Candiru, an Israeli monitoring outfit, used the newly patched CVE-2022-2294 Chrome zero-day in assaults on journalists. Avast researchers claimed that the DevilsTongue malware, manufactured by Israeli surveillance business Candiru, was utilised in attacks on journalists in the Middle East and exploited the newly resolved CVE-2022-2294 Chrome zero-day vulnerability.
The issue, which Google addressed on July 4, 2022, is a heap buffer overflow in the Web Real-Time Communications (WebRTC) component; it is Google’s fourth zero-day patch in 2022. The majority of the assaults discovered by Avast researchers occurred in Lebanon, and threat actors employed various attack chains to target journalists.
Since March 2022, further infections have been detected in Turkey, Yemen, and Palestine. In one case, threat actors carried out a watering hole assault by hacking a website frequented by news agency staff. The researchers discovered artefacts associated with exploitation attempts for an XSS flaw on the website.
The sites contained calls to the Javascript function “alert” as well as terms like “test,” implying that the attackers were testing the XSS vulnerability before abusing it to inject the loader for a malicious Javascript from an attacker-controlled domain (i.e. stylishblock[.]com). This injected code was used to send victims to the exploit server via a chain of domains controlled by the attacker.&nb
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: