successful exploitation. However, this can be easily achieved by tricking the target into opening malicious attachments sent via phishing emails.

Microsoft has not yet confirmed that this was one of the attack vectors used by threat actors in the wild.

Also Read: The 3 Main Benefits Of PDPA For Your Business

Exploited in the wild since mid-2020

The vulnerability was discovered and reported to the Microsoft Security Response Center on December 29 by researchers at DBAPPSecurity.

According to their report, the zero-day was being actively used in targeted attacks by an advanced persistent threat (APT) group tracked as Bitter (Forcepoint) and T-APT-17 (Tencent).

Bitter is known for information theft and espionage campaigns targeting China, Pakistan, and Saudi Arabia since at least 2013 [1234].

As they observed, the threat actor was using a CVE-2021-1732 exploit specifically targeting Windows 10 1909 systems, even though the zero-day impacts multiple Windows 10 and Windows Server up to the latest released versions.

The exploit used in Bitter’s targeted attacks was shared on December 11 on the VirusTotal public malware research platform, but threat actors started exploiting the zero-day in mid-2020 Microsoft observed after analyzing telemetry data.

The company’s findings are reinforced by DBAPPSecurity’s research saying that the in-the-wild sample they found in December had a compilation date of May 2020.

Vulnerability still under active exploitation

Starting with February 2021, threat actors have been only using CVE-2021-1732 exploits in a small number of attacks focused on targeting devices from the Middle East. 

Based on this, attackers exploited this zero-day without being detected for multiple months, continued to abuse it in attacks for several weeks until the bug was patched by Microsoft, and are still using it in targeted attacks.

During these attacks, the threat actors are also using techniques designed to help them evade detection by security solutions to exploit the vulnerability on unpatched devices, under specific conditions.

Microsoft shared this info in a private security advisory shared earlier this month with Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) subscribers.

In November 2020, Microsoft patched another elevation of privileges zero-day found in the Windows Kernel Cryptography Driver found and publicly disclosed by Google’s 0day bug-hunting team Project Zero one month earlier.

Also Read: What Do 4 Messaging Apps Get From You? Read The iOS Privacy App Labels

Before being fixed by Redmond, this zero-day was also actively used by threat actors in targeted attacks.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us