Connect with us

News

Google Chrome Exploit Results In Attack On Lebanese Journalists

According to antivirus company Avast, there is evidence that an Israeli spyware firm called Candiru used a vulnerability in Google Chrome to spy on journalists in Lebanon.

Published

on

google chrome exploit results in attack on lebanese journalists

In early July 2022, Google patched a previously unknown vulnerability in its Chrome browser, known as CVE-2022-2294. The zero-day Chrome exploit only came to light after it was apparently used to spy on journalists in Lebanon.

Antivirus company, Avast, collated a report, which it delivered to Google detailing the zero-day exploit. In this report, Avast claims that Israeli spyware firm, Candiru, used the exploit to install spyware on the journalist’s computers.

It equally believes that the firm has used similar exploits to target Avast users in Turkey, Lebanon, Palestine and Yemen beginning in March of this year.

A zero-day exploit is, in short, a vulnerability in a piece of software that is unknown to the developers. They are typically discovered in the wild for this reason, and are known as zero-day because the developers have zero days in which to address the issue. This is because the vulnerability has the potential to cause damage from the moment it is discovered.

Avast alleges that Candiru used the above-mentioned exploit to gain access to user’s computers. It is believed to have compromised a website, which it used to redirect users to a server that could collect their data. If the data – collected on 50 data points such as location, language, time zone, etc. – met their requirements, the server would establish an encrypted channel.

Despite not claiming responsibility, Candiru is the prime suspect in the attack because the CVE-2022-2294 exploit was used to install the DevilsTongue spyware. This is a piece of malware previously linked to the group by Microsoft in a separate string of attacks.

devilstongue exploit

In its report, Avast claims that the zero-day exploit was used alongside another vulnerability capable of bypassing the sandbox security function in Chromium. However, Avast has (as yet) been unable to determine the second exploit used by the alleged attackers.

Also Read: DDoS Attacks Are A Growing Threat In Gaming

Luckily, Google released a patch for the exploit on July 4. As such, there is no need for Chrome users to be concerned, providing browsers are kept up to date. Microsoft and Apple have released patches for their Edge and Safari browsers, too, as they also use WebRTC.

Candiru has not yet been officially connected to the incident, so its involvement is currently (albeit well-informed) speculation. However, the tools used and computers targeted matches its previous spyware attempts dating from 2021 and early 2022. As the company has no public online presence, this fact is unlikely to change anytime soon.

Advertisement

📢 Get Exclusive Monthly Articles, Updates & Tech Tips Right In Your Inbox!

JOIN 23K+ SUBSCRIBERS

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

News

Samsung’s Galaxy Watch 9 And Ultra 2 Specs Leak Ahead Of Unpacked

An 800mAh Ultra 2 battery and a switch from Exynos to Qualcomm silicon headline the expected changes for Samsung’s next smartwatches.

Published

on

samsung's galaxy watch 9 and ultra 2 specs leak ahead of unpacked

Samsung’s next smartwatches have little left to hide. A new leak reported by Android Authority has surfaced most of the remaining details about the Galaxy Watch 9 and Galaxy Watch Ultra 2, just over a week before the company’s Galaxy Unpacked event on July 22.

The biggest change is an invisible one: Samsung is expected to drop its own Exynos W1000 chip in favor of Qualcomm’s Snapdragon Wear Elite SW6100, a chipset unveiled only this year, according to the outlet.

Battery capacity looks like the other notable upgrade. Citing a report from Winfuture, Android Authority says the Watch Ultra 2 could reach 800mAh, well beyond the 590mAh cell in the current Watch Ultra. The 44mm Watch 9 reportedly gets a 445mAh cell — the same capacity as last year’s Watch 8 Classic — while the 40mm model stays at 325mAh.

The 40mm Watch 9 will reportedly feature a 438 x 438-pixel panel, with the 44mm Watch 9 and the Watch Ultra 2 sharing a larger 480 x 480-pixel screen. Samsung leaker Ice Universe has separately claimed the Ultra 2’s display could reach a peak brightness of 5,000 nits. RAM and storage vary by model, topping out at 2GB and 64GB.

Also Read: Tamper With The Recording LED & Meta’s Glasses Kill Camera

The Ultra 2 keeps its titanium case and 100-meter water resistance; the standard Watch 9 remains aluminum, rated to 5 ATM. All models are said to include Bluetooth 6.0, NFC, and dual-band WiFi, with the usual LTE variants, and ship with One UI 9 Watch running on Wear OS 7.

A separate leak puts the Galaxy Watch 9 at €409 (about $468) for the 40mm Bluetooth model, rising to €489 (about $560) for the 44mm LTE version, with the Watch Ultra 2 LTE at €749 (about $857) — figures Android Authority said were partially corroborated by Winfuture. Confirmation arrives on stage on July 22.

Continue Reading

#Trending