Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern

Ransomware attacks targeting VMware ESXi infrastructure follow an established pattern regardless of the file-encrypting malware deployed, new findings show. "Virtualization platforms are a core component of organizational IT infrastructure, yet they often suffer from inherent misconfigurations and vulnerabilities, making them a lucrative and highly effective target for threat actors to abuse,"

Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defenses

 Microsoft on Monday confirmed its plans to deprecate NT LAN Manager (NTLM) in Windows 11 in the second half of the year, as it announced a slew of new security measures to harden the widely-used desktop operating system. "Deprecating NTLM has been a huge ask from our security community as it will strengthen user authentication, and deprecation is planned in the second half of 2024," the

Google Using Clang Sanitizers to Protect Android Against Cellular Baseband Vulnerabilities

Google is highlighting the role played by Clang sanitizers in hardening the security of the cellular baseband in the Android operating system and preventing specific kinds of vulnerabilities. This comprises Integer Overflow Sanitizer (IntSan) and BoundsSanitizer (BoundSan), both of which are part of UndefinedBehaviorSanitizer (UBSan), a tool designed to catch various kinds of

New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia

Cybersecurity researchers have disclosed a new sophisticated Android malware called FjordPhantom that has been observed targeting users in Southeast Asian countries like Indonesia, Thailand, and Vietnam since early September 2023. "Spreading primarily through messaging services, it combines app-based malware with social engineering to defraud banking customers," Oslo-based mobile app

CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs

A group of academics has disclosed a new "software fault attack" on AMD's Secure Encrypted Virtualization (SEV) technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines (VMs) and even perform privilege escalation. The attack has been codenamed CacheWarp (CVE-2023-20592) by researchers from the CISPA Helmholtz Center for Information Security and the

Alert: PoC Exploits Released for Citrix and VMware Vulnerabilities

Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs. Tracked as CVE-2023-34051 (CVSS score: 8.1), the high-severity vulnerability relates to a case of authentication bypass that could lead to remote code execution. "An unauthenticated, malicious actor can inject files

What is a Zero-Day Threat?

“Zero-day threat.” It may sound like the title of a hit film, yet it’s anything but.  

It’s a previously unknown vulnerability that hackers can exploit to unleash unforeseen attacks on computers, smartphones, or networks—making essentially any connected device or system potentially susceptible to attack. After all, today’s devices and code are complex and riddled with dependencies. Even with testing, vulnerabilities can remain elusive, until developers or hackers eventually discover them. 

The term “zero day” gets its name from the age of the threat, meaning that developers and security professionals have had “zero days” to address the threat, making it potentially quite damaging.  

And it’s not uncommon for major zero-day threats to make the headlines:  

• In 2021, reports arose of Minecraft players coming under attack. Hackers discovered a vulnerability in the code that allowed them to take control of the computer playing the game, along with the files and information it contained. As it turned out, the threat was far more widespread. The vulnerable code involved a commonly used Java library, used by thousands and thousands of different applications worldwide, not just Minecraft, causing businesses, organizations, and governments to scour their applications for the affected Java library and put measures in place to mitigate the threat. 
• Spring 2022 saw the rise of a vulnerability dubbed “Follina,” which allowed hackers to remotely take control over a system using a combination of a Microsoft Word document and a diagnostic support tool—which could put a person’s sensitive documents and account information at risk. Microsoft subsequently issued a security patch that disabled the attack vector. 
• Corporate networks fall victim to zero-day vulnerabilities as well, such as in 2014 when hackers used an undiscovered vulnerability to break into the network of Sony Pictures Entertainment. Hackers raided unreleased copies of movies, scripts, and other information as part of the attack. 

Back in the early days of the internet, hackers typically released malware that was an annoyance, such as scrolling profanity across the screen or causing a malware-infected computer to crash. The examples above show how greatly that’s changed.  

Today, hackers use malware to make a profit, whether by holding your device and data hostage, tricking you into revealing your personal information so the hacker can access your financial accounts, or by installing spyware that secretly steals information like passwords and account info while you use your device. 

That’s what makes zero-day threats so dangerous for us today. Hackers can exploit zero-day vulnerabilities through different means, but traditionally web browsers have been the most common, due to their popularity. Attackers also send emails with attachments, or you might click a link in the body of an email that automatically downloads malware. All of these could now be putting you at risk. 

Likewise, security measures have come a long way since the early days. In particular, the antivirus applications included with today’s comprehensive online protection software have technologies in place that directly combat zero-day threats—specifically artificial intelligence (AI) and machine learning (ML). 

Without getting too technical about it, strong antivirus uses AI and ML to sniff out malware by looking at how an application or device is behaving and if that behavior looks suspicious based on past patterns. In other words, strong antivirus is smart. It can detect, block, and remove zero-day threats before they can do their damage. 

So, just as hackers exploit zero-day vulnerabilities, you can thwart zero-day vulnerabilities with strong antivirus.  

Protecting yourself from zero-day threats 

Today, McAfee registers an average of 1.1 million new malicious programs and potentially unwanted apps (PUA) each day, which makes zero-day protection an absolute boon for anyone who goes online—and online protection like ours offers some of the strongest antivirus protection you can get, as recognized by independent third-party labs.  

Online protection software does a few other things for you as well when it comes to malware attacks: 

• It alerts you of suspicious links in emails, texts, and direct messages before you click or tap on them, which can prevent bad actors from infecting your device with malware.  
• It can also alert you of dangerous websites while you surf, once more steering you clear of phishing websites and other sites that host malware. 
• And it includes a firewall, which can protect your network and the devices on them from attack by filtering both incoming and outgoing traffic. 

Beyond using online protection software with strong antivirus, you can take a few more steps that will keep you safer still: 

1. Update your browser, operating system, and applications

 In addition to often providing new features and functionality, updates fix the vulnerabilities in your apps and operating systems, which strengthens your protection against malware. 

2. Uninstall old apps

The more software you have, the more potential vulnerabilities you have. By uninstalling old apps, you leave hackers with fewer avenues of attack. Take a look at your computers and smartphones. Delete the old apps you no longer use, along with any accounts and data associated with them as well. Another benefit is that this can potentially reduce your risk if the companies behind those apps get hit by a data breach. 

3. Don’t click on links in emails, texts, and direct messages 

This is a good rule of thumb in general, but it can definitely help you protect against zero-day attacks. The same holds true for email attachments. Never open them from unknown senders. And if you receive one from a friend, family member, or co-worker, take a quick second to confirm that they sent it. Some attackers masquerade as people we know, and in some cases hack their accounts so they can spread malware in their name. 

Zero-day threats call for zero-day protection 

As the number of apps and devices on the internet have seen explosive growth in recent years, so has the volume of malware—much of it zero-day threats that take advantage of newly discovered vulnerabilities. Hidden within millions and millions of lines of code, dependencies, and interactions, zero-day threats will remain the rule, rather than the exception. 

However, antivirus technology has more than kept up, particularly by leaning on smart technologies that can detect zero-day threats before they become known threats. Using strong antivirus, as part of online protection software that contains even more security features still, remains an absolute best practice for anyone who spends any kind of time online. 

The post What is a Zero-Day Threat? appeared first on McAfee Blog.