Chrome Bug Squashed, Qnap Nas Nasty Hits, Bluekeep Malware Spreads, And More
Arthur T Knackerbracket has found the following story:
Anyone running Chrome will want to update and restart their browser in order to make sure they have the latest build, as usual. Google has patched a bunch of flaws including a use-after-free() vulnerability (CVE-2019-13720) that was being actively exploited in the wild against victims. Make sure you're running version 78.0.3904.87 or higher for Windows, Mac, and Linux to be safe.
More technical details are here: essentially, a malicious JavaScript file on a webpage can exploit the vulnerability to potentially gain arbitrary code execution and install spyware and other horrible stuff on the computer. Kaspersky reckons the flaw was abused in an attempt to infect Chrome-using visitors of a Korean-language news website, in a campaign dubbed Operation WizardOpium.
We hope you've all patched your Windows systems for the BlueKeep RDP flaw, which can be exploited to achieve remote-code execution on vulnerable machines. It appears Monero-mining malware is spreading among un-patched boxes via the security flaw. Microsoft patched the bug way back in May.
Marcus Hutchins, with help from Kevin Beaumont, has detailed the spread of the BlueKeep-exploiting nasty here for Kryptos Logic.
All the more reason to ensure you're patched.
Read more of this story at SoylentNews.