google Archives

On May 23rd, a security researcher reported a vulnerability in the Chrome Desktop Browser (Pre-Version 67.0.3396.79) that allows for the mishandling of the Content Security Policy (CSP) header. The CSP header allows website developers to implement a 2nd layer of security on their websites to prevent possible malicious activity. The vulnerability bypasses the SECURITY_CHECK in Chrome, allowing possible cross-site scripting, clickjacking, and varying types of code injection attacks against vulnerable users browsing affected websites.

Chrome released a patch on June 05 fixing the vulnerability and raising the version to 67.0.3396.79. Chrome has reserved CVE-2018-6148 for the vulnerability but is restricting details surrounding the bug until the majority of Chrome users have been updated to prevent threat actors from exploiting the vulnerability.

The Proficio Threat Intelligence Recommendations:

Update Chrome to the latest version
Always make sure to stay up to date on application updates and security patches

Patch Release Page – Click Here
General Info – Click Here

Kaspersky Labs has detailed Android malware mainly targeting Chinese and Korean users. The malware is designed to steal two-factor authentication codes for Google accounts sent via SMS/MMS.

Kaspersky Labs has detailed a lot of the interesting technical elements of the malware. For example, command and control for samples analyzed were found to lookup strings of web pages hosted on legitimate sites such as sohu.com and baidu.com. Kaspersky also believes the initial infection vector for the Android devices were compromised routers in Asia. The routers were redirecting Android devices towards malicious sites via DNS hijacking. The malware does have a component that appears to target English speaking users, but the HTML code within the malware is written in broken English. Most researchers after additional analysis have attributed this malware to cybercriminals focusing on Chinese and Korean targets.

Proficio Threat Intelligence Recommendations:

Do not allow users that have Android devices to bring “rooted” devices into corporate networks (rooted devices were targeted in this campaign)
Routers in this attack allowed attackers to perform DNS hijacking in this campaign. Monitoring corporate routers for attacks and compromise should be performed by security operations
SOCs (security operation centers) often detect BYOD infected cellular devices in guest networks or corporate wireless networks. Corporate IT should decide on an action (or no action) to be taken when these detections occur

General Information – Click Here

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Tag Archive for: google

Vulnerability: Google Chrome Browser – CVE-2018-6148: Incorrect handling of CSP header

Method: Roaming Mantis Malware

Quick Links

Proficio

Tag Archive for: google

Quick Links

Proficio

Follow us