Connect with us


Google Chrome Exploit Results In Attack On Lebanese Journalists

According to antivirus company Avast, there is evidence that an Israeli spyware firm called Candiru used a vulnerability in Google Chrome to spy on journalists in Lebanon.



google chrome exploit results in attack on lebanese journalists

In early July 2022, Google patched a previously unknown vulnerability in its Chrome browser, known as CVE-2022-2294. The zero-day Chrome exploit only came to light after it was apparently used to spy on journalists in Lebanon.

Antivirus company, Avast, collated a report, which it delivered to Google detailing the zero-day exploit. In this report, Avast claims that Israeli spyware firm, Candiru, used the exploit to install spyware on the journalist’s computers.

It equally believes that the firm has used similar exploits to target Avast users in Turkey, Lebanon, Palestine and Yemen beginning in March of this year.

A zero-day exploit is, in short, a vulnerability in a piece of software that is unknown to the developers. They are typically discovered in the wild for this reason, and are known as zero-day because the developers have zero days in which to address the issue. This is because the vulnerability has the potential to cause damage from the moment it is discovered.

Avast alleges that Candiru used the above-mentioned exploit to gain access to user’s computers. It is believed to have compromised a website, which it used to redirect users to a server that could collect their data. If the data – collected on 50 data points such as location, language, time zone, etc. – met their requirements, the server would establish an encrypted channel.

Despite not claiming responsibility, Candiru is the prime suspect in the attack because the CVE-2022-2294 exploit was used to install the DevilsTongue spyware. This is a piece of malware previously linked to the group by Microsoft in a separate string of attacks.

devilstongue exploit

In its report, Avast claims that the zero-day exploit was used alongside another vulnerability capable of bypassing the sandbox security function in Chromium. However, Avast has (as yet) been unable to determine the second exploit used by the alleged attackers.

Also Read: DDoS Attacks Are A Growing Threat In Gaming

Luckily, Google released a patch for the exploit on July 4. As such, there is no need for Chrome users to be concerned, providing browsers are kept up to date. Microsoft and Apple have released patches for their Edge and Safari browsers, too, as they also use WebRTC.

Candiru has not yet been officially connected to the incident, so its involvement is currently (albeit well-informed) speculation. However, the tools used and computers targeted matches its previous spyware attempts dating from 2021 and early 2022. As the company has no public online presence, this fact is unlikely to change anytime soon.


📢 Get Exclusive Monthly Articles, Updates & Tech Tips Right In Your Inbox!


Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Initial Trials Of Dubai’s Driverless Evocargo Trucks Completed

Testing was announced on July 17, and the completion is a major milestone towards upgrading the region’s logistics infrastructure.



initial trials of dubai's driverless evocargo trucks completed
Dubai Media Office

A Dubai-based company has completed the initial trials for the UAE’s first driverless trucks. The groundbreaking achievement by Evocargo, partnering with Dubai South, took place at Dubai South Logistics District, and marked a significant step towards incorporating autonomous technologies into the region’s wider logistics infrastructure.

Announced on Wednesday, July 17th, the trials featured the Evocargo N1 unmanned electric truck navigating a predetermined route within a controlled setting. The test involved interactions with common road obstacles such as cars, trucks, and pedestrians, aiming to evaluate the vehicle’s hardware and software reliability, accident prevention systems, and overall readiness for public road use.

Officials were keen to highlight that this accomplishment aligns with the UAE’s ambitious strategy to position itself as a global leader in innovation and technology adoption. The country aims to have 25% of all transportation in Dubai autonomous by 2030, underscoring its commitment to revolutionizing the logistics sector using advanced technologies.

Mohsen Ahmad, CEO of the Logistics District at Dubai South, emphasized the importance of the collaboration with Evocargo in enhancing the region’s logistics capabilities. He noted that autonomous vehicles are set to increase efficiency, reduce carbon emissions, and establish a sustainable logistics infrastructure that will benefit both Dubai and the wider UAE.

Also Read: Riyadh Developers Reveal New 45,000-Seat Murabba Stadium

Ahmed Al-Ansi, CEO of Evocargo Autonomous Logistic Services, also expressed optimism that the trials will draw new customers and investments across the Gulf Cooperation Council (GCC) countries. The partnership aims to lead in innovative tech solutions, further establishing the UAE as a pioneer in autonomous transportation.

The successful completion of the trials marks a crucial step towards realizing the UAE’s vision for a technologically advanced and sustainable future in which autonomous vehicles are expected to play a pivotal role in global logistics.

Continue Reading