April 1, 2023

Microsoft comes with a warning on nation-state actors increasingly leveraging publicly-disclosed zero-day vulnerabilities for breaching target environments.

Microsoft in its Digital defence report noted that it only takes 14 days on average for an exploit to be available in the wild after public disclosure of a flaw, stating that while zero-day attacks are initially limited in scope, they tend to be swiftly adopted by other threat actors, leading to indiscriminate probing events before the patches are installed.

Advertisements

It further accused Chinese state-sponsored groups of being particularly proficient at discovering and developing zero-day exploits.

Below are the vulnerabilities that were first exploited by Chinese actors before being picked up other adversarial groups

  • CVE-2021-35211 with a CVSS score: 10.0
  • CVE-2021-40539 with a CVSS score: 9.8
  • CVE-2021-44077 with a CVSS score: 9.8
  • CVE-2021-42321 with a CVSS score: 8.8
  • CVE-2022-26134 with a CVSS score: 9.8

This report from Microsoft comes after CISA released a list of top vulnerabilities weaponized by China-based actors since 2020 to steal intellectual property and develop access into sensitive networks.

Tags:

Leave a Reply

You may have missed

Cylance Ransomware Dissection

Cylance Ransomware Dissection

April 1, 2023
WordPress Elementor Pro Plugin Vulnerability

WordPress Elementor Pro Plugin Vulnerability

April 1, 2023
QNAP Critical Sudo Vulnerability

QNAP Critical Sudo Vulnerability

March 31, 2023
AlienFox Malware Toolset -SwissArmy Knife

AlienFox Malware Toolset -SwissArmy Knife

March 31, 2023
3CX Application Malvertised

3CX Application Malvertised

March 31, 2023
Microsoft Azure Super FabriXss Bug

Microsoft Azure Super FabriXss Bug

March 31, 2023
%d bloggers like this: