Connect with us

Featured

Zero-day bug hits Chrome

Published

on

Kaspersky’s automated technologies have detected a new exploited vulnerability in the Google Chrome web browser. Kaspersky has allocated the vulnerability as CVE-2019-13720 and reported it to Google. A patch has been released. Upon review of the PoC provided, Google confirmed that it is a zero-day vulnerability.

Zero-day vulnerabilities are previously unknown software bugs that can be exploited by attackers to inflict serious and unexpected damage. The new exploit is used in attacks that leverage a waterhole-style injection in a Korean-language news portal. A malicious JavaScript code is inserted in the main page, which in turn, loads a profiling script from a remote site to further check if the victim’s system could be infected by examining versions of the browser’s user credentials. The vulnerability tries to exploit the bug through the Google Chrome browser and the script checks if version 65 or later is being used. The exploit gives an attacker a Use-After-Free (UaF) condition, which is very dangerous because it can lead to code execution scenarios.

The detected exploit was used in what Kaspersky experts call “Operation WizardOpium”. Certain similarities in the code point to a possible link between this campaign and Lazarus attacks. Additionally, the profile of the targeted website is similar to what has been found in previous DarkHotel attacks, which have recently deployed comparable false flag attacks.

The exploited vulnerability was detected by Kaspersky’s Exploit Prevention technology, embedded in most of the company’s products.

“The finding of a new Google Chrome zero-day in the wild once again demonstrates that it is only collaboration between the security community and software developers, as well as constant investment in exploit prevention technologies, that can keep us safe from sudden and hidden strikes by threat actors,” said Anton Ivanov, a security expert at Kaspersky.

Kaspersky products detect the exploit as PDM:Exploit.Win32.Generic.

Kaspersky recommends taking the following security measures:

  • Install the Google patch for the new vulnerability as soon as possible.
  • Make sure you update all software used in your organisation on a regular basis, and whenever a new security patch is released. Security products with Vulnerability Assessment and Patch Management capabilities may help to automate these processes.
  • Choose a proven security solution, such as Kaspersky Endpoint Security for Business, that is equipped with behaviour-based detection capabilities for effective protection against known and unknown threats, including exploits.
  • In addition to adopting essential endpoint protection, implement a corporate-grade security solution that detects advanced threats on the network level at an early stage, such as Kaspersky Anti Targeted Attack Platform.
  • Make sure your security team has access to the most recent cyberthreat intelligence.  Private reports on the latest developments in the threat landscape are available to Kaspersky Intelligence Reporting customers. For further details, contact: intelreports@kaspersky.com.
  • Last, but not least, ensure your staff is trained to understand and implement the basics in cybersecurity hygiene.

For further details on the new exploit see the report on Securelist.

Cars

Car buyers to start abandoning fuel-power by 2025

Car buyers in the United States and Europe expect electric vehicles to become a viable alternative to fuel-powered cars in the next five years.

Published

on

A new report outlining consumer expectations of battery electric vehicles (BEVs) and their viability as replacements for traditional fuel-powered cars or internal combustion engine (ICE) vehicles suggests a massive shift beginning in 2025.

The conclusion emerges from a report by human behaviour and analytics firm Escalent, entitled The Future of BEV: How to Capture the Hearts and Minds of Consumers. It reveals the intent of many consumers in the United States and Europe to abandon ICE vehicles altogether, citing the improved infrastructure and range of BEVs.

The Future of BEV gives auto and mobility manufacturers a strategic view of the benefits of their products in the eyes of consumers and highlights the areas of opportunity for automakers to push the innovation boundaries of BEVs to spur broad adoption of the technology.

“While most buyers don’t plan to choose BEVs over gasoline-powered cars within the next five years, consumers have told us there is a clear intention to take BEVs seriously in the five years that follow,” says Mark Carpenter, joint managing director of Escalent’s UK office. “However, manufacturers will need to tap into the emotional value of BEVs rather than just the rational and functional aspects to seize on that intent and inspire broader consumer adoption.”

The study demonstrates a significant shift in consumers’ expectations that BEVs will become viable alternatives to—and competitors with—ICE vehicles over the coming decade. Though 70% of Americans plan to buy a gasoline-powered car within the next year, just 37% expect to make that same purchase in five to ten years. Similarly, while 50% of European consumers favour buying vehicles powered by gasoline and diesel in the near-term, that figure drops to just 23% in five to ten years.

At the same time, consumers on both sides of the Atlantic see BEV adoption rising to 36% in Europe and 16% in the US, with respondents also indicating intent to purchase hybrids and hydrogen-powered cars.

Infrastructure clearly continues to be one of the biggest barriers to adoption. While some work is being done in Europe as well as in the US, the data show there is a significant need for some players to take ownership if manufacturers want to move the needle on BEV adoption.

US and European consumers have stark differences in opinion as to which entities they believe are primarily responsible for providing BEV charging stations. American consumers consider carmakers (45%) the primary party responsible, followed by fuel companies, local government/transport authorities, and the national government in fourth. On the other hand, European consumers view the national government (29%) as the primary party responsible for providing BEV infrastructure, followed by carmakers, local government/transport authorities and fuel companies.

For a full copy of the report, visit https://landing.escalent.co/download-the-future-of-bev.

Continue Reading

Featured

New cell phone to help with dementia and memory loss

Published

on

A new cell phone that takes simplicity to the extreme is designed to address the unique needs of people with dementia and other forms of memory loss. The RAZ Memory Cell Phone, developed by RAZ Mobility, a provider of mobile assistive technology, was launched this week. The handset is also well-suited for individuals with intellectual disabilities.

According to the Alzheimer’s Association, approximately 5.8 million Americans have Alzheimer’s dementia, with one in ten people over the age of 65 diagnosed with the disease. The number of people with dementia is expected to increase rapidly as the proportion of the population 65 and older increases. The American Psychiatric Association reports that approximately one percent of the population has an intellectual disability.

The RAZ Memory Cell Phone consists of one primary screen, and one screen only. It is always on and includes pictures and names of up to six contacts and a button to call 911. That’s it! There are no applications or settings to cause confusion. No notifications or operating system updates. No distractions. Users can simply tap and hold the picture of the person they wish to call.

Caregivers manage the RAZ Memory Cell Phone through a simple online portal. The portal is used to create and edit the contacts, track the location of the phone/user and select certain options, such as the option to restrict incoming calls to people in the user’s contacts, thereby avoiding unwanted calls such as predatory robocalls.

The RAZ Memory Cell Phone can now be ordered at https://www.razmobility.com/solutions/memory-cellphone/.

Continue Reading

Trending

Copyright © 2020 World Wide Worx