27 C
Mumbai
Wednesday, September 30, 2020
Tel: 8850717892

Google Detected 11 Zero-Day Vulnerabilities in H1 2020

Home Security Awareness Google Detected 11 Zero-Day Vulnerabilities in H1 2020
- Advertisement -

Must Read

The Cove, San Francisco’s Waterfront

A waterfront is the aesthetic part of the town, which is bordered by the sea or river. These are...

Prefabrication is the Future of Architecture

Prefabricated technology is considered to be the future of architecture. This method although being new in the industry has...

Connected City Streets leads to Healthy Communities

An Overview: Cities around the world are rediscovering the values of walkable and bikeable streets. Cities like Oakland, California, Amman,...
Ayush Dubey
Ayush Dubeyhttps://ayush7ad6.wordpress.com/
Ayush Dubey is an engineering student from IIIT Jabalpur. He has a comprehensive background in technology. Cybersecurity being his primary field of interest. He loves to meet people who are always in a hustle to learn new things.
Recently, Google Project Zero released the list of vulnerabilities exploited in 2019. Along with the first “Year In Review” report, Google also mentioned the zero-day vulnerabilities they’ve come along in the first half of 2020.
According to Google Project Zero’s security team, 11 zero-day vulnerabilities have been tracked in the first half of 2020. This takes 2020 on the track to have just as many zero-days as traced in the last year. Experts say that it may surpass the figure of 20 of 2019.

Google Project Zero

Google traced down a number of flaws in its applications used by millions of users, which could be exploited by cybercriminals. After tons of vulnerabilities were found, Google decided to form a team completely dedicated to finding flaws, not only in Google utilities but also in other applications. The new project was devised on 15 July 2014 named the GOOGLE PROJECT ZERO, on Google security blog.
The team employed by Google finds zero-day vulnerabilities. After these bugs are found, the Project Zero experts report it to the developer and make it public once the patch is released, or if 90 days pass without the patch being released. Along with the zero-day bugs, Project Zero team also illustrated how attackers exploit the bugs. This makes developers and users aware of the potential threats and their mitigations.

Zero-Day Vulnerability

A latest learned vulnerability is referred to as a zero-day vulnerability (or 0-day vulnerability). It also means that a fix or update of the bug is not yet released from the developer and the developer of the target application has zero days to protect its users.
But if the vendor fails to release a patch for the bug and hackers have managed to exploit the vulnerability, that is known as a zero-day attack.
In the recent report of Project Zero, Google detected eleven zero-day vulnerabilities in the wild in the first half of 2020.

Zero-Days Vulnerabilities H1 2020

1. Firefox

CVE-2019-17026
This vulnerability was a part of the another zero-day, leading to type confusion in the IonMonkey JIT compiler.
Patched here, in Firefox 72.0.1.

2. Internet Explorer

CVE-2020-0674
This, along with the aforementioned bug, was used by a state-backed hacking group called DarkHotel. It was believed to be controlled from the Korean peninsula, without knowing the actual state: North Korea or South Korea. The victims of the attack were directed to websites where their systems were hijacked by Gh0st RAT (Remote Access Trojan).
It was believed to spying on China and Japan organisations. Therefore, both discovered by Qihoo 360 (Chinese antivirus maker) and JPCERT (Japan’s Computer Emergency Response Team).
Patched here, in the Microsoft February 2020 Patch Tuesday.

3. Chrome

CVE-2020-6418
The vulnerability was detected by Google’s Threat Analysis Group. But details and description of the bug were never released.
Patched here, in Chrome version 80.0.3987.122.

4. & 5. Trend Micro OfficeScan

CVE-2020-8467 and CVE-2020-8468
The vulnerabilities were detected in the same 2019 zero-day product which was used to hack Mitsubishi Electric. Thread Micro staff internally detected the zero-day, while investigating a previous zero-day.
Patched here.

6. & 7. Firefox

CVE-2020-6819 and CVE-2020-6820
Believed to be a part of a larger malicious campaign, the details of these vulnerabilities are not yet released.
Patched here, in Firefox 74.0.1.

8. & 9. & 10. Microsoft

CVE-2020-0938, CVE-2020-1020, and CVE-2020-1027
As other bugs, details of these zero-days were never released. These were reported to Microsoft by Google TAG.
Patched here, here, and here, in the Microsoft April 2020 Patch Tuesday.

11. Sophos XG Firewall

CVE 2020-12271
This vulnerability was found in a top-shelf firewall XG developed from a UK security firm: Sophos. A SQL injection in the firewall’s management panel allowed hackers to deploy backdoor on the infected system. This backdoor was called the Asnarok backdoor.
Sophos reported that the malware attempted to dump Ragnarok ransomware in the host systems after the zero-day was announced.
Patched here.

Proactive Measures

  • Always keep your system equipped with genuine antivirus software. It will work as the first line of defence.
  • In today’s time, everyday new malware infection is detected in the wild, even making your antivirus susceptible to newly updated threats. That’s why it is always important to always keep your antivirus up to date.
  • Check for a zero-day vulnerability patch online once the bug is announced. Usually, developers work quickly to work on their zero-days to protect their users.
Always follow cyber ethics and establish safe and protective online habits.
- Advertisement -

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Pier55 by Heatherwick Studio

Also called the 'Little Island', Pier55 stands out as the structural marvel for the world today, built with grace,...
- Advertisement -

Zaha Hadid Architects Design for World’s Most Expensive Site

Zaha Hadid Architects reveals design for a skyscraper on the world's most expensive site Zaha Hadid Architects studio has revealed its design for the 36-story...

The Cove, San Francisco’s Waterfront

A waterfront is the aesthetic part of the town, which is bordered by the sea or river. These are urban features that help in...

Urban Cycling : Use and Importance

As kids we were delighted when we started riding a bicycle, then we grew up, and started using motor-vehicles but little did we think...

Prefabrication is the Future of Architecture

Prefabricated technology is considered to be the future of architecture. This method although being new in the industry has created to carve a niche...

More Articles Like This

- Advertisement -