Hacks

Researchers discovered a  newly patched Windows Zero-day vulnerability  exploit already used in Operation WizardOpium attacks along with Chrome Zero-day exploit in last month. The attack was initially observed by Kaspersky researchers who have already uncovered a Google Chrome 0-day exploit that was used in the part of the attack. Further detailed investigation revealed that the exploit for Google Chrome embeds a 0-day EoP exploit ( CVE-2019-1458 ) that is used to gain higher privileges on the infected machine and also escape the Chrome process sandbox. Researchers observed the 2 different stages in EoP exploit, one is a tiny PE loader and another one is an actual exploit. Kaspersky products detect this exploit with the verdict PDM: Exploit.Win32.Generic. EoP exploit indicates that the vulnerability it used belongs to the win32k.sys driver and that the EoP exploit was the 0-day exploit, and it was confirmed by the researchers when they have tested with an exp...

After enabling ' Site Isolation ' security feature in Chrome for desktops last year, Google has now finally introduced 'the extra line of defence' for Android smartphone users surfing the Internet over the Chrome web browser. In brief, Site Isolation is a security feature that adds an additional boundary between websites by ensuring that pages from different sites end up in different sandboxed processes in the browser. Since each site in the browser gets its own isolated process, in case of a browser flaw or Spectre like side-channel vulnerability, the feature makes it harder for attackers or malicious websites to access or steal cross-site data of your accounts on other websites. Site Isolation helps protect many types of sensitive data, including authentication cookies, stored passwords, network data, stored permissions, as well as cross-origin messaging that help sites securely pass messages across domains. The feature gained attention in January 2018, when...