CyberSecurityBoard
Sponsor Register Login

Raspberry Robin Jumps on 1-Day Bugs to Nest Deep in Windows Networks

The Raspberry Robin worm is incorporating one-day exploits almost as soon as they're developed, in order to improve on its privilege escalation capabilities.
Researchers from Check Point suspect that the developers behind the initial access tool are contracting with Dark Web exploit traffickers, allowing them to quickly incorporate new exploits for obtaining system-level privileges before such exploits are disclosed to the public, and before many affected organizations have gotten around to patching their associated vulnerabilities.
Raspberry Robin: Incorporating Exploits Faster Now Raspberry Robin was first discovered in 2021, and outed in a Red Canary blog post the following year.
In the time since, its developers have become much more proactive, upgrading their tool in a fraction of the time they used to take.
The Win32k Windows driver bug was first disclosed in February of 2021, but it was only integrated into Raspberry Robin the following year.
Raspberry Robin was already exploiting it by August, while a public exploit wouldn't come to light until the following month.
Then there was CVE-2023-36802, a similar bug in Microsoft Stream with a 7.8 CVSS rating.
First disclosed on September 12, it was being exploited by Raspberry Robin by early October, again before any public exploit was released.
In other words, the progression of the time the group takes to weaponize vulnerabilities after disclosure has gone from one year, to two months, to two weeks.
To explain their quick work, Check Point suggests that the worm developers are either purchasing their exploits from one-day developers on the Dark Web, or developing them themselves.
Certain misalignments between the worm and exploit codes suggest that the former scenario is more likely.
A Widespread, Effective Initial Access Cyber Threat In only its first year active, Raspberry Robin was already one of the world's most popular worms, with thousands of infections per month.
Red Canary tracked it as the seventh most prevalent threat of 2022, with its numbers only growing month-over-month.
Nowadays, Raspberry Robin is a popular initial access option for threat actors like Evil Corp, TA505, and more, contributing to major breaches of public and private sector organizations.


This Cyber News was published on www.darkreading.com. Publication date: Mon, 12 Feb 2024 22:20:21 +0000


Cyber News related to Raspberry Robin Jumps on 1-Day Bugs to Nest Deep in Windows Networks

Raspberry Robin malware evolves with early access to Windows exploits - Recent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible to them. One-day exploits refer to code that leverages a vulnerability that the developer of the ...
4 months ago Bleepingcomputer.com
Raspberry Robin Jumps on 1-Day Bugs to Nest Deep in Windows Networks - The Raspberry Robin worm is incorporating one-day exploits almost as soon as they're developed, in order to improve on its privilege escalation capabilities. Researchers from Check Point suspect that the developers behind the initial access tool are ...
4 months ago Darkreading.com
Raspberry Robin devs are buying exploits for faster attacks The Register - Researchers suspect the criminals behind the Raspberry Robin malware are now buying exploits for speedier cyberattacks. An exploit developer is thought by infosec pros to be either on the Raspberry Robin payroll or a close contact that sells them to ...
4 months ago Go.theregister.com
Palo Alto Networks and IBM to Jointly Provide AI-Powered Security Offerings - PRESS RELEASE. SANTA CLARA, Calif. and ARMONK, N.Y., May 15, 2024 /PRNewswire/ - Palo Alto Networks, the global cybersecurity leader, and IBM, a leading provider of hybrid cloud and AI, today announced a broad-reaching partnership to deliver ...
1 month ago Darkreading.com
Raspberry Robin Evolves With Stealth Tactics, New Exploits - Raspberry Robin, a malware initially identified in 2021, has demonstrated remarkable adaptability and sophistication in its recent operations, according to a new report. The findings come from Check Point researchers, who published a new analysis on ...
4 months ago Infosecurity-magazine.com
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
6 months ago Techtarget.com
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
5 months ago Darkreading.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 month ago Securityaffairs.com
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
1 month ago Bleepingcomputer.com
New ATM Malware family emerged in the threat landscape - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Raspberry Robin spotted using two ...
1 month ago Securityaffairs.com
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
7 months ago Bleepingcomputer.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
6 months ago Techrepublic.com
Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security - Microsoft eased enterprise security teams into 2024 with a relatively light January security update consisting of patches for 48 unique CVEs, just two of which the company identified as being of critical severity. For the second straight month, ...
5 months ago Darkreading.com
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
7 months ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
6 months ago Esecurityplanet.com
CVE-2021-38545 - Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain specific use cases in which the device supplies power to audio-output equipment, allow remote attackers to recover speech signals from an LED on the device, via a telescope and an ...
2 years ago
Google Chrome Zero-Day Bug Under Attack, Allows Code Injection - Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the ...
5 months ago Darkreading.com
North Korean Kimsuky used a new Linux backdoor in recent attacks - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 ...
1 month ago Securityaffairs.com
Microsoft No Longer Selling Windows 10 Licenses Redirects to Windows 11 Product Pages - Marking an end to an era, Microsoft is no longer directly selling Windows 10 product keys on their website, instead redirecting users to Windows 11 product pages. This month, Microsoft began displaying an alert on their Windows 10 Home and Pro ...
1 year ago Bleepingcomputer.com
Deepfake attacks will cost $40 billion by 2027 - Now one of the fastest-growing forms of adversarial AI, deepfake-related losses are expected to soar from $12.3 billion in 2023 to $40 billion by 2027, growing at an astounding 32% compound annual growth rate. Deloitte sees deep fakes proliferating ...
3 days ago Venturebeat.com
Microsoft fixes Windows zero-day exploited in QakBot malware attacks - Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems. Tracked as CVE-2024-30051, this privilege escalation bug is caused by a heap-based buffer overflow in the ...
1 month ago Bleepingcomputer.com
Russia's Midnight Blizzard stole email of more Microsoft customers - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities ...
4 days ago Securityaffairs.com
FlyingYeti targets Ukraine using WinRAR exploit to drop Malware - MUST READ. FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. ...
1 month ago Securityaffairs.com
Sav-Rx data breach impacted over 2.8 million individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks. Microsoft fixed two zero-day bugs exploited in malware ...
1 month ago Securityaffairs.com
'Magnet Goblin' Exploits Ivanti 1-Day Bug in Mere Hours - While threat actors converged on Ivanti edge devices earlier this year, one of them moved quicker than the rest, deploying a one-day exploit the day after its public disclosure. Of the five vulnerabilities that came to light in recent months, ...
3 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)