Connect with us

News

Google Chrome Exploit Results In Attack On Lebanese Journalists

According to antivirus company Avast, there is evidence that an Israeli spyware firm called Candiru used a vulnerability in Google Chrome to spy on journalists in Lebanon.

Published

on

google chrome exploit results in attack on lebanese journalists

In early July 2022, Google patched a previously unknown vulnerability in its Chrome browser, known as CVE-2022-2294. The zero-day Chrome exploit only came to light after it was apparently used to spy on journalists in Lebanon.

Antivirus company, Avast, collated a report, which it delivered to Google detailing the zero-day exploit. In this report, Avast claims that Israeli spyware firm, Candiru, used the exploit to install spyware on the journalist’s computers.

It equally believes that the firm has used similar exploits to target Avast users in Turkey, Lebanon, Palestine and Yemen beginning in March of this year.

A zero-day exploit is, in short, a vulnerability in a piece of software that is unknown to the developers. They are typically discovered in the wild for this reason, and are known as zero-day because the developers have zero days in which to address the issue. This is because the vulnerability has the potential to cause damage from the moment it is discovered.

Avast alleges that Candiru used the above-mentioned exploit to gain access to user’s computers. It is believed to have compromised a website, which it used to redirect users to a server that could collect their data. If the data – collected on 50 data points such as location, language, time zone, etc. – met their requirements, the server would establish an encrypted channel.

Despite not claiming responsibility, Candiru is the prime suspect in the attack because the CVE-2022-2294 exploit was used to install the DevilsTongue spyware. This is a piece of malware previously linked to the group by Microsoft in a separate string of attacks.

devilstongue exploit

In its report, Avast claims that the zero-day exploit was used alongside another vulnerability capable of bypassing the sandbox security function in Chromium. However, Avast has (as yet) been unable to determine the second exploit used by the alleged attackers.

Also Read: DDoS Attacks Are A Growing Threat In Gaming

Luckily, Google released a patch for the exploit on July 4. As such, there is no need for Chrome users to be concerned, providing browsers are kept up to date. Microsoft and Apple have released patches for their Edge and Safari browsers, too, as they also use WebRTC.

Candiru has not yet been officially connected to the incident, so its involvement is currently (albeit well-informed) speculation. However, the tools used and computers targeted matches its previous spyware attempts dating from 2021 and early 2022. As the company has no public online presence, this fact is unlikely to change anytime soon.

Advertisement

📢 Get Exclusive Monthly Articles, Updates & Tech Tips Right In Your Inbox!

JOIN 17K+ SUBSCRIBERS

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

News

Binance Receives Virtual Assets License To Operate In Dubai

As its user base nears 200 million, CEO Richard Teng believes crypto adoption will soar over the next half of the decade.

Published

on

binance receives virtual assets license to operate in dubai

Global crypto exchange Binance has been granted a full operational license in Dubai, in a move that’s expected to accelerate digital asset adoption and strengthen the UAE’s regulatory landscape.

The virtual asset service provider license (VASP) was granted by the Dubai Virtual Assets Regulatory Authority (VARA) and will allow Binance to extend its current range of services to retail investors, the company announced yesterday.

The move by Dubai authorities will be critical to Binance’s strategy of growing its user base globally. The crypto exchange expects to pass the 200 million user mark “quite shortly”, according to Richard Teng, the company’s CEO.

Once that milestone is achieved, Binance will have around twice as many users as rival platform Coinbase. Meanwhile, Crypto.com, another popular exchange with 80 million users, received a Dubai VASP license last week.

“We’re seeing much greater institutional adoption and institutional money coming into this space [along with] much greater regulatory clarity and a lot more jurisdictions approving [digital asset] products that bring in new investor classes,” Binance’s Richard Tang explained, adding: “As of now, we stand at about 5% crypto adoption globally, but that will become much faster moving forward”.

Also Read: Microsoft Invests $1.5 Billion In Abu Dhabi AI Tech Firm G42

Dubai and the UAE are extremely supportive of technologies like digital assets, and have already launched initiatives to boost adoption. The UAE has ambitious plans to become a world leader in the crypto economy of the future, with Dubai in particular being noteworthy for passing a new law to regulate virtual assets to support investors and exchanges.

“Global crypto regulation is currently showing diverging signs. Some developed countries have long suffered from crypto-related frauds and illegal exchanges. On the other hand, emerging nations like the UAE and Singapore have enacted crypto laws at faced pace,” said Vijay Valecha, chief investment officer of Dubai-based Century Financial.

As the UAE gears up to become one of the fastest-growing crypto capitals worldwide, investors and talent are flocking to places like Dubai. During 2023, the Emirates as a whole realized $204 million in capital gains from cryptocurrency investments, according to blockchain data analysts Chainalysis.

Continue Reading

#Trending