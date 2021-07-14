



A new Google report reveals a hacking campaign involving three zero-day attacks targeting Armenian users. According to Google, all three zero-day attacks appear to have been developed by the same exploit broker. The fourth zero-day was also used by Russian cyber espionage to track high-ranking government officials in Western Europe.

One of Google’s security teams today released technical details about four zero-day vulnerabilities exploited in this year’s attack to endanger users as part of a targeted hacking campaign.

The following zero-day list was used to attack users of Chrome, Internet Explorer, and Safari for iOS browsers, Google said in a technical report published earlier today.

Three zero-days developed by the same exploit broker

According to Google, the three zero-day attacks in Chrome and IE were “developed by the same commercial surveillance company that sold these features to two different government-sponsored parties.”

Google did not appoint an exploit broker or two threat actors who used the vulnerability as part of the attack.

Google said all three zero-days were used in attacks targeting Armenians.

For example, according to Google, Chrome’s zero-day exploits CVE-2021-21166 and CVE-2021-30551 were used in campaigns to email targeted individuals with links that mimic legitimate websites. It is said that it was done.

When the target clicked on the link, it was redirected to a web page that created a fingerprint of the device, gathered system information about the client, generated an ECDH key to encrypt the exploit, and sent this data back to the exploit server. The information collected from the fingerprint phase included screen resolution, time zone, language, browser plug-in, and available MIME types. This information was collected by the attacker to decide whether to deliver the exploit to the target.

Google said the researcher discovered two zero-days after finding the two correct configurations needed to provide a working exploit.

After the renderer is in danger [by the zero-day exploit]An intermediate step is performed to collect more information about the infected device, such as OS build version, CPU, firmware and BIOS information. It can be collected to detect virtual machines and deliver customized sandbox escapes to targets. In our environment, we did not receive the payload past this stage.

The Google TAG team also said that CVE-2021-21166 also affected Safari’s WebKit browser engine due to the shared code base and reported the problem to Apple, which immediately released the product as CVE-2021-1844. Fixed.

“There is no evidence that this vulnerability was used to target Safari users,” the Google TAG team said today.

Regarding IE Zero Day, which was tracked by Microsoft as CVE-2021-33742 patched in June, Google said it was also used against Armenian targets.

This delivery method was via email containing malicious Office documents that load web content into Office via an embeddable component of Internet Explorer.

Similar to the two Chrome zero-day attacks, the attack included a fingerprint stage before the attacker deployed the second stage payload.

Due to the similarities between two different campaigns run by different threat actors, the TAG team concluded that the zero-day exploit was likely created by the same exploit broker.

Safari for iOS was attacked on zero-day via LinkedIn

In addition, Google said it also detected an attack using CVE-2021-1879, a security flaw in WebKit for iOS.

These attacks, resulting from Google’s “actors likely to be backed by the Russian government,” were carried out via LinkedIn Messenger, a LinkedIn feature that allows users to exchange messages on the platform.

Google said Russian threat actors used LinkedIn to send messages containing malicious links to government officials in Western European countries.

When the target opens the link through the Safari / WebKit browser on the iOS device, the zero-day exploit will “collect authentication cookies from some popular websites such as Google, Microsoft, LinkedIn, Facebook, Yahoo, etc. Disable Same-Origin-Policy protections. Send them via WebSocket to an attacker-controlled IP. “

The exploit worked on users running iOS versions 12.4 to 13.7, and Google said the same CVE-2021-1879 zero-day attack was also found in other campaigns documented by Microsoft and Volexity in the spring. These attacks resulted from a threat actor known as Nobelium and APT29, a threat actor linked to the SVR, the Russian Foreign Intelligence Service by White House officials.

Catalin Cimpanu is The Record’s cybersecurity reporter. He previously worked for ZDNet and Bleeping Computer. It has become famous in the industry for its constant investigation into new vulnerabilities, cyberattacks, and law enforcement measures against hackers.

Sources 1/ https://Google.com/ 2/ https://therecord.media/google-three-recent-zero-days-have-been-used-against-armenian-targets/ The mention sources can contact us to remove/changing this article

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos