This is not to defend: the expert explained the leakage of user data via Chrome
A group of attackers stole data from Google Chrome users, taking advantage of a vulnerability in the protection of the browser. About it today, March 1, reports ” Tape.ru.»
As noted, the vulnerability was first discovered by the employees of the EdgeSpot organization, who published their report in the official blog of the company. It turned out that the problem lies in the features of working with PDF-files. Experts were able to establish that documents of this type transmit to unauthorized users data about the device of the victim, as soon as they open the PDF-file through a browser.
In total, experts were able to fix two such attacks, during which the attackers used this vulnerability. Criminals used two PDF-documents. The last time the attack was carried out in the autumn of 2018. The files did not contain any dangerous viruses. According to experts, most likely, in this way the attackers tried to try out new weapons for future active attacks.
Now this story was reacted to by Google-the management promised to fix the vulnerability by April 2019. In the meantime, experts in the field of cybersecurity recommend users not to open PDF-files in Google Chrome, and wait for the release of an updated version of the browser. Until this happens, it is better to use separate desktop applications.
As noted in an interview with the correspondent of “political Russia” Chairman of the non-profit partnership “Union of defenders of information” Alexander Evgenievich Brazhnikov, unfortunately, many leading Internet companies allow in their work such flaws, through which attackers can gain access to confidential information.
“The situation with Google Chrome, of course, unpleasant. But this is the cost of market demands. Mad race forces developers to roll out a product in the shortest possible time, sometimes without paying attention to any trifles. In General, for sale, typically, the crude product, which later, after receiving the user response, only being supplemented and corrected by the updates. And Google is not the only one here. Hackers found vulnerabilities in both Microsoft and Apple products. Such situations have long become commonplace, “ the expert believes.
Indeed, the news about how hackers use vulnerabilities in the products of popular Internet giants, has long been no surprise. So, last year, the attackers discovered a gap in the system Intent Android OS, thanks to which they were able to intercept data on devices connected to the local network, showing the name of Wi-Fi, the password of the wireless access point, the MAC address of all connected gadgets, incoming and outgoing traffic. Thus, hackers could easily track the movements of users, as well as hack personal data.
In January of this year, it became known that the e-mail system for Microsoft Exchange business, since 2013, is subject to a vulnerability called PrivExchange. This bug allows an attacker to elevate the privileges of any account to an administrator on a domain controller.
In November 2018, a team of hackers from China were able to find a serious bug in the system iPhone X. They managed to infiltrate the system through a hole in the Safari browser and a specially configured access point Wi-Fi. As a result of controlled hacking, experts have found seemingly permanently deleted photos of the user on the iPhone. Fortunately, they did not take advantage of this vulnerability and reported it to Apple, for which they received a reward of 50 thousand dollars.
As Alexander Brazhnikov explains, it is almost impossible to protect yourself from hacker hacks, but you can minimize the risks by observing basic security rules.
“When attacks are carried out through Wi-Fi points, you are likely to do nothing. You just need to not connect to it, but no one thinks about it. This is not the case with files that allow attackers to access your data. Here you will save elementary caution. Do not click on unfamiliar links or download any questionable files. If you still need to download, read the comments of other downloads, if possible, if they are. But in General, I can say that it is almost impossible to protect ourselves from this, and we all at least once became victims of hacker antics, just not everyone knows about it,” the expert explains.
Earlier, it became known that the attackers use Facebook and Google to send malicious software to users. As a rule, infected files are sent under the guise of pirated games or programs. At the same time, the administration of Facebook and Google is extremely slow and unresponsive to respond to complaints in this regard. Also containing viruses spam can be found on sites such as medium.com, change.org, zendesk.com, ghost.org, bitly.com ahhh!