"In Lebanon, the attackers seem to have compromised a website used by employees of a news agency," Avast researcher Jan Vojtěšek wrote.
DARK READER FOR SAFARI REVIEW INSTALL
Once the watering hole sites successfully exploited the vulnerability, they used their access to install DevilsTongue, the name Microsoft gave last year to advanced malware sold by an Israel-based company named Candiru. The watering hole sites were highly selective in choosing which visitors to infect. Microsoft and Apple have since patched the same WebRTC flaw in their Edge and Safari browsers, respectively.Īvast said on Thursday that it uncovered multiple attack campaigns, each delivering the exploit in its own way to Chrome users in Lebanon, Turkey, Yemen, and Palestine. Google patched the flaw on July 4 after researchers from security firm Avast privately notified the company it was being exploited in watering hole attacks, which infect targeted websites with malware in hopes of then infecting frequent users. A secretive seller of cyberattack software recently exploited a previously unknown Chrome vulnerability and two other zero-days in campaigns that covertly infected journalists and other targets with sophisticated spyware, security researchers said.ĬVE-2022-2294, as the vulnerability is tracked, stems from memory corruption flaws in Web Real-Time Communications, an open source project that provides JavaScript programming interfaces to enable real-time voice, text, and video communications capabilities between web browsers and devices.
0 kommentar(er)
