- Nachrichten zum Thema Sicherheit
- Vulnerabilities & Exploits
- Halloween Exploits Scare: BlueKeep, Chrome’s Zero-Days in the Wild
Researchers found vulnerabilities being exploited in the wild between the end of October and the first days of November. On October 31, Chrome posted that a stable channel security update for Windows, Mac, and Linux versions of Chrome will be rolled out in the next few days in order to fix two use-after-free flaws in audio and PDFium, assigned CVE-2019-13720 and CVE-2019-13721 respectively. The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released a statement advising users and administrators to apply the updates. Meanwhile, security researcher Marcus Hutchins aka MalwareTech reported that BlueKeep (CVE-2019-0708) was being actively used as part of a hacking campaign to install cryptocurrency miner malware in unpatched systems. The campaign-related events were first noticed by Kevin Beaumont after his honeypot network crashed.
[Read: European international airport workstations infected with persistent anti-coinminer malware]
The Chrome flaws were reported to the Google team early October and were rated as high-severity vulnerabilities. Details on the CVE-2019-13720 exploit were released by Kaspersky researchers Anton Ivanov and Alexey Kulaev, who noted that the vulnerability can be used to cause a memory corruption flaw to escalate privileges for remote code execution attacks. The attack was first observed as a malicious JavaScript code injected in a Korean-language news portal using the watering hole technique. On the other hand, while more details have yet to be released on CVE-2019-13721, Chrome cites the flaw to affect the PDFium library, which is used by developers in generating, searching, and viewing PDF files via an open-source library. Google has released Chrome version 78.0.3904.87 to address the issue.
[Read: Security 101: Zero-day vulnerabilities and exploits]
As November rolled in, initial reports showed a number of unpatched legacy systems becoming the targets of a campaign in exploiting the Microsoft Remote Desktop Protocol (RDP) flaw BlueKeep. Despite security updates from Microsoft in May and a warning issued by the U.S. National Security Agency (NSA) in June, it is estimated that more than 500,000 systems remain unprotected against CVE-2019-0708, with exposed RDP ports being abused to install a malicious Monero miner. Tweets by Hutchins suggested that specific honeypots were targeted, and later Beaumont noted that activity related to the exploit has ceased. However, incidents like these should be taken seriously — the activity can be seen as cybercriminals testing their codes currently in development. While this recent instance of BlueKeep being used does not have self-propagation, BlueKeep is a wormable flaw. It can install more malicious software once successfully exploited, and researchers warn that it can also be used to spread to other internet-connected devices even without the necessary credentials.
As reported in the Trend Micro midyear security roundup, malicious actors and persistent groups will find these security gaps in organizations’ systems as leverage for attacks and illicit profit. Make sure to reduce the attack surface that may exploit these vulnerabilities by following these best practices:
[InfoSec Guide: Remote Desktop Protocol (RDP)]
In addition, threats exploiting BlueKeep can be mitigated by the Trend Micro™ Deep Security™ and Vulnerability Protection solutions, which protect systems and users from threats targeting CVE-2019-0708 via this Deep Packet Inspection (DPI) rule:
Trend Micro TippingPoint® customers are protected from threats and attacks that may exploit CVE-2019-0708 via this MainlineDV filter:
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.