News
Kaspersky Finds Zero-Day Exploit in Windows OS
Kaspersky automated detection technologies have found a Windows zero-day vulnerability. The exploit based on this vulnerability allowed attackers to gain higher privileges on the attacked machine and avoid protection mechanisms in the Google Chrome browser. The newly discovered exploit was used in the malicious WizardOpium operation.
Zero-day vulnerabilities are previously unknown bugs in the software, which, if found by criminals first, enable them to operate unnoticed for a long time, inflicting serious and unexpected damage. Regular security solutions do not identify the system infection nor can they protect users from a yet-to-be-recognized threat.
The new Windows vulnerability was found by Kaspersky researchers thanks to yet another zero-day exploit. Back in November 2019, Kaspersky’s Exploit Prevention technology, which is embedded in most of the company’s products, was able to detect a zero-day exploit in Google Chrome. This exploit allowed attackers to execute arbitrary code on a victim’s machine. Upon further research of this operation, which the experts called ‘WizardOpium’, another vulnerability was discovered, this time in Windows OS.
It emerged that the newly discovered Windows zero-day elevation of privileges (EoP) exploit (CVE-2019-1458) was embedded into a previously discovered Google Chrome exploit. It was used to gain higher privileges in the infected machine as well as to escape the Chrome process sandbox – a component built to protect the browser and the victim’s computer from malicious attacks.
Detailed analysis of the EoP exploit showed that the abused vulnerability belongs to the win32k.sys driver. The vulnerability could be abused on the latest patched versions of Windows 7 and even on a few builds of Windows 10 (new versions of Windows 10 have not been affected).
“This type of attack requires vast resources, however, it gives significant advantages to the attackers and as we can see, they are happy to exploit it. The number of zero-days in the wild continues to grow and this trend is unlikely to go away. Organizations need to rely on the latest threat intelligence available at hand and have protective technologies that can proactively find unknown threats such as zero-day exploits,” commented Anton Ivanov, security expert at Kaspersky.
Kaspersky products detect this exploit with next verdict PDM:Exploit.Win32.Generic. The vulnerability was reported to Microsoft and patched on December 10, 2019. To prevent the installation of backdoors through Windows zero-day vulnerability, Kaspersky recommends taking the following security measures:
- Install Microsoft’s patch for the new vulnerability as soon as possible. Once the patch is downloaded, threat actors can no longer abuse the vulnerability
- Make sure that all software is updated as soon as a new security patch is released if you are concerned about the safety of your whole organization. Use security products with vulnerability assessment and patch management capabilities to make sure these processes run automatically
- Use a proven security solution with behavior-based detection capabilities for protection against unknown threats, such as Kaspersky Endpoint Security
- Make sure your security team has access to the most recent cyber threat intelligence. Private reports on the latest developments in the threat landscape are available to customers of Kaspersky Threat Intelligence
Gadgets
Huawei to Launch Next-Generation Foldable Smartphone at Dubai Launch Event
Huawei is set to host a highly anticipated launch event in Dubai this December, where the company will unveil several innovative products that promise to redefine the tech landscape. The event marks a pivotal moment for the brand, unveiling groundbreaking products like the HUAWEI Mate X6, HUAWEI FreeBuds Pro 4, and HUAWEI nova 13 Series. The new products will set new benchmarks for design, functionality, and user experience in the mobile and audio markets.
As Huawei continues solidifying its position as a leader in the tech industry, this launch will underscore the company’s expanding influence in international markets. Huawei’s latest flagship foldable, the HUAWEI Mate X6, will be unveiled during the Dubai launch. The phone is expected to redefine the future of foldable smartphone technology. It is among the company’s most advanced foldables to date. The Mate X6 is expected to take mobile photography to new heights, building on Huawei’s legacy of pioneering smartphone cameras of the Mate Series.
Besides the Mate X6, Huawei will unveil its next-generation audio products, including the HUAWEI FreeBuds Pro 4. These earbuds will be the first to feature HUAWEI SOUND, offering an immersive audio experience. They will also include AI-driven noise reduction technology, designed to isolate the wearer’s voice during calls while eliminating environmental noise. This feature significantly enhances call quality, particularly in noisy environments.
Consumers can also look forward to the launch of the HUAWEI nova 13 series, a new midrange smartphone that brings a unique interweaving design and an array of exciting features. The nova 13 series offers significant upgrades over its predecessors, including enhanced camera capabilities, a performance boost, and more. The new HUAWEI MatePad 11.5 will also deliver a paper-like experience, perfect for light office productivity, efficient learning, and everyday tasks.
The Dubai event, scheduled for the 12th of December, will mark the global unveiling of Huawei’s several innovative products. The MEA market is one of the fastest-growing and most dynamic regions for technology, and Huawei is committed to strengthening its regional presence. By continuing to introduce groundbreaking products, Huawei is positioning itself to shape the future of mobile technology while reinforcing its role as a global tech powerhouse.
News
The Browser Company Unveils Dia, Its AI-Powered Browser
The Browser Company, known for its Arc Browser available on desktop and mobile, has unveiled its upcoming web browser called Dia, which focuses heavily on AI tools. Having previously launched Arc on Mac and Windows, and Arc Search on iOS and Android, the company is now working on a new product aimed at a broader audience.
Scheduled for an early 2025 release, Dia promises to bring a host of innovative features. The company recently launched a new website showcasing a video about Dia and listing various open roles within the company. The website states, “AI won’t exist as an app. Or a button. We believe it’ll be an entirely new environment — built on top of a web browser.” This vision for an integrated AI environment is a key component of Dia’s development.
In a video presentation, CEO Josh Miller demonstrated some of Dia’s early prototypes. One tool operates at the insertion cursor, aiding users in writing the next sentence or retrieving facts from the internet about topics such as the original iPhone’s launch and specifications. Additionally, the tool can fetch Amazon links opened in the browser to include in emails with basic descriptions.
Another feature allows users to type commands into the address bar to perform various actions, such as fetching documents, sending emails through the preferred email client, and scheduling meetings using natural language prompts. While some of these features may seem similar to existing browser-based writing and calendar tools, the true uniqueness and usefulness of Dia will only be known upon its release.
A more ambitious demo showcased Dia’s ability to perform actions on the user’s behalf, such as adding items from an email to an Amazon cart. In the demo, Dia browses Amazon, finds the specified items, and adds them to the cart autonomously. Another example demonstrated Dia’s capability to email participants listed in a Notion table for a video shoot. The Browser Company is not alone in envisioning an AI assistant capable of understanding interfaces and executing tasks. Many startups have showcased similar concepts and demos of AI models and tools designed to control users’ screens.
In a recent video, Miller hinted at developing new products for a wider audience while assuring current users that Arc’s design and functionality would remain largely unchanged. He acknowledged that although Arc has a dedicated and growing user base, its complexity might not appeal to everyone. The challenge for the company will be to create a browser with AI features that work seamlessly and potentially generate revenue.
Apps
Google Maps Integrates Waze Incident Reports for Enhanced Navigation
Google Maps has started to display Waze incident reports during navigation, allowing users to contribute by confirming road conditions via prompts. This integration follows Google’s July announcement that both apps would share more data, including Waze-sourced road closures, construction updates, speed cameras, and police presence information.
Over the holiday weekend, a Reddit user shared a screenshot of a prompt indicating “Police reported ahead” based on Waze driver reports, as reported by 9to5Google and Android Authority. Users can update these reports to reflect current conditions, similar to other incident notifications in Google Maps.
This is the first confirmed sighting of the feature in action, but more reports are expected. Despite merging the teams behind Maps and Waze, Group Project Manager Can Comertoglu told The Verge that the apps will continue to operate separately. Waze’s 500,000-plus contributors prefer some features of Waze over Google Maps, and vice versa.
This new feature enhances Google Maps’ functionality by leveraging Waze’s real-time incident reporting, providing users with more comprehensive and up-to-date information on their routes.
You must be logged in to post a comment Login