Its automated technologies Kaspersky identified a new vulnerability in Google Chrome which imposes its immediate upgrade in the latest version.
H company has updated Google, which has released a browser update. After a thorough review of the issue, Google confirmed that it is a zero-day vulnerability.
The zero-day Vulnerabilities are previously unknown software bugs that can be exploited by attackers to cause serious and unexpected damage. The new farm was used in a "waterhole" attack on a Korean news website.
A malicious JavaScript code is inserted on the main page, which in turn loads an ID sequence from a remote location to further check if the victim's system could be infected by examining versions of the user's logins in the browser.
The vulnerability tries to exploit the bug via Google Chrome browser, and the script checks if version 65 or later is being used. Exploitation gives an attacker a Use-After-Free (UaF) condition, which is very dangerous because it can lead to code execution scenarios.
The exploit that was found was used in the so-called "Operation WizardOpium" by Kaspersky experts. Some similarities in the code indicate a possible link between this campaign and the Lazarus group's attacks.
In addition, the profile of the targeted website is similar to that found in previous attacks by the DarkHotel digital espionage team, which recently launched similar fake flag attacks. The vulnerability was identified by Kaspersky Vulnerability Prevention technology, integrated into most of the company's products.
As he said Anton Ivanov, security specialist at Kaspersky,
Kaspersky recommends the following security measures:
- Install it Google patch for the new vulnerability as soon as possible.
- Make sure you regularly update the software used in your organization each time a new security patch is released. Security products with Vulnerability Assessment and Code Update Management features may help automate these processes.
- Choose a proven security solution, such as Kaspersky Endpoint Security for Business, which is equipped with behavior-based detection capabilities for effective protection against known and unknown threats, including exploits.
- In addition to adopting effective terminal protection, implement a corporate solution that detects advanced network-level threats at an early stage, such as Kaspersky Anti-Targeted Attack Platform.
- Make sure your security team has access to the latest digital threat information. Privacy reports on the latest developments in the threat landscape are available to Kaspersky Intelligence Reporting clients. For more details, contact: intelreports [at] kaspersky.com.
- Finally, make sure your staff is trained to understand and follow the basic digital hygiene steps.
[the_ad_group id = ”966 ″]