Google has released an emergency update for the Chrome browser that addresses three vulnerabilities: CVE-2021-37974, CVE-2021-37975, and CVE-2021-37976. Google experts consider one of the vulnerabilities as critical and the other two as highly dangerous. What is worse, according to Google cybercriminals already show more ...
exploit two of these three vulnerabilities. Therefore, Google advices all Chrome users to immediately update browser to version 94.0.4606.71. Vulnerabilities are also relevant to other browsers based on the Chromium engine — for instance, Microsoft recommends updating Edge to version 94.0.992.38. Why these vulnerabilities in Google Chrome are dangerous CVE-2021-37974 and CVE-2021-37975 are use-after-free (UAF) class vulnerabilities — they exploit incorrect use of heap memory and, as a result, can lead to arbitrary code execution on the targeted computer. The first one, CVE-2021-37974, is related to the Safe Browsing component, a Google Chrome subsystem that warns users about unsafe websites and downloads. The CVSS v3.1 severity rating for this vulnerability is 7.7 out of 10. The second vulnerability, CVE-2021-37975, was found in the Crome’s V8 JavaScript engine. This one is considered the most dangerous of all three — 8.4 on CVSS v3.1 scale, which makes it the critical level of risk. Unknown malefactors already use this vulnerability in their attacks on Chrome users. The cause of the third vulnerability, CVE-2021-37976, is data overexposure caused by the core of Google Chrome. It is slightly less dangerous — 7.2 on the CVSS v3.1 scale, however it is also already being used by cybercriminals. How cybercriminals can exploit these vulnerabilities Exploitation of all three vulnerabilities implies the creation of a malicious web page. All attackers need is to create a website with an embedded exploit and somehow lure a victim to it. As a result, exploits for two use-after-free vulnerabilities allows the attackers to execute arbitrary code on the computers of unpatched Chrome users who have accessed the page. That can lead to the compromise of their system. An exploit for the third vulnerability, CVE-2021-37976, makes it possible for the attackers to gain access to the victim’s confidential information. Google will probably reveal more details on the vulnerabilities after most of the users update their browsers. In any case, it is not worth delaying the update — better do it as soon as possible. How to stay safe The first step for everyone is to update browsers on all devices from that have access to the Internet. Quite often the update is installed automatically when the browser is restarted, however many users do not restart their computer for a long time, so their browser may remain vulnerable for several days or even weeks. In any case, we recommend checking the version of Chrome. Here’s how to do it: click on the Customise and Control Google Chrome button at the top-right corner of the browser window and choose Help -> About Google Chrome. If your browser version is not the latest available, Chrome will automatically start the update. For extra protection we recommend users to install security solutions on all devices with Internet access. This way, even if one day cybercriminals catch you with an outdated and vulnerable browser, proactive protection technologies will minimize the possibility of successful vulnerability exploitation. We also recommend employees of corporate information security departments to use security solutions on all devices, monitor security updates and employ automatic update delivery and control system. It would be also reasonable to prioritize the installation of browser updates.
Superhero-based passwords are increasingly showing up in datasets of breached information, according to a new blog post from Mozilla. Mozilla used data from haveibeenpwned.com to figure out the most common passwords found in breached datasets.
A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems.
FluBot attacks have commonly come in the form of text messages which claim the recipient has missed a delivery, asking them to click a link to install an app to organize a redelivery. This app installs the malware.
Hackers stole from the accounts of at least 6,000 customers of Coinbase Global Inc, according to a breach notification letter sent by the cryptocurrency exchange to affected customers.
The topics of the meeting, President Biden said, will include combating cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, building trusted 5G technology and better securing supply chains.
2020 was a year of immense change. One thing is for certain – the world collectively witnessed the increase of digital interconnectivity. We began even more to rely on the internet as a conduit to the world. The rise of remote access to businesses, entertainment and interpersonal connections surged. The death of show more ...
distance accelerated. The increased reliance on remote access provided cybercriminals with an opportunity to exploit any easily accessible vulnerability. The rise in remote access, compounded by the need to learn more about the pandemic, offered an optimal climate for cybercriminals to thrive. In 2021, the 24/7 news cycle was filled with stories of cyberattacks. There was the infrastructure ransomware attack on the Colonial Pipeline in May 2021, which caused the company to cease operations for days. Also the attack on JBS USA, which fell victim to ransomware and threatened U.S. food supplies. In another instance, a malicious actor was able to breach the Florida Water computer system and temporally alter the water content by changing the sodium hydroxide levels. In each of these examples, cybercriminals capitalized on the collective vulnerabilities of individuals and businesses to target critical infrastructure. The list goes on. In our 2020 Webroot Threat Report, our security experts made a series of predictions related to the threat landscape. Let’s revisit some of these predictions to see how close we came. What small and medium-sized businesses (SMBs) encountered Tyler Moffitt, security analyst at Carbonite + Webroot, OpenText companies, reinforced the likelihood that, “SMBs will continue to be targeted: they have lower budgets and scarce security staff, making them attractive targets.” Over the course of the last year, “SMBs continued to be the prime target of ransomware authors. Although they have clearly attacked organizations of all sizes, small businesses do appear to be the most targeted,” says Moffitt. Is the threat landscape more of the same? Grayson Milbourne, security intelligence director at Carbonite + Webroot, predicted that in the coming year, “Expect to see more attacks against less-developed nations—not to generate revenue, but rather to disrupt and destroy.” However, in the last 12 months, “We witnessed law enforcement fighting back at the infrastructure of ransomware operators, like Emotet, which was taken offline early in 2021. Cybercrime is no longer a punishment-free crime.” Milbourne also remarked last year that, “Deepfakes are going to become a major threat. As the technology develops, anyone could make a fake video of someone else saying something they did not and could effectively weaponize it for malicious (or political) purposes.” “One prime example that occurred this year involved an Australian news deepfake. The deepfake showcased a bogus discussion of an obscure cryptocurrency that helped to bolster financial gains for the currency. A very clever technique,” says Milbourne. Infrastructure as a target Matt Aldridge, lead solutions consultant at Carbonite + Webroot, forecasted, “All forms of the energy sector will continue to be at serious risk. In addition, service providers make very lucrative targets for attackers, as they are a single point of entry into many businesses. Executives will continue to be the targets of BEC attacks, which will continue to evolve in sophistication.” Unfortunately, the Colonial Pipeline ransomware attack in particular bore this prediction out. “We’ve also seen cyberattacks facing the energy sectors in Slovakia, Norway, France, Puerto Rico and South Korea, among others. All forms of the energy sector will continue to be at serious risk,” says Aldridge. Where do we go from here? Our increasing reliance on information technology has provided a climate for malicious actors to take advantage. This underscores the importance of being fully prepared for when a cyberattack or natural disaster affects your business. Milbourne projects more software-based ransomware supply chain attacks. Ransomware, unfortunately, is only the beginning. Businesses that want to remain operational and secure need to modernize their information technology and security infrastructures. This helps to mitigate potential litigation and fines. Moffitt adds, “With privacy regulations like GDPR and CCPA in full effect, we are likely to see ransomware threatening to leak important customer data to increase the likelihood that businesses will pay, even if they have adequate backups in place and don’t need the files back.” With all this in mind, it is important to manage and protect your business. In the 2021 Webroot BrightCloud® Threat Report, we illustrate how securing and protecting your business doesn’t have to be overwhelming. With the right combination of backup, training and protection, businesses can collectively create a comprehensive and integrated approach to tackle evolving threats. By adopting a cyber resilience posture, businesses small and large can mitigate risks in the ever-changing cyber threat landscape. This multi-layered approach not only bolsters your brand, but also increases customer loyalty and improves the customer experience. A definite win-win. The post What a difference a year makes, or does it? appeared first on Webroot Blog.
