CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Google Accuses Spanish Spyware Vendor of Exploiting Chrome, Firefox, & Windows Zero-Days

admin by admin
December 1, 2022
in Information Security


A Barcelona-based surveillanceware vendor named Variston IT is said to have surreptitiously planted spyware on targeted devices by exploiting several zero-day flaws in Google Chrome, Mozilla Firefox, and Windows, some of which date back to December 2018.

“Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender, and provides all the tools necessary to deploy a payload to a target device,” Google Threat Analysis Group (TAG) researchers Clement Lecigne and Benoit Sevens said in a write-up.

Variston, which has a bare-bones website, claims to “offer tailor made Information Security Solutions to our customers,” “design custom security patches for any kind of proprietary system,” and support the “the discovery of digital information by [law enforcement agencies],” among other services.

The vulnerabilities, which have been patched by Google, Microsoft, and Mozilla in 2021 and early 2022, are believed to have been utilized as zero-days to help customers install malware of their choice on the targeted systems.

CyberSecurity

Heliconia comprises a trio of components, namely Noise, Soft, and Files, each of which are responsible for deploying exploits against bugs in Chrome, Windows, and Firefox, respectively.

Noise is designed to take advantage of a security flaw in the Chrome V8 engine JavaScript engine that was patched in August 2021 as well as an unknown sandbox escape method called “chrome-sbx-gen” to enable the final payload (aka “agent”) to be installed on targeted devices.

However, the attack banks on the prerequisite that the victim accesses a booby-trapped webpage to trigger the first-stage exploit.

Heliconia Noise can be additionally configured by the purchaser using a JSON file to set different parameters like the maximum number of times to serve the exploits, an expiration date for the servers, redirect URLs for non-target visitors, and rules specifying when a visitor should be considered a valid target.

Soft is a web framework that’s engineered to deliver a decoy PDF document featuring an exploit for CVE-2021-42298, a remote code execution flaw impacting Microsoft Defender that was fixed by Redmond in November 2021. The infection chain, in this case, entailed the user visiting a malicious URL, which then served the weaponized PDF file.

The Files package – the third framework – contains a Firefox exploit chain for Windows and Linux that leverages a use-after-free flaw in the browser that was reported in March 2022 (CVE-2022-26485). However, it’s suspected that the bug was likely abused since at least 2019.

Google TAG said it became aware of the Heliconia attack framework after receiving an anonymous submission to its Chrome bug reporting program. It further noted that there’s no current evidence of exploitation, either indicating the toolset has been put to rest or evolved further.

The development arrives more than five months after the tech giant’s cybersecurity division linked a previously unattributed Android mobile spyware, dubbed Hermit, to Italian software outfit, RCS Lab.

“The growth of the spyware industry puts users at risk and makes the Internet less safe, and while surveillance technology may be legal under national or international laws, they are often used in harmful ways to conduct digital espionage against a range of groups,” the researchers said.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

How to use Amazon Macie to preview sensitive data in S3 buckets

Next Post

Illustratebiginning ~ Future of CIO

Related Posts

Information Security

Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation

by admin
June 9, 2023
Information Security

Temporary elevated access management with IAM Identity Center

by admin
June 9, 2023
Information Security

Don’t panic! These scammers don’t actually have photos of you

by admin
June 9, 2023
Information Security

Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids’ Data on Xbox

by admin
June 8, 2023
Information Security

AWS Security Profile – Cryptography Edition: Valerie Lambert, Senior Software Development Engineer

by admin
June 8, 2023
Next Post

Illustratebiginning ~ Future of CIO

Recommended

Illuminatingfilling

June 9, 2023

Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation

June 9, 2023

Temporary elevated access management with IAM Identity Center

June 9, 2023

Don’t panic! These scammers don’t actually have photos of you

June 9, 2023

Illustratenonlinearlogic

June 8, 2023

Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids’ Data on Xbox

June 8, 2023

© CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.