Posts

Google fixes sixth Chrome zero-day exploited in the wild this year

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


Google Chrome

Google has released Chrome 91.0.4472.101 for Windows, Mac, and Linux to fix 14 security vulnerabilities, with one zero-day vulnerability exploited in the wild and tracked as CVE-2021-30551.

Google Chrome 91.0.4472.101 has started rolling out worldwide and will become available to all users over the next few days.

Google Chrome will automatically attempt to upgrade the browser the next time you launch the program, but you can perform a manual update by going to Settings > Help > ‘About Google Chrome

Google updated to version 91.0.4472.10
Google updated to version 91.0.4472.10

Six Chrome zero-days exploited in the wild in 2021

Few details regarding today’s fixed zero-day vulnerability are currently available other than that it is a type confusion bug in V8, Google’s open-source and C++ WebAssembly and JavaScript engine.

The vulnerability was discovered by Sergei Glazunov of Google Project Zero and is being tracked as CVE-2021-30551.

Google states that they are “aware that an exploit for CVE-2021-30551 exists in the wild.”

Shane Huntley, Director of Google’s Threat Analysis Group, says that this zero-day was utilized by the same threat actors using the Windows CVE-2021-33742 zero-day fixed yesterday by Microsoft.

Today’s update fixes Google Chrome’s sixth zero-day exploited in attacks this year, with the other five listed below:

  • CVE-2021-21148 – February 4th, 2021
  • CVE-2021-21166 – March 2nd, 2021
  • CVE-2021-21193 – March 12th, 2021
  • CVE-2021-21220 – April 13th, 2021
  • CVE-2021-21224 – April 20th, 2021 

In addition to these vulnerabilities, news broke yesterday of a threat actor group known as Puzzlemaker that is chaining together Google Chrome zero-day bugs to escape the browser’s sandbox and install malware in Windows.

“Once the attackers have used both the Chrome and Windows exploits to gain a foothold in the targeted system, the stager module downloads and executes a more complex malware dropper from a remote server,” the researchers said.

Microsoft…

Source…

Almost 60 percent of internet users in India fell prey to hacking in the last 1 year: Report




a screen shot of a person


© Provided by BGR.in


More than 59 percent of internet users in India have been victims of cybercrime in the last 12 months as some of these individuals believe that remote working environments have made it easier for cybercriminals to take advantage of them, a new report by Norton Cyber Safety Insights has revealed.

The report also adds that more than 27 million Indian internet users have experienced identity theft in the last year and around 52 percent of Indian adults admitted that they do not have the knowledge or the resources to protect themselves against cybercrime.

“In a year of lockdowns and restrictions, cybercriminals have not been deterred. More Indian adults fell victim to identity theft in the past 12 months and most are concerned about data privacy,” said Ritesh Chopra, Director Sales and Field Marketing, India and SAARC Countries, NortonLifeLock, a consumer security company.

Many hackers have also attempted phishing attack by sending emails to people with information about COVID treatment and vaccine availability. Most of these emails have documents attached to them that contain malware.

While there is a considerable amount of the workforce (almost 90 percent) who take proactive measure to safeguard their data, almost 42 percent of users feel that it is impossible to protect their privacy.

The report adds that an online survey in partnership with The Harris Poll surveyed more than 10,000 adults in 10 countries including 1,000 adults in India. Almost half of the people in the survey said they turned to their friends for help while the other half said they contacted the company after they realised their account was hacked.

People today feel more vulnerable than before as now they are more online and consuming more content than ever before. The more they are browsing the internet and logging on to multiple social media accounts, the more it makes them vulnerable.

Most Indian adults are concerned about data privacy (75 percent) and want to do more to protect it (77 percent), the report added.

Source…

Malware disguised as meeting apps spikes 1000% in a year


Cyber threats disguised as video conferencing applications jumped by 1 067% in a year. 

This was revealed by an Atlas VPN analysis of data that was provided by security giant Kaspersky.

As workforces became remote thanks to the COVID-19 pandemic, bad actors, always keen to cash in, began distributing malware using popular meeting applications as a lure.

In March last year, the anti-virus provider detected 90 000 malicious installers hidden under the name of popular meeting applications, and in January 2021, this number jumped to 1.15 million.

For the duration of 2020 malefactors targeted victims with this type of malware around 411 000 times per month. The volume of attacks increased steadily during the year, with noticeable spikes in November and December.

The most popular applications used to disguise malware are Zoom, MS Teams, Slack, Webex, HighFive, Lifesize, Join.me, Flock, Gotomeeting.

Although the applications used to disguise malware are constantly changing, steps to protect against threats remain the same, says Atlas VPN.

What changed is how vigilant everyone needs to be in light of the record-high activity among cyber criminals.

There are countless tricks that fraudsters can use to fool users into clicking on phishing links or downloading attachments. As a rule of thumb, users are advised to ignore all e-mail attachments and links until they can confirm they are the genuine article.

Phishing websites also reached unprecedented levels in the past year, says Atlas VPN. “Google detected a record-high 2.11 million phishing sites in 2020. Looking at the last decade year-by-year, the volume of phishing portals grew by 43% on average.”

Again, whenever directed to a Web site from any link or form, be it Google Ads, e-mail link, or an apparent message from a friend, users are advised to proceed with caution.

“Finally, a huge red flag should also go up if you are browsing a well-known Web site and detect spelling or grammatical errors. Hackers rarely hire professional writers to proofread their texts, which makes this an obvious clue to detect a phishing site.”

Source…

Every Organization globally experienced a Mobile Malware Attack during the past year: Mobile Security Report 2021


Advertisement

The move to mass remote working during the COVID-19 pandemic saw the mobile attack surface expand dramatically, resulting in 97% of organizations facing mobile threats from several attack vectors. With 60% of workers forecast to be mobile by 2024, mobile security needs to be a priority for all organizations. Highlights of the Check Point Research Mobile Security Report 2021 include:

 

All enterprises at risk from mobile attacks: Almost every organization experienced at least one mobile malware attack in 2020. Ninety three percent of these attacks originated in a device network, which attempts to trick users into installing a malicious payload via infected websites or URLs or to steal users’ credentials.

 

Nearly half of organizations impacted by malicious mobile apps: Forty six percent of organizations had at least one employee download a malicious mobile application that threatened their organization’s networks and data in 2020.

 

Four in ten mobiles globally…

Source…