Tag Archive for: Warns

Google Warns of New Chrome Zero-Day Attack

/in



Hi, what are you looking for?
The high-severity vulnerability, tracked as CVE-2023-2033, is described as a type confusion in the Chrome V8 JavaScript engine.
By
Flipboard
Reddit
Whatsapp
Whatsapp
Email
Another day, another zero-day attack hitting widely deployed software from a big tech provider.
Google on Friday joined the list of vendors dealing with zero-day attacks, rolling out a major Chrome Desktop update to fix a security defect that’s already been exploited in the wild.
The high-severity vulnerability, tracked as CVE-2023-2033, is described as a type confusion in the Chrome V8 JavaScript engine. 
“Google is aware that an exploit for CVE-2023-2033 exists in the wild,” the company said in a barebones advisory that credits Clément Lecigne of Google’s Threat Analysis Group for reporting the issue.
The company did not provide any additional details of the bug, the in-the-wild exploitation, indicators of compromise (IOCs) or any guidance on the profile of targeted machines.   
Google said access to bug details and links may be kept restricted until a majority of users are updated with a fix. The company said it may also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
The patch is being pushed to Chrome 112.0.5615.121 for Windows Mac and Linux and will roll out via the software’s automatic patching mechanism over the coming days/weeks.
The Chrome zero-day patch comes days after Microsoft acknowledged a zero-day in its flagship Windows operating system was being hit by ransomware actors.

Advertisement. Scroll to continue reading.

Like Google and Microsoft, Apple has also struggled with zero-day exploits and shipped a major patch a week ago to fix a pair of code execution flaws in its iOS, macOS iPadOS platforms.
So far this year, there have been 20 documented in-the-wild zero-day compromises, according to data tracked by SecurityWeek.  Security defects in code from Microsoft, Apple and Google account for 12 of the 20 zero-days in 2023. 
Related: Microsoft Patches Another Already-Exploited Windows Zero-Day
Related: Apple Ships Urgent iOS Patch for Newly…

Source…

Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day

/in






Hi, what are you looking for?
Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.
By
Flipboard
Reddit
Whatsapp
Whatsapp
Email
Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.
The Cupertino device maker on Wednesday rushed out a new patch to cover a pair of serious vulnerabilities and warned that one of the issues has already been exploited as zero-day in the wild.
In a barebones advisory, Apple said the exploited CVE-2023-42824 kernel vulnerability allows a local attacker to elevate privileges, suggesting it was used in an exploit chain in observed attacks.
“Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6,” the company said without providing additional details.
This is the 16th documented in-the-wild zero-day against Apple’s iOS, iPadOS and macOS-powered devices, according to data tracked by SecurityWeek. The majority of these attacks have been attributed to mercenary spyware vendors selling surveillance products.
The newest iOS 17.0.3 and iPadOS 17.0.3 updates also cover a buffer overflow vulnerability in WebRTC that exposes mobile devices to arbitrary code execution attacks. The issue was addressed by updating to libvpx 1.13.1, Apple said. 
Apple is encouraging oft-targeted users to enable Lockdown Mode to reduce exposure to mercenary spyware exploits.
Related: Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day

Advertisement. Scroll to continue reading.

Related: Qualcomm Patches 3 Zero-Days Reported by Google
Related: Can ‘Lockdown Mode’ Solve Apple’s Mercenary Spyware Problem?
Related: Apple Patches Actively Exploited iOS, macOS Zero-Days
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs,…

Source…

NCSC warns of enduring and significant threat to UK's critical … – National Cyber Security Centre

/in



NCSC warns of enduring and significant threat to UK’s critical …  National Cyber Security Centre

Source…

Nation-State Hackers Exploiting WinRAR, Google Warns

/in


While RARLabs Patched Flaw, ‘Many Users’ Don’t Appear to Have Updated the Software

Mathew J. Schwartz (euroinfosec) •
October 18, 2023    

Nation-State Hackers Exploiting WinRAR, Google Warns
Image: Shutterstock

Nation-state hackers are targeting a vulnerability in WinRAR, a popular Windows utility for archiving files, security experts warn, including the Russian military in attacks against Ukraine.

See Also: Challenges and Solutions in MSSP-Driven Governance, Risk, and Compliance for Growing Organizations

Google’s Threat Analysis Group, which tracks nation-state hacking campaigns, said Wednesday that “in recent weeks” it has seen “government-backed hacking groups” who hail from multiple countries, including China and Russia, targeting the bug. Vendor RARLabs issued a patch 11 weeks ago, but “many users still seem to be vulnerable.”

Nation-state groups TAG has seen exploiting the flaw include Russia’s Sandworm hacking team – a GRU military intelligence unit – that has been running a phishing campaign against the Ukrainian energy sector with a bogus PDF document that purportedly contains “a drone operator training curriculum.” Ukrainian energy infrastructure has been a main focus of Russian hackers (see: WinRAR Weaponized for Attacks on Ukrainian Public Sector).

Another phishing campaign, which TAG attributed to China, targeted Papua New Guineans with links to Dropbox that led to malware.

The vulnerability being exploited by attackers, tracked as CVE-2023-38831, centers on how the WinRAR software processes .zip files. Attackers can subvert that process so that when a user double-clicks a file to open, the user instead opens malware.

Vendor RARLabs on Aug. 2 released WinRAR version 6.23 to fix multiple vulnerabilities, including the one now being targeted by government-affiliated hackers. Also fixed was CVE-2023-40477, which allowed attackers to remotely exploit code of their choosing, provided they could trick a user into “a malicious page or open a malicious file,” according to Trend Micro’s Zero Day Initiative, which worked with…

Source…