Connect with us

News

Google Chrome Exploit Results In Attack On Lebanese Journalists

According to antivirus company Avast, there is evidence that an Israeli spyware firm called Candiru used a vulnerability in Google Chrome to spy on journalists in Lebanon.

Published

on

google chrome exploit results in attack on lebanese journalists

In early July 2022, Google patched a previously unknown vulnerability in its Chrome browser, known as CVE-2022-2294. The zero-day Chrome exploit only came to light after it was apparently used to spy on journalists in Lebanon.

Antivirus company, Avast, collated a report, which it delivered to Google detailing the zero-day exploit. In this report, Avast claims that Israeli spyware firm, Candiru, used the exploit to install spyware on the journalist’s computers.

It equally believes that the firm has used similar exploits to target Avast users in Turkey, Lebanon, Palestine and Yemen beginning in March of this year.

A zero-day exploit is, in short, a vulnerability in a piece of software that is unknown to the developers. They are typically discovered in the wild for this reason, and are known as zero-day because the developers have zero days in which to address the issue. This is because the vulnerability has the potential to cause damage from the moment it is discovered.

Avast alleges that Candiru used the above-mentioned exploit to gain access to user’s computers. It is believed to have compromised a website, which it used to redirect users to a server that could collect their data. If the data – collected on 50 data points such as location, language, time zone, etc. – met their requirements, the server would establish an encrypted channel.

Despite not claiming responsibility, Candiru is the prime suspect in the attack because the CVE-2022-2294 exploit was used to install the DevilsTongue spyware. This is a piece of malware previously linked to the group by Microsoft in a separate string of attacks.

devilstongue exploit

In its report, Avast claims that the zero-day exploit was used alongside another vulnerability capable of bypassing the sandbox security function in Chromium. However, Avast has (as yet) been unable to determine the second exploit used by the alleged attackers.

Also Read: DDoS Attacks Are A Growing Threat In Gaming

Luckily, Google released a patch for the exploit on July 4. As such, there is no need for Chrome users to be concerned, providing browsers are kept up to date. Microsoft and Apple have released patches for their Edge and Safari browsers, too, as they also use WebRTC.

Candiru has not yet been officially connected to the incident, so its involvement is currently (albeit well-informed) speculation. However, the tools used and computers targeted matches its previous spyware attempts dating from 2021 and early 2022. As the company has no public online presence, this fact is unlikely to change anytime soon.

Advertisement

📢 Get Exclusive Monthly Articles, Updates & Tech Tips Right In Your Inbox!

JOIN 16K+ SUBSCRIBERS

News

Emirates Airline To Invest $2 Billion On Major Upgrades

Emirates plans a huge retrofit on its fleet and an upgrade to the inflight experience.

Published

on

Emirates

Emirates Airline has just announced plans to improve its inflight experience for passengers. The carrier has budgeted $2 billion to refit the interiors of over 120 of its aircraft, aiming for a more modern aesthetic for cabins, along with better food choices, modern inflight entertainment options, and a significant service overhaul.

Emirates is well known for its premium service, so this overhaul is an ambitious decision, as many other airlines are trying their hardest to increase revenues and reduce costs.

emirates airline refurbished fleet 1

“Emirates is flying against the grain and investing to deliver ever better experiences to our customers. Through the pandemic we’ve continued to launch new services and initiatives to ensure our customers travel with the assurance and ease, including digital initiatives to improve customer experiences on the ground. Now we’re rolling out a series of intensive programmes to take Emirates’ signature inflight experiences to the next level,” says Sir Tim Clark, President of Emirates Airline.

emirates airline refurbished fleet 2

The investment aims to ensure Emirates stays on top form, with many of the upgrades scheduled to materialize quickly. For the physical refit, aircraft are scheduled to enter the Emirates Engineering Center in November. So what can passengers expect once work is complete? The most significant change will be to aircraft interiors, where flyers of all classes will immediately spot new flooring, paneling, and reupholstered seats.

Also Read: Saudi Arabia Reveals Plans To Build The City Of The Future

As well as a physical overhaul, the airline plans to upgrade entertainment systems, adding a “Cinema in the Sky” experience, complete with a bespoke app. In addition, better meal choices will reflect changing dietary preferences, including a new vegan menu and a nod to sustainability — though there will remain a strong luxury vibe to the proceedings, as the company has entered an exclusive agreement to offer Dom Perignon vintage champagne on board, as well as delicacies such as Persian caviar.

Though many of the improvements may seem trivial, Emirates is hoping that along with a huge cabin overhaul, their overall flight experience will continue to make travel a pleasurable experience, elevating their service above the competition.

Continue Reading

#Trending