Stories
Slash Boxes
Comments

SoylentNews is people

Chrome Bug Squashed, QNAP NAS Nasty Hits, Bluekeep Malware Spreads, and More

posted by Fnord666 on Tuesday November 05 2019, @06:18PM   Printer-friendly
from the a-long-list dept.

Arthur T Knackerbracket has found the following story:

Anyone running Chrome will want to update and restart their browser in order to make sure they have the latest build, as usual. Google has patched a bunch of flaws including a use-after-free() vulnerability (CVE-2019-13720) that was being actively exploited in the wild against victims. Make sure you're running version 78.0.3904.87 or higher for Windows, Mac, and Linux to be safe.

More technical details are here: essentially, a malicious JavaScript file on a webpage can exploit the vulnerability to potentially gain arbitrary code execution and install spyware and other horrible stuff on the computer. Kaspersky reckons the flaw was abused in an attempt to infect Chrome-using visitors of a Korean-language news website, in a campaign dubbed Operation WizardOpium.

We hope you've all patched your Windows systems for the BlueKeep RDP flaw, which can be exploited to achieve remote-code execution on vulnerable machines. It appears Monero-mining malware is spreading among un-patched boxes via the security flaw. Microsoft patched the bug way back in May.

Marcus Hutchins, with help from Kevin Beaumont, has detailed the spread of the BlueKeep-exploiting nasty here for Kryptos Logic.

All the more reason to ensure you're patched.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Chrome Bug Squashed, QNAP NAS Nasty Hits, Bluekeep Malware Spreads, and More | Log In/Create an Account | Top | 10 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by NickM on Tuesday November 05 2019, @08:44PM (1 child)

    by NickM (2867) on Tuesday November 05 2019, @08:44PM (#916514) Journal
    Raid 0 for backup!!!<sarcasm> doubles the risks, squares your pleasure
    --
    I a master of typographic, grammatical and miscellaneous errors !
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by JoeMerchant on Tuesday November 05 2019, @08:54PM

    by JoeMerchant (3937) on Tuesday November 05 2019, @08:54PM (#916520)

    I'm sure I said that wrong - Hey Google explain RAID levels.

    Yep, meant RAID 1 - which is so illogical to me, wouldn't 2 make more sense for mirrored disks, or 0 for no striping?

    Anyway, in the ensuing 13 years of 24-7 service I've had 2 of those rotating drives fail, never both at the same time, and did capacity upgrades to 2TB each, which seems like more data than my brain needs repeated access to, in the local network at least. Next replacement is probably going to be a SSD, but I just can't justify messing with something that works.

    --
    🌻🌻 [google.com]