Because the security vulnerability is under active exploit, Google isn't releasing full details of the flaw while users could remain vulnerable.

A Google Chrome zero-day vulnerability is under active exploit in the wild, and while details are scarce, users are urged to update their Windows, Mac, and Linux systems to the latest version directly.

The fix for the high-severity bug, being tracked as CVE-2023-2033, is being pushed out through the stable desktop and extended stable channels, and will continue to roll out over the next weeks, Google explained in its April 14 cybersecurity advisory.

The flaw was discovered by Clément Lecigne of Google's Threat Analysis Group on April 11, the company said.

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," Google added. "We will also retain restrictions if the bug exists in a third-party library that other projects similarly depend on, but haven't yet fixed."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Google Issues Emergency Chrome Update for Zero-Day Bug

Categories: Exploits and vulnerabilities
Categories: News
Tags: Google

Tags:  Chrome zero-day

Tags:  CVE-2023-2033

Tags:  V8 flaw

Tags:  V8

Google has released an updated version of Chrome to address a zero-day flaw that is being exploited in the wild.



(Read more...)




The post Update Chrome now! Google patches actively exploited flaw appeared first on Malwarebytes Labs.

Posted: April 17, 2023 by

In a recent security advisory, Google says it patched a high-severity zero-day security flaw in its Chrome browser—the first in 2023—currently being exploited in the wild by threat actors. The company urges all its Windows, Mac, and Linux users to update to version **112.0.5615.121** immediately, as this flaw is present in Chrome versions before this one. Updating your browser can be done manually or automatically.

If you use other Chromium-based browsers, you may need to update them as well.

The vulnerability, tracked as **CVE-2023-2033**, is exploitable when a user visits a malicious webpage using an unpatched Chrome browser. The page could run arbitrary code in the browser, potentially leading to your computing device being hijacked. Google knows an exploit code for this flaw already exists and is circulating in the wild.

CVE-2023-2033 is a type-confusion bug in V8, Google's open-source JavaScript and WebAssembly engine. As with zero-day patch announcements, the company supplied little to no details on how attackers could exploit this flaw. However, we know that attacks on V8, although uncommon, are considered one of the most dangerous. Exploiting a weakness in V8 typically leads to a browser crashing.

"Access to bug details and links may be kept restricted until a majority of users are updated with a fix," says Google in the advisory. "We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed."

Google is giving all its Chrome users enough time to update to the latest version until technical details are released.

**How to manually update Chrome**

Google Chrome typically updates automatically. However, it's worth double checking. To check if your browser is up to date:

*   Click the three vertical dots at the upper right-hand side of the URL bar.
*    Select Help > About Google Chrome.

Simply doing this should trigger Chrome to update. Once done, the browser will ask you to relaunch. Click the button to confirm and complete the update process.

Google would never let users manually download and install a separate file to update Chrome. Scammers and threat actors have used this tactic many times in the past, and, for a time, it worked. Now and then, this tactic is adopted in a malicious campaign, to catch those who aren't familiar with how Chrome works or how Google updates its products.

Stay safe!

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

**RELATED ARTICLES**

Update Chrome now! Google patches actively exploited flaw

kvmtool through 39181fc allows an out-of-bounds write, related to virtio/balloon.c and virtio/pci.c. This allows a guest OS user to execute arbitrary code on the host machine.

CVE-2021-45464: LKVM Escape

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year.
Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been

Zero-Day / Browser Security

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year.

Tracked as **CVE-2023-2033**, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on April 11, 2023.

"Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page," according to the NIST's National Vulnerability Database (NVD).

The tech giant acknowledged that "an exploit for CVE-2023-2033 exists in the wild," but stopped short of sharing additional technical specifics or indicators of compromise (IoCs) to prevent further exploitation by threat actors.

CVE-2023-2033 also appears to share similarities with CVE-2022-1096, CVE-2022-1364, CVE-2022-3723, and CVE-2022-4262 – four other actively abused type confusion flaws in V8 that were remediated by Google in 2022.

UPCOMING WEBINAR

Master the Art of Dark Web Intelligence Gathering

Learn the art of extracting threat intelligence from the dark web – Join this expert-led webinar!

Save My Seat!

Google closed out a total of nine zero days in Chrome last year. The development comes days after Citizen Lab and Microsoft disclosed the exploitation of a now-patched flaw in Apple iOS by customers of a shadowy spyware vendor named QuaDream to target journalists, political opposition figures, and an NGO worker in 2021.

Users are recommended to upgrade to version 112.0.5615.121 for Windows, macOS, and Linux to mitigate potential threats. Users of Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi are also advised to apply the fixes as and when they become available.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation.
"While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they're known and fixed, which is the real story," the company said in an announcement. "Those risks span everything from

Google on Thursday outlined a set of initiatives aimed at improving the vulnerability management ecosystem and establishing greater transparency measures around exploitation.

"While the notoriety of zero-day vulnerabilities typically makes headlines, risks remain even after they're known and fixed, which is the real story," the company said in an announcement. "Those risks span everything from lag time in OEM adoption, patch testing pain points, end user update issues and more."

Security threats also stem from incomplete patches applied by vendors, with a chunk of the zero-days exploited in the wild turning out to be variants of previously patched vulnerabilities.

Mitigating such risks requires addressing the root cause of the vulnerabilities and prioritizing modern secure software development practices to eliminate entire classes of threats and block potential attack avenues.

Taking these factors into consideration, Google said it's forming a Hacking Policy Council to "ensure new policies and regulations support best practices for vulnerability management and disclosure."

The company further emphasized that it's committing to publicly disclose incidents when it finds evidence of active exploitation of vulnerabilities across its product portfolio.

Lastly, the tech giant said it's instituting a Security Research Legal Defense Fund to provide seed funding for legal representation for individuals engaging in good-faith research to find and report vulnerabilities in a manner that advances cybersecurity.

Google's latest security push speaks to the need for looking beyond zero-days by making exploitation difficult in the first place, driving patch adoption for known vulnerabilities in a timely manner, setting up policies to address product life cycles, and making users aware when products are actively exploited.

It also serves to highlight the importance of applying secure-by-design principles during all phases of the software development lifecycle.

UPCOMING WEBINAR

Master the Art of Dark Web Intelligence Gathering

Learn the art of extracting threat intelligence from the dark web – Join this expert-led webinar!

Save My Seat!

The disclosure comes as Google launched a free API service called deps.dev API in a bid to secure the software supply chain by providing access to security metadata and dependency information for over 50 million versions of five million open source packages found on the Go, Maven, PyPI, npm, and Cargo repositories.

In a related development, Google's cloud division has also announced the general availability of the Assured Open Source Software (Assured OSS) service for Java and Python ecosystems.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Google Launches New Cybersecurity Initiatives to Strengthen Vulnerability Management

Microsoft zero-days, dark web forum takedowns and Pentagon leaks on Discord in this week's newsletter.

Thursday, April 13, 2023 14:04

Welcome to this week’s edition of the Threat Source newsletter.

Law enforcement organizations across the globe notched a series of wins over the past few weeks against online forums for cybercriminals.

On March 23, the FBI announced it disrupted the online cybercriminal marketplace BreachForums, known for being a place where users could buy and sell stolen user information. They also arrested a 20-year-old suspected of being the site’s founder and main administrator.

Then last week we had “Operation Cookie Monster” in which several international agencies worked together to take down Genesis Market, a similar dark web forum, arresting dozens of suspected users and administrators.

These arrests and network operations are important in that they disrupted sites that were known for highly sensitive information and served as a place for some of the most prolific cyber criminals to make money. The U.S. Department of Justice estimated that Genesis Market was responsible for the sale of data on more than 1.5 million compromised computers around the world containing over 80 million account access credentials. And the U.K.’s National Crime Agency (NCA) said credentials were available for as little as 70 cents to hundreds of dollars depending on the stolen data available.

But the user base for these sites was also huge (after all, someone had to be buying those credentials). At the time of its takedown, BreachForums had 340,000 members, according to the FBI. And reporting on Operation Cookie Monster stated that Genesis Market had 59,000 registered users.

So while it’s great that these sites have been disrupted, I can’t help but assume that two more sites are going to pop up to service these cyber criminals. It’s impossible for any agency to arrest 340,000 people, so even if a handful of administrators are restricted from accessing the internet for a while, the other 339,000 people are going to be looking for a new home.

Some of the same agencies celebrated in March 2021 that they disrupted Emotet, one of the most infamous botnets ever. As anyone who follows security news will know, Emotet didn’t actually go anywhere and was recently rebooted as recently as last month, according to our research.

RaidForums, a forefather of BreachForums, was also disrupted in April 2022, along with the arrest of several administrators and accomplices.

All of this is not to discount the great strides made in the past few weeks in disrupting these marketplaces and taking them offline. But a lot of these headlines are sounding familiar to me after a few years, so it’s important to remember that we as a security community can’t take our foot off the gas and assume that because there were a few big wins that dark web forums are just going to go away forever.

**The one big thing**

Microsoft’s Patch Tuesday for April included another zero-day vulnerability in the Windows Common Log File System Driver. CVE-2023-28252, which could allow an attacker to obtain SYSTEM privileges, is actively being exploited in the wild, according to Microsoft. The U.S. Cybersecurity and Infrastructure Security Agency already added the vulnerability to its list of know exploited issues and urged federal agencies to patch it as soon as possible. Microsoft disclosed a similar zero-day issue in September that could also lead to the same privileges: CVE-2022-37969.

**Why do I care?**

Security researchers say that the vulnerability has already been exploited in Nokoyawa ransomware attacks, so it’s important to patch this issue as soon as possible. The Nokoyawa ransomware is known for targeting 64-bit Windows systems in double extortion attacks in which the actors encrypt targets’ files and then threaten to leak them unless the ransom is paid.

**So now what?**

Microsoft has a patch available, so all Windows users should update now if they haven’t already. Talos also has new Snort detection coverage available for CVE-2023-28252 and other vulnerabilities disclosed as part of Patch Tuesday.

**Top security headlines of the week**

**A trove of classified military documents and images leaked on several social media channels** over the past week, including potentially sensitive information on Russia’s invasion of Ukraine and China’s military plans. The images first surfaced in a Discord channel, eventually making their way onto the Telegram messaging app, the popular forum 4Chan and then broader social media sites like Twitter. The U.S. Department of Justice and the Pentagon have since launched a formal investigation into the leaks. Ukrainian officials have blamed Russian actors for the leaks, trying to cast doubt on the authenticity of the images, while Russia accused Western governments of trying to spread disinformation. (Bellingcat, New York Times)

**Apple released patches for two zero-day vulnerabilities** targeting current and older versions of iOS, iPadOS, macOS and Safari that attackers were exploiting in the wild. The vulnerabilities, CVE-2023-28206 and CVE-2023-28205, could lead to arbitrary code execution. CVE-2023-28206 specifically could allow an adversary to execute code with kernel privileges. Apple initially patched the issue in current iPhones and other devices and followed up a few days later with fixes for older hardware like the iPhone 8. This was the third instance of Apple patching a zero-day vulnerability since the start of the year. (SC Media, Security Week)

**The FBI warned users again this week against plugging their phones in public charging stations** at common spaces like airports, hotels and shopping centers. The agency stated that threat actors have found ways to use the public USB ports to “introduce malware and monitoring software onto devices." Instead, the Federal Communications Commission suggests users carry their own USB cables and charging blocks to plug directly into outlets rather than relying on or trusting a cable. However, the tweet from the FBI’s Denver office did not offer examples of any recent attacks that would have prompted a fresh warning. (Axios, NBC News)

**Can’t get enough Talos?**

*   How threat actors are using AI and other modern tools to enhance their phishing attempts
*   How do you hunt cybersecurity threats in a war zone? Like this
*   Cisco unveils latest security trends from Cisco Talos report at GISEC 2023
*   Researcher Spotlight: Giannis Tziakouris first learned how to fix his family’s PC, and now he’s fixing networks all over the globe

**Upcoming events where you can find Talos**

**RSA** **(April 24 - 27)**

San Francisco, CA

**Cisco Talos Incident Response: On Air** **(April 27)**

Virtual

**Cisco Live U.S.** **(June 4 - 8)**

Las Vegas, NV

**Most prevalent malware files from Talos telemetry over the past week**

  
**SHA 256:** 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507  
**MD5:** 2915b3f8b703eb744fc54c81f4a9c67f  
**Typical Filename:** VID001.exe  
**Claimed Product:** N/A  
**Detection Name:** Win.Worm.Coinminer::1201

**SHA 256:** e248b01e3ccde76b4d8e8077d4fcb4d0b70e5200bf4e738b45a0bd28fbc2cae6  
**MD5:** 1e2a99ae43d6365148d412b5dfee0e1c  
**Typical Filename:** PDFpower.exe  
**Claimed Product:** PdfPower  
**Detection Name:** Win32.Adware.Generic.SSO.TALOS

**SHA 256:** f3d5815e844319d78da574e2ec5cd0b9dd0712347622f1122f1cb821bb421f8f  
**MD5:** a2d60b5c01a305af1ac76c95e12fdf4a  
**Typical Filename:** KMSAuto.exe  
**Claimed Product:** N/A  
**Detection Name:** W32.File.MalParent

**SHA 256:** e4973db44081591e9bff5117946defbef6041397e56164f485cf8ec57b1d8934  
**MD5:** 93fefc3e88ffb78abb36365fa5cf857c  
**Typical Filename:** Wextract  
**Claimed Product:** Internet Explorer  
**Detection Name:** PUA.Win.Trojan.Generic::85.lp.ret.sbx.tg

**SHA 256:** 00ab15b194cc1fc8e48e849ca9717c0700ef7ce2265511276f7015d7037d8725  
**MD5:** d47fa115154927113b05bd3c8a308201  
**Typical Filename:** mssqlsrv.exe  
**Claimed Product:** N/A  
**Detection Name:** Trojan.GenericKD.65065311

Threat Source newsletter (April 13, 2023) — Dark web forum whac-a-mole

Categories: Ransomware
Categories: Threat Intelligence
Cl0p was the most used ransomware in March 2023, dethroning the usual frontrunner LockBit, after breaching over 104 organizations with a zero-day vulnerability.



(Read more...)




The post Ransomware review: April 2023 appeared first on Malwarebytes Labs.

_This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher._

In a surprising turn of events for the ransomware landscape, Cl0p has emerged as the most used ransomware in March 2023, dethroning the usual frontrunner, LockBit. Indeed, while LockBit was still used in 93 successful attacks last month, it couldn't quite match the sheer force of Cl0p's sudden resurgence.

Contributing to Cl0p's rise to the number one spot was its extensive GoAnywhere campaign. The group successfully breached over 104 organizations by taking advantage of a zero-day vulnerability in the widely-used managed file transfer software, GoAnywhere MFT.

March has also seen some intriguing activity from other ransomware gangs like DarkPower, which appeared to be turning on and off throughout the month, as well as BianLian, which has shifted its focus from encrypting files altogether to pure data-leak extortion.

Known ransomware attacks by gang, March 2023

Known ransomware attacks by country, March 2023

Known ransomware attacks by industry sector, March 2023

Fortra, the company behind GoAnywhere MFT, released an emergency patch (7.1.2) for the vulnerability in early February—but by then, Cl0p had already used it to break into a myriad of networks and deploy ransomware.

Recent research by Malwarebytes highlighted the bias that ransomware gangs have for attacking English-speaking countries, and the Cl0p campaign follows the same trend. Between them, the Anglosphere countries of the USA, Canada, UK, and Australia accounted for 69% of known Cl0p attacks, with Canada and Australia suffering more attacks than countries with bigger populations and economies, like Germany and France.

Known ransomware attacks by Cl0p, March 2023

Cl0p's ability to exploit a zero-day to such effect is akin only in recent memory to the Kaseya VSA ransomware incident in July 2022. The Kaseya attack involved a malicious auto-update that pushed the REvil ransomware onto victims' machines, primarily targeting Managed Service Providers (MSPs), causing widespread downtime for over 1,000 companies.

The successful use of zero-day vulnerabilities by ransomware gangs like Cl0p and REvil is, thankfully, relatively rare. However, when it happens it can be devastating. Ransomware gangs are always looking for new tactics to help them maximize the impact of their attacks and, rare or not, we should all be concerned about the example Cl0p has set for weaponizing a newly discovered vulnerability and exploiting it before a patch is released or applied.

Known Cl0p victims include Rubrik, Hatch Bank and Community Health Systems (CHS).

Cl0p wasn’t the only gang we saw last month experiencing an unexpected surge in activity.

**BlackBasta and LockBit**

In January 2023, we noted a complete absence of activity from BlackBasta, a group which up to that point had usually ranked highly on our monthly charts. That trend continued into February, but in March it returned with a vengeance with over 40 known victims. It’s hard to tell why BlackBasta went underground for two months only to eventually burst back onto the scene, but it's possible that the group was working on developing new attack techniques or evading detection. Other possibilities are a sudden change in leadership, that the group wanted to lay low to avoid the attention of law enforcement, or it simply wanted a break. This kind of thing isn't unusual and the group's sudden re-emergence highlights the unpredictable nature of ransomware gangs and the need for constantly monitoring the latest threat intelligence. Just because a group is gone today doesn't mean it won't be back tomorrow.

Meanwhile, LockBit’s activity in March was headlined by a major ransomware attack on Essendant, a US-based distributor of office products. This attack, which is said to have begun on or around March 6, created severe ramifications for the organization, disrupting freight carrier pickups, online orders, and access to customer support.

In other LockBit news, a CISA advisory on LockBit 3.0 ransomware was released on March 16, 2023. LockBit 3.0, also called LockBit Black, was discovered in June 2022. While many of LockBit 3.0’s TTPs remain consistent with previous versions, the advisory sheds light on the updated and enhanced features in LockBit 3.0. These improvements include more advanced detection evasion methods and customization options that enable affiliates to modify the ransomware's behavior according to their requirements, making the ransomware harder to detect and counter.

**Dark Power**

March saw the rise of Dark Power, a new ransomware group that tallied 10 victims. Dark Power’s ransomware is interesting in that it is written in the relatively obscure Nim programming language.

Dark Power's approach to ransomware, despite being relatively basic, manages to create unique encryption keys for each targeted machine, making it difficult to develop a generic decryption tool. The ransomware effectively stops services and terminates processes, ensuring the encryption process is unhindered. It also clears logs, making it harder for analysts to investigate an attack.

The effectiveness of Dark Power ransomware underlines the fact that attackers do not always need advanced, novel techniques to succeed. A basic approach, executed well and combined with an adaptable programming language, can prove to be just as effective.

**BianLian**

BianLian, a ransomware gang that first appeared in July 2022 and has consistently hovered near the top of our monthly charts, has shifted its focus from encrypting files to data-leaks. The group's shift in focus can be attributed to the release of a decryption tool by Avast, which made encrypting files less effective for BianLian. Consequently, the group now focuses on threatening to leak stolen data to extort payments from victims instead.

BianLian's shift toward data-leak extortion demonstrates that RaaS gangs can be highly adaptable to changing circumstances, such as the emergence of decryption tools that undermine encryption-based ransomware. This strategic shift allows them to maintain a steady income stream, even as traditional methods lose their effectiveness.

As organizations face the daunting prospect of sensitive data leaks or security breach exposure, they are more likely to pay ransoms to avoid legal, financial, and reputational repercussions. Furthermore, the lingering threat of leaked data, even after recovering encrypted files, makes it harder for victims to resist paying ransoms. 

Our Ransomware Emergency Kit contains the information you need to defend against ransomware-as-a-service (RaaS) gangs.

**How to avoid ransomware**

*   **Block common forms of entry**. Create a plan for patching vulnerabilities in internet-facing systems quickly; disable or harden remote access like RDP and VPNs; use endpoint security software that can detect exploits and malware used to deliver ransomware.
*   **Detect intrusions**. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
*   **Stop malicious encryption**. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
*   **Create offsite, offline backups**. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
*   **Don’t get attacked twice.** Once you've isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Ransomware review: April 2023

Adobe Digital Editions version 4.5.11.187303 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Security Updates Available for Adobe Digital Editions | APSB23-04

Bulletin ID

Date Published

Priority

APSB23-04

April 11, 2023    

3

**Summary**

Adobe has released a security update for Adobe Digital Editions. This update resolves one critical vulnerability that could result in arbitrary code execution.     

**Affected product versions**

**Product**

**Version**

**Platform**

Adobe Digital Editions

4.5.11.187303 and earlier versions  

Windows

**Solution**

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Product

Version

Platform

Priority

Availability

Adobe Digital Editions

4.5.11.187658  

Windows

3

Download Page

*   Customers can download the update from the Adobe Digital Editions download page, or utilize the product’s update mechanism when prompted.

**Vulnerability details**

Vulnerability Category

Vulnerability Impact

Severity

**CVSS base score**    

**CVSS vector**   

CVE Numbers

Out-of-bounds Write (CWE-787)  

Arbitrary code execution

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  

CVE-2023-21582  

**Acknowledgments**

Adobe would like to thank the following security researchers for reporting these issues and for working with Adobe to help protect our customers.       

*   Michael DePlante (@izobashi) with Trend Micro Zero Day Initiative - CVE-2023-21582

For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com

CVE-2023-21582: Adobe Security Bulletin

**MOUNTAIN VIEW, Calif., April 11, 2023** – Menlo Security, a leader in browser security, today shared results from the CyberEdge Group’s 10th Annual Cyberthreat Defense Report (CDR). This year’s report, sponsored in part by Menlo Security, highlights the growing importance of browser isolation technologies to combat ransomware and other malicious threats. This continues to be critically important as the research revealed that 78% of ransomware attacks include threats beyond data encryption.

Threat actors know today’s employees spend most of their time working in their web browser, making it both a critical business asset and an attractive attack vector if not properly protected. More than half (51%) of respondents use some form of browser or Internet isolation to protect their organizations, with another 40% planning to deploy this type of technology in the next 12 months. Furthermore, 33% of respondents noted that browser isolation is a key element of their cybersecurity strategy for protecting against sophisticated attacks such as ransomware, phishing and zero-day attacks.

This growing focus on browser security is validated by CDR findings that four in five respondents said that when victimized by ransomware attacks, which are often delivered through the browser, they faced the consequences of multiple threats if they did not pay the ransom. These multi-level attacks included threats to publicly release exfiltrated data (40%), notify customers/media of a data breach (42%) or commit a DDoS attack against the organization (42%).

“Evasive web threats, including Highly Evasive Adaptive Threats (HEAT), often come through the web browser and easily bypass multiple layers of detection in prominent security technology, resulting in malware, compromised credentials, and, many times, ransomware,” said Mark Guntrip, senior director of cybersecurity strategy at Menlo Security. “The CDR shows that the risk of ransomware delivered via a HEAT attack is becoming even more serious, with multiple threats in one payload. Preventing it is critical and browser isolation technologies are a highly effective way to do so.”

This year’s CDR notes browser isolation as an up-and-coming technology that allows employees to perform activities such as accessing websites, opening emails and downloading documents in an isolated environment in the cloud. Because the browser session is isolated, any malware, ransomware or other threats are unable to reach corporate systems, negating the effectiveness of even sophisticated attacks.

“It’s exciting to see browser isolation technologies embraced by CDR respondents, in part because they’re designed to improve security without affecting the end user’s experience at all,” said Steve Piper, founder and CEO of CyberEdge Group. “We think that we’ll all be hearing more about the importance of this type of technology in the future.”

**About the CDR**

In November 2022, 1,200 IT security decision makers and practitioners completed a 27-question online survey. Each participant was employed by a commercial or government entity with a minimum of 500 employees. Participants came from six geographic regions: North America, Europe, Asia Pacific, the Middle East, Latin America, and Africa. The CDR gauges perceptions about cyberthreats and ascertains future plans for improving security and reducing risk. It empowers IT security professionals to benchmark their company’s security posture, operating budget, product investments, and best practices against peers in their industry and geographic region.

**About CyberEdge Group**

CyberEdge Group is an award-winning research and marketing consulting firm serving the diverse needs of information security vendors and service providers. Headquartered in Annapolis, Maryland, with 60+ consultants based across North America, CyberEdge works with approximately one in every six IT security vendors. The company’s annual Cyberthreat Defense Report provides information security decision makers and practitioners with practical, unbiased insight into how enterprises and government agencies defend their networks in today’s complex cyberthreat landscape. For more information, visit www.cyber-edge.com. The CyberEdge Group name and logo are trademarks of CyberEdge Group, LLC in the United States and other countries. All other trademarks and service marks are the property of their respective owners.

**About Menlo Security**

Menlo Security protects organizations from cyberattacks by eliminating the threat of malware from the web, documents, and email. Menlo Security’s patented Isolation-powered cloud security platform scales to provide comprehensive protection across enterprises of any size, without requiring endpoint software or impacting the end user-experience. Menlo Security is trusted by major global businesses, including Fortune 500 companies, eight of the ten largest global financial services institutions, and large governmental institutions. The company is backed by Vista Equity Partners, Neuberger Berman, General Catalyst, American Express Ventures, Ericsson Ventures, HSBC, and JP Morgan Chase. Menlo Security is headquartered in Mountain View, California. For more information, please visit www.menlosecurity.com.

Menlo Security Illustrates Importance of Browser Security as 4 in 5 Ransomware Attacks Include Threats Beyond Data Encryption

**MIAMI****,** **April 12, 2023** **/PRNewswire/ --** Network Assured has reported that data leaks, phishing scams and malware infections attributable to ChatGPT are on the rise. The report tracks the most significant cybersecurity breaches in which ChatGPT has been involved and has found almost two new events of concern each week through March and April 2023.

**March Saw OpenAI's First Major Data Leak**

As many as 1.2% of ChatGPT users during a particular session in March may have had their payment details exposed to the public. While the bug that caused the leak was quickly fixed, the leak's impact on credit card fraud and identity theft may not be known for months.

**3 New ChatGPT-linked Security Events in First Two Weeks of April**

In April alone, the report found: ChatGPT was involved in a major data leak at Samsung, where staff members uploaded sensitive information that included source code from defective equipment and the transcripts of private meetings.

The report also revealed:

*   **A 135% increase in novel phishing attacks:** Hackers are using tools like ChatGPT to create more convincing phishing emails using sophisticated language that matches the target organization.
*   Fake browser **plugins posing as ChatGPT deployed malware to as many as 2,000 people per day** over a 6 day period in March.
*   **Scammers Impersonated OpenAI to promote a fake Defi token** with a phishing email campaign.
*   Dark web forum users are distributing **scripts that allow malicious actors to bypass ChatGPTs illegal content filters** and create new Malware.
*   11% of what company employees paste into ChatGPT during the course of work, was sensitive company information.

**Researchers Use ChatGPT to Create Undetectable Zero Day Virus**

Documenting additional cybersecurity risks, the report highlights the first case of ChatGPT creating a Zero Day virus, with undetectable exfiltration, that successfully passed a virus scan.

The virus was made by a novice developer, using only prompts from ChatGPT. In his worrying conclusion, the developer noted that _"this kind of end to end, very advanced attack has previously been reserved for nation state attackers."_

**A.I. Tools Are Fighting Cybercrime Too**

Fortunately, A.I. tools are also being used to detect and prevent cyberattacks at an increasing rate. The report cites evidence from January 2023 indicating that AI-based security tools stopped over 1.7 million malware attacks within a 90 day period.

To see the complete set of leaks, phishing attempts and malware attacks and cyber risks attributable to ChatGPT, including a full breakdown of the largest healthcare breaches by records stolen, and damage incurred, with full color charts, please see the report here.

**About Network Assured**

Network Assured is a free, independent advisory that helps businesses price cybersecurity services, perform due diligence, and find better vendors. Learn more at www.NetworkAssured.com.

Tag

#zero_day