Project Zero ! 2020-H1 Detection

Google’s Project Zero security team, there have been 11 zero-day vulnerabilities exploited in the wild in the first half of the year.

2020 H1 ZERO-DAYS

1. Firefox (CVE-2019-17026)

This zero-day was used as part of a combo with another zero-day.

same has been patched

2. Internet Explorer (CVE-2020-0674)

Both of Firefox zero-day listed above and this one have been used by a nation-state hacking group known as DarkHotel, believed to be operating out of the Korean peninsula (unclear if from North Korea or South Korea). Both zero-days have been used to spy on targets located in China and Japan, hence why they were both discovered by Qihoo 360 (Chinese antivirus maker) and JPCERT (Japan’s Computer Emergency Response Team).

Victims of this campaign were redirected to a website where they’d be served either the Firefox or IE zero-day, and then they were infected with the Gh0st remote access trojan.

3. Chrome (CVE-2020-6418)

This zero-day was detected exploited in the wild by Google’s Threat Analysis Group, and details about the attacks where it was used were never released.

4. & 5. Trend Micro OfficeScan (CVE-2020-8467 and CVE-2020-8468)

Both zero-days were discovered internally by Trend Micro staff. It is believed the zero-days were discovered while Trend Micro investigated a 2019 zero-day in the same product that was used in mitshubishi hack

6. & 7. Firefox (CVE-2020-6819 and CVE-2020-6820)

Details about the attacks where these two Firefox zero-days have been used have not yet been released, although, security researchers suggested these might be part of a larger exploit chain.

8. & 9. & 10. (CVE-2020-0938, CVE-2020-1020, and CVE-2020-1027)

All three bugs have been discovered and reported to Microsoft by Google TAG, and just like most Google TAG discoveries, no details about the attacks have been released — yet.

11. Sophos XG Firewall (CVE 2020-12271)

A group of hackers discovered earlier this year a zero-day in XG, a top-shelf firewall product developed by UK security firm Sophos. The zero-day, an SQL injection in the firewall’s management panel, allowed hackers to plant the Asnarok backdoor on infected systems. In an investigation, Sophos said hackers tried to deploy the Ragnarok ransomware on infected hosts once its zero-day made the news, but the company says it blocked most attempts.

In 2019 total Zero days are 20 as a whole identified . have to wait and watch for the rest of the month to take a toll on the total tally

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s