#DiyakoSecureBow

Analytics
A Year in Review of 0-days Exploited In-the-Wild in 2022
Maddie Stone, Security Researcher, Threat Analysis Group (TAG)

This is Google’s fourth annual year-in-review of 0-days exploited in-the-wild [2021, 2020, 2019] and builds off of the mid-year 2022 review. The goal of this report is not to detail each individual exploit, but instead to analyze the exploits from the year as a whole, looking for trends, gaps, lessons learned, and successes.
Executive Summary
41 in-the-wild 0-days were detected and disclosed in 2022, the second-most ever recorded since we began tracking in mid-2014, but down from the 69 detected in 2021. Although a 40% drop might seem like a clear-cut win for improving security, the reality is more complicated. Some of our key takeaways from 2022 include:

N-days function like 0-days on Android due to long patching times. Across the Android ecosystem there were multiple cases where patches were not available to users for a significant time. Attackers didn’t need 0-day exploits and instead were able to use n-days that functioned as 0-days.

0-click exploits and new browser mitigations drive down browser 0-days. Many attackers have been moving towards 0-click rather than 1-click exploits. 0-clicks usually target components other than the browser. In addition, all major browsers also implemented new defenses that make exploiting a vulnerability more difficult and could have influenced attackers moving to other attack surfaces.

Over 40% of the 0-days discovered were variants of previously reported vulnerabilities. 17 out of the 41 in-the-wild 0-days from 2022 are variants of previously reported vulnerabilities. This continues the unpleasant trend that we’ve discussed previously in both the 2020 Year in Review report and the mid-way through 2022 report. More than 20% are variants of previous in-the-wild 0-days from 2021 and 2020.

Bug collisions are high. 2022 brought more frequent reports of attackers using the same vulnerabilities as each other, as well as security researchers reporting vulnerabilities that were later discovered to be used by attackers. When an in-the-wild 0-day targeting a popular consumer platform is found and fixed, it's increasingly likely to be breaking another attacker's exploit as well

https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html

-Business Secure Continuity-
1402.05.12
#vulnerability #zerotrust #zeroday #threatintelligence #threathunting
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_the-ups-and-downs-of-0-days-a-year-in-review-activity-7092797937302269953-1_wv?utm_source=share&utm_medium=member_ios

هیچ بلیطی از هیچ جا به هیچ جا موجود نیست!

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.11

🔒 Urgent Alert: Hundreds of Citrix NetScaler ADC and Gateway servers breached! Malicious actors exploit CVE-2023-3519 #vulnerability to deploy web shells.

Read more about this threat: https://thehackernews.com/2023/08/hundreds-of-citrix-netscaler-adc-and.html


-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.12

#پرسش_پاسخ

👇🏻

-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.12

-گرگی که مرا شیر دهد میش من است،
بیگانه گر وفا کند خویش من-


Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.13

CISA, NSA, FBI, & global partners disclose the top exploited vulnerabilities of 2022. Beware of CVE-2018-13379, a 4-year-old Fortinet FortiOS SSL flaw still targeted by cybercriminals.

Read: https://thehackernews.com/2023/08/major-cybersecurity-agencies.html

Patch NOW to protect your organization.


-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.14

#DiyakoSecureBow

Entertainment 1 - watching movies and series related 2 the specialized field of cyber security and related elements.(Name UNTRACEABLE, Year 2008, Type Movie, Time 1H 41Min, Grade C) A serial killer who rigs contraptions that kill his victims based on the number of hits received by a website that features a live streaming video of the victim. Millions of people log on, hastening the victims' deaths.

Comment on this post;
You know websites, documentaries, movies, series that are relevant content 4 cyber security enthusiasts and specialists.

سرگرمي شماره 1 - تماشاي فيلم و سريال هاي مرتبط به حوزه تخصصي امنيت سايبري و المان هاي مرتبط. (نام غيرقابل رديابي، سال ٢٠٠٨، نوع فيلم، مدت ١ ساعت و ٤١ دقيقه، درجه C) یک قاتل زنجیره ای که بر اساس تعداد بازدیدهای دریافتی توسط وب سایتی که یک ویدیوی پخش زنده از قربانی را ارائه می دهد، ابزارهایی درست می کند که قربانیانش را می کشد. میلیون ها نفر وارد سیستم می شوند و مرگ قربانیان را تسریع می کنند.

در اين پست كامنت كنيد؛
شما وب سايت، مستند، فيلم، سريال هاي كه محتواي مرتبط براي علاقه مندان و متخصصين امنيت سايبري مي شناسيد

https://www.youtube.com/watch?v=oIqnESZW0qc

-Business Secure Continuity-
1402.05.14
#hackers #hackernews #hackerone #hacking #hackersummercamp #UNTRACEABLE #bugbountytips #bughunting
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_untraceable-trailer-activity-7093444258635866112-ZPLo?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow

Entertainment 2 - watching movies and series related 2 the specialized field of cyber security and related elements.(Name Snowden, Year 2016, Type Movie, Time 2H 14 Min, Grade B)
Elliot Alderson, a cybersecurity engineer and hacker with social anxiety disorder and clinical depression. Recruited by an insurrectionary anarchist known as Mr. Robot, to join a group of hacktivists called fsociety.

Comment on this post;
You know websites, documentaries, movies, series that are relevant content 4 cyber security enthusiasts and specialists.

سرگرمي 2 - تماشاي فيلم و سريال هاي مرتبط به حوزه تخصصي امنيت سايبري و المان هاي مرتبط.( نام اسنودن، سال ٢٠١٦، نوع فيلم. مدت ٢ساعت و ١٤ دقيقه، درجه B)الیوت آلدرسون، مهندس امنیت سایبری و هکر مبتلا به اختلال اضطراب اجتماعی و افسردگی بالینی. توسط یک آنارشیست شورشی معروف به آقای ربات استخدام شد تا به گروهی از هکتیویست ها به نام fsociety بپیوندد.

در اين پست كامنت كنيد؛
شما وب سايت، مستند، فيلم، سريال هاي كه محتواي مرتبط براي علاقه مندان و متخصصين امنيت سايبري مي شناسيد.

https://www.youtube.com/watch?v=U94litUpZuc

-Business Secure Continuity-
1402.05.14
#hackers #hackernews #hackerone #hacking #hackersummercamp #bugbountytips #bughunting
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_mr-robot-official-extended-trailer-season-activity-7093521881688875008-d6Ei?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow

Entertainment 3- watching movies and series related 2 the specialized field of cyber security and related elements.
Edward Snowden, a Central Intelligence Agency (CIA) subcontractor and whistleblower who copied and leaked highly classified information from the National Security Agency (NSA) beginning in 2013.

Comment on this post;
You know websites, documentaries, movies, series that are relevant content 4 cyber security enthusiasts and specialists.

سرگرمي 3 - تماشاي فيلم و سريال هاي مرتبط به حوزه تخصصي امنيت سايبري و المان هاي مرتبط. ادوارد اسنودن، پیمانکار فرعی آژانس اطلاعات مرکزی (سیا) و افشاگر که از سال 2013 اطلاعات بسیار محرمانه آژانس امنیت ملی (NSA) را کپی و درز داده است.

در اين پست كامنت كنيد؛
شما وب سايت، مستند، فيلم، سريال هاي كه محتواي مرتبط براي علاقه مندان و متخصصين امنيت سايبري مي شناسيد.

https://www.youtube.com/watch?v=QlSAiI3xMh4

-Business Secure Continuity-
1402.05.14
#hackers #hackernews #hackerone #hacking #snowden #edward #hackersummercamp #nsa #bugbountytips #bughunting
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_snowden-official-trailer-hd-open-road-activity-7093674110332854272-MKa6?utm_source=share&utm_medium=member_ios

-🤓-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.14

⚠️ ALERT: High-severity security flaw in PaperCut print management software for Windows!
CVE-2023-39143 enables remote code execution. Update to version 22.1.3 for protection!
Learn more about this: https://thehackernews.com/2023/08/researchers-uncover-new-high-severity.html


-Cyber Security awareness-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.14

#DiyakoSecureBow

Trojan
A Trojan, also called a Trojan horse, looks like something beneficial, but it’s actually something malicious. Trojan horses are named after the infamous horse from the Trojan War. In computers, a Trojan horse can come as pirated software, a useful utility, a game, or something else that users might be enticed to download and try. Attackers are increasingly using drive-by downloads to deliver Trojans. In a drive-by download, web servers include malicious code that attempts to download and install itself on user computers after the user visits. Here are the typical steps involved in a drive-by download.

1. Attackers compromise a web site to gain control of it.
2. Attackers install a Trojan embedded in the web site’s code.
3. Attackers attempt to trick users into visiting the site. Sometimes, they simply send the link to thousands of users via email hoping that some of them click the link.
4. When users visit, the web site attempts to download the Trojan onto the users’ systems.

Remote Access Trojans (RATs)
A remote access Trojan (RAT) is a type of malware that allows attackers to take control of systems from remote locations. It is often delivered via drive-by downloads. Once installed on a system, attackers can then access the infected computer at any time, and install additional malware if desired.

Some RATs automatically collect and log keystrokes, usernames and passwords, incoming and outgoing email, chat sessions, and browser history as well as take screenshots. The RAT can then automatically send the data to the attackers at predetermined times.

Additionally, attackers can explore the network using the credentials of the user or the user’s computer. Attackers often do this to discover, and exploit, additional vulnerabilities within the network. It’s common for attackers to exploit this one infected system and quickly infect the entire network with additional malware, including installing RATs on other systems.

-Business Secure Continuity-
1402.05.15
#Malware #trojan #virus #malicious
#BusinessSecureContinuity

اين اخبار به شدت شكننده، ناراحت كننده و قابل تامل است، با چه مجوزي توسط چه نهادي با اين پرزنت تصويري كسي را مجرم تلقي كرده و دستگير مي كنيد!؟تنها موضوعي كه ميشود برداشت كرد دست اسراييل و امريكا و روسيه در قالب مجاهد و منافق در كار است كه تمام قد ايستاده اند
مملكت را به ورطه نابودي و بطلان بكشند!

آقاي رادان مسول امنيت ماست!؟كي انتخاب كرده ايشان را!؟ هنوز مناظره تور با فرزاد حسني در ذهنمان پاك نشده.

من به عنوان يك ايراني چقدر در خاك كشورم امنيت دارم، از دست … هاي تندرو جان و روح سالم به در ببرم، حتما توسط راهزن ها، خفتگير ها و زور گير ها آسيب خواهم ديد!و در نهايت با اين حجم كوتوله محوري، فساد هاي تخم مرغ دزد و شتر دزد ….+تاراج مملكتم، كنج … و افسردگي نزديك است!
https://www.rouydad24.ir/fa/amp/news/345204


-گوارا نباد جان در تن-

Up2date 4 Defence Today,
Secure Tomorrow
@CisoasaService
1402.05.15

#DiyakoSecureBow

Analytics
Threat Horizons:
August 2023 Threat Horizons Report

تجزیه و تحلیل
چشم انداز تهدید:
(گزارش آگوست 2023-گوگل)

Credentials factor into over half of incidents in Q1 2023
The following statistics are based on observations by our Google Cloud incident response teams, which will be skewed to the platforms in the sample and may not be representative of all customer environments and verticals on Google Cloud, but should be representative of general trends.
In Q1 2023, Google Cloud’s incident response teams observed that credential issues continue to be a consistent challenge, accounting for over 60% of compromise factors-- which could be addressed by stronger identity management guardrails in place at the organization level.
Misconfiguration accounted for 19% of compromise factors, which were also associated with other compromise factors such as sensitive UI or APIs exposed. An example of how these two factors are associated could include a misconfigured firewall that unintentionally provided public access to a UI.

-Business Secure Continuity-
1402.05.15
#google #googlecloud #threathunting #threatintelligence #cybersecurity
#BusinessSecureContinuity

https://www.linkedin.com/posts/diyako-secure-bow_analytics-threat-horizons-2023-activity-7094014893200130048-KwP_?utm_source=share&utm_medium=member_ios

#DiyakoSecureBow

Rootkit
A rootkit is a group of programs that hides the fact that the system has been infected or compromised by malicious code. A user might suspect something is wrong, but antivirus scans and other checks indicate everything is fine because the rootkit hides its running processes to avoid detection.

In addition to modifying the internal operating system processes, rootkits often modify system files such as the Registry. In some cases, the rootkit modifies system access, such as removing users’ administrative access.

Rootkits have system-level access to systems. This is sometimes called root-level access, or kernel-level access, indicating that they have the same level of access as the operating system. Rootkits use hooked processes, or hooking techniques, to intercept calls to the operating system. In this context, hooking refers to intercepting system-level function calls, events, or messages. The rootkit installs the hooks into memory and uses them to control the system’s behavior.

Antivirus software often makes calls to the operating system that could detect malware, but the rootkit prevents the antivirus software from making these calls. This is why antivirus software will sometimes report everything is OK, even if the system is infected with a rootkit. However, antivirus software can often detect the hooked processes by examining the contents of the system’s random access memory (RAM).

Another method used to detect rootkits is to boot into safe mode, or have the system scanned before it boots, but this isn’t always successful. It’s important to remember that rootkits are very difficult to detect because they can hide so much of their activity. A clean bill of health by a malware scanner may not be valid.

It’s important to remember that behind any type of malware, you’ll likely find an attacker involved in criminal activity. Attackers who have successfully installed a rootkit on a user’s system might log on to the user’s computer remotely, using a backdoor installed by the rootkit. Similarly, attackers might direct the computer to connect to computers on the Internet and send data. Data can include anything collected from a keylogger, collected passwords, or specific files or file types stored on the user’s computer.

-Business Secure Continuity-
1402.05.16
#Malware #root #keylogger #spyware #adware #virus #malicious
#BusinessSecureContinuity

#DiyakoSecureBow

Keylogger
A keylogger attempts to capture a user’s keystrokes. The keystrokes are stored in a file, and are either sent to an attacker automatically, or the attacker may manually retrieve the file. While a keylogger is typically software, it can also be hardware. For example, you can purchase a USB keylogger, plug it into the computer, and plug the keyboard into the USB keylogger. This hardware keylogger will record all keystrokes and store them within memory on the USB device.

‎کیلاگر یک کیلاگر تلاش می کند تا ضربات کلید کاربر را ضبط کند. ضربه‌های کلید در یک فایل ذخیره می‌شوند و یا به‌طور خودکار برای مهاجم ارسال می‌شوند یا مهاجم ممکن است فایل را به‌صورت دستی بازیابی کند. در حالی که یک کیلاگر معمولا نرم افزاری است، می تواند سخت افزاری نیز باشد. به عنوان مثال، می توانید یک کیلاگر USB بخرید، آن را به کامپیوتر وصل کنید و صفحه کلید را به کیلاگر USB وصل کنید. این کیلاگر سخت افزاری تمام ضربه های کلید را ضبط می کند و آنها را در حافظه دستگاه USB ذخیره می کند

-Business Secure Continuity-
1402.05.16
#Malware #root #keylogger #spyware #adware #virus #malicious
#BusinessSecureContinuity