New Chrome Zero-Day Under Active Attacks – Update Your Browser

In two weeks Google has fixed a second zero-day vulnerability that is being actively exploited in the Chrome browser and has also fixed nine other vulnerabilities in its latest update.

The company has released version 86.0.4240.183 for Windows, Mac and Linux, which will be distributed to all users in the coming days/weeks.

A zero-day bug, tracked as CVE-2020-16009, was discovered on October 29, 2009 by Clement Lechin of Google’s Threat Analysis Group (TAG) and Samuel Gross of Google’s Project Zero. October.

The company also warned that it was aware of the reports of a robbery of the CVE-2020-16009 in the wild.

Google has not released a bug or exploit that could be used by attackers to allow most users to install updates and prevent other attackers using the bug from developing their own exploits.

However, Ben Hawkes, CTO of Google Project Zero, said that the CVE-2020-16009 was associated with an incorrect implementation of the V8 JavaScript rendering engine, resulting in remote code execution.

In addition to ten security fixes for the desktop version of Chrome, Google also applied a separate zero-tag in Chrome for Android, which was exploited in the wild – a sandbox exhaust bug followed as CVE-2020-16010.

The Zero Day revelations come two weeks after Google fixed a critical buffer overflow bug (CVE-2020-15999) in the Freetype font library.

At the end of last week the company found an improvement of the Windows Zero Day privilege (CVE-2020-17087), which was used in combination with the above mentioned bug in the font rendering library for crashed Windows systems.

So far, the investigating giant has not discovered whether the same threat player has exploited zero for two days.

A week after the US government released a consultation on a worldwide spy mission led by North Korean government shackers, new data emerged about the spying power of a threatening group.

APT, called Kimsuky (also known as Black Banshee or Thallium) and active since 2012, is now associated with three undocumented malware programs, including an information theft program, an anti-malware scanning tool, and a new server infrastructure that significantly overlaps the old spyware infrastructure.

The group has a rich and notorious history of offensive cyber operations around the world, including operations targeting South Korean think tanks, but in recent years they have expanded their targets to countries such as the United States, Russia and several European countries, Cybereason researchers said in their analysis yesterday.

Last week, the FBI and the Departments of Defense and Homeland Security jointly released a memo describing Kimsuki’s (TTP) tactics, methods and procedures.

Using harpoon fishing and social engineering tricks to gain initial access to the victims’ networks, the APT is known for targeting individuals identified as experts in various fields, think tanks, the crypto-money industry and South Korean government agencies, posing as South Korean journalists to send emails embedded in the BabyShark malware.

In recent months, Kimsuki has been credited with a series of campaigns using coronavirus bait e-mails with armed Word documents as infection carriers to gain a foothold on victims’ computers and launch malware attacks.

Kimsuki focuses its intelligence activities on foreign policy and national security issues related to the Korean Peninsula, nuclear policy and sanctions, according to the Cyber Security and Infrastructure Security Agency (CISA).

Today, according to Cybereason, the killer has acquired new capabilities with a modular spyware program called KGH_SPY that allows him to spy on target networks, intercept keystrokes and steal sensitive information.

In addition, KGH_SPY backdoor can load a secondary payload from the command server (C2), execute any cmd.exe or PowerShell command, and even collect references from web browsers, Windows ID Manager, WINSCP, and email clients.

Also worth mentioning is the opening of a new malware called CSPY Downloader, which is designed to prevent the scanning and downloading of additional payloads.

Finally, Cybereason researchers discovered a new toolkit infrastructure registered between 2019 and 2020 that overlaps with the BabyShark malware previously used to combat American think tanks.

Threatening parties have tried to stay on the radar using various anti-criminal and anti-analytical methods. According to the researchers, these include the generation/compilation of malware samples up to 2016, code obfuscation, anti-VM and anti-debugging methods.

Although the identity of the victims of this campaign remains unclear, there are indications that the infrastructure is intended for organisations involved in human rights violations.


Related Tags:

cve-2020-16017,cve-2020-16009,what is a zero-day vulnerability,cve-2020-17087,latest chrome version,firefox,cve-2020-15999,update chrome,chrome vulnerability detected,google chrome won't update,google earth,cve-2020-6418,google project zero,zero-day vulnerability,how to update chrome,cve-2020-16011,microsoft zero-day,what is a zero day,cve-2020-117087,chrome zero-day exploit 2020,cve-2020-16013,google chrome,what is chrome,chrome download