- How to guard against the holiday cyberattack surge
- 대통령 측근이 ‘AI 차르’로?···“트럼프, 상원 인준 필요 없는 AI 총괄 임명 추진” 악시오스
- Equinix to cut 3% of staff amidst the greatest demand for data center infrastructure ever
- One of the best portable speakers I tested is $40 off for Black Friday: Get this music powerhouse in a small package
- Best Black Friday gaming PC deals 2024: Sales live now on prebuilt PCs, GPUs, monitors, and more
Unknown Attacker Chains Chrome and Windows Zero-Days
Security researchers warn of a series of highly targeted attacks designed to compromise victim networks via Google Chrome and Microsoft Windows zero-day exploits.
The attackers are thought to have first exploited the now-patched CVE-2021-21224 remote code execution bug in Chrome.
“This vulnerability was related to a Type Mismatch bug in the V8 — a JavaScript engine used by Chrome and Chromium web-browsers,” explained Kaspersky. “It allows the attackers to exploit the Chrome renderer process: the processes that are responsible for what happens inside users’ tabs.”
The second stage was an elevation of privilege exploit linked to two separate vulnerabilities in the Microsoft Windows OS kernel. The first, CVE-2021-31955, can lead to the disclosure of sensitive kernel information, while the second, CVE-2021-31956, is a heap-based buffer overflow bug.
Kaspersky claimed that attackers CVE-2021-31956 alongside the Windows Notification Facility (WNF) to create arbitrary memory read/write primitives and execute malware modules with system privileges.
Once they’ve gained a foothold in victim networks by exploiting these three flaws, the stager modules execute a more sophisticated malware dropper from a remote server, which in turn installs to executables masquerading as legitimate Windows files.
One of these is a remote shell module designed to download and upload files, create processes, lie dormant for periods of time, and delete itself from the infected system, Kaspersky said.
Microsoft patched both vulnerabilities in this week’s Patch Tuesday security update round while Google has already fixed the Chrome flaw.
The research team has yet to link the attacks to any known threat actor, so is dubbing the group behind it “PuzzleMaker.”
“Overall, of late, we’ve been seeing several waves of high-profile threat activity being driven by zero-day exploits. It’s a reminder that zero days continue to be the most effective method for infecting targets,” argued Boris Larin, senior security researcher at Kaspersky’s Global Research and Analysis Team (GReAT).
“Now that these vulnerabilities have been made publicly known, it’s possible that we’ll see an increase of their usage in attacks by this and other threat actors. That means it’s very important for users to download the latest patch from Microsoft as soon as possible.”