Tag Archive for: emergency

New Emergency Google Chrome Security Update—0Day Exploit …

/in



Google has confirmed that a zero-day security vulnerability in its Chrome web browser is being actively exploited and has issued a rare emergency security update in response. Although Chrome security updates are not, per se, the rarest of beasts, updates that fix a solitary, actively exploited, 0Day vulnerability are far from the norm. You can be sure that when such an emergency security update drops, it’s time to take it seriously and ensure your browser has been protected.
06/08 update below. This article was originally published on June 6.
In a June 5 announcement posted to the Chrome releases blog, Google confirms that the desktop application has been updated to version 114.0.5735.106 for Mac and Linux and 114.0.5735.110 for Windows. All of which, Google says, will “roll out in the coming days/weeks.”
Although the announcement says that two security fixes are included in this update, only one is actually detailed: CVE-2023-3079. The other falls into the routine found by fuzzing and internal audits category, and these are never deemed important enough to detail in the update postings.
CVE-2023-3079 is a type confusion vulnerability in the V8 JavaScript engine and Google’s own Threat Analysis Group discovered the vulnerability. While that is all the technical information that Google is releasing at the moment so as to allow time for the update to be rolled out to as many users as possible first, there is one published detail that is critical. “Google is aware that an exploit for CVE-2023-3079 exists in the wild.”
Which means that you shouldn’t play the waiting game, but instead go check that your browser has, indeed, been updated. The very act of going to check on your Chrome version number will kickstart a download and installation of the security update if it has reached you already. However, to activate the update, you must restart the browser. This latter point is crucial for those of you who tend to run with dozens of tabs open and rarely close the browser at all.
CVE-2023-3079 is the third zero-day of 2023 for Google Chrome. It poses a significant risk, according to Mike Walters, vice-president of vulnerability and threat research at…

Source…

Apple issues emergency patches on three new exploited zero-days

/in


Apple on Thursday moved to patch three zero-day vulnerabilities actively exploited in the wild that security researchers believe are the work of commercial spyware vendors.

This now means Apple has fixed 16 zero-days this year, which security researchers said demonstrates that the popularity of Apple products has made it an attractive target.

In advisories, Apple credited Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group for bringing the latest zero-days to their attention.

“A total of 16 zero-day vulnerabilities in a year is significant,” said Callie Guenther, senior manager, cyber threat research at Critical Start. “Zero-days, by definition, are previously unknown and unpatched vulnerabilities that can be exploited. This high number could suggest that Apple devices, given their popularity and extensive user base, are attractive targets for advanced threat actors.”

Guenther also noted the fact that many of these vulnerabilities were discovered by groups such as the Citizen Lab and Google’s Threat Analysis Group, which often focus on state-sponsored and high-level cyber-espionage campaigns, suggests that Apple devices are being targeted in sophisticated attacks against high-profile individuals.

For example, following a report Sept. 7 by Citizen Lab that an actively exploited zero-click vulnerability was used to deliver NSO Group’s Pegasus mercenary spyware on an Apple device, Apple quickly moved to issue two CVEs to rectify the issue.

The Pegasus spyware developed and distributed by the NSO Group has been widely used by both the private and government sectors across the globe for surveillance purposes against journalists, human and civil rights activists, politicians and other individuals.

The zero-days patched yesterday by Apple include the following:

  • CVE-2023-41993: WebKit browser vulnerabilities. Critical Start’s Guenther said given that WebKit powers Apple’s Safari browser and many iOS apps, a flaw allowing arbitrary code execution can be highly impactful. Malicious web pages can directly impact a broad range of users and potentially compromise sensitive data. NIST reported that this issue was…

Source…

Ransomware Prompted Emergency Declaration for Mississippi County

/in


Mississippi’s George County suffered a significant ransomware attack earlier this month. The attackers encrypted all three of the county’s servers, downing “nearly all of the government’s in-office computers,” Recorded Future News reported.

Soon after, the county supervisors declared a local emergency, per Alabama Media Group’s AL.com. That declaration let them bypass traditional bidding processes and contract immediately with IT professionals.

The entire county system reportedly went down for more than two days. But the county managed to have one of the three servers fully restored by July 19 and another partially restored by the following day.


County officials reportedly discovered the attack in the early morning of July 15. At the time, the county only had one IT person. But during a July 17 board meeting, the county upped the IT workforce to four people, all of whom began dedicating 12 to 16 hours each day to restoring systems. That meeting also saw county leaders approve budgets for emergency cyber services.

Attackers had gained access to county systems via a phishing email designed to look like a routine system update reminder. When an employee clicked on a link in the email, cyber extortionists were able to gain initial access. The perpetrators then moved laterally among computers until they obtained an administrative account that let them reach the wider network.

“From there, they systematically went through and locked out everybody’s personal office computer,” George County Communications Director Ken Flanagan told Recorded Future News. “It was a highly coordinated attack, and it also appears that after they encrypted all three servers, they went through each department looking at each individual computer to see what was the best data in there.”

The extortionists demanded a steep ransom for a jurisdiction of fewer than 25,000 people, leading investigators to think the perpetrators didn’t realize how small George County is, Flanagan told AL.com.

IT workers discovered the ransomware note while working on restoration July 18. The note was saved on one of the servers, and in it, attackers…

Source…

Hayward approves emergency proclamation to respond to ransomware attack

/in


There was a special meeting to respond to a ransomware attack on the city of Hayward’s computers and networks. They say no personal data was compromised but online payments for services such as water and building permits are still unavailable. City manager says there is no disruption to emergency services. An expert shares insight into how attackers operate and why cities who’ve been hacked may learn from the experience..

Source…