Updated: Aug 5
In this week's Cyber Weekly Digest we dive into the latest cyber security stories including the attackers arrested by Spanish law enforcement for sabotaging the country’s radioactivity alert network last year. Keep reading to stay up to date on the biggest cyber security news.
Israeli Spyware company actively exploited Google Chrome Zero-Day that came to light earlier this month. They weaponised the exploit in attacks targeting journalists in the Middle East. Researchers have linked the exploitation to Candiru (aka Saito Tech), which has a history of leveraging previously unknown flaws to deploy a Windows malware named DevilsTongue, a modular implant with Pegasus-like capabilities. The vulnerability used by the Israeli spyware company is CVE-2022-2294, memory corruption in the WebRTC component of the Google Chrome browser. This exploit has been patched by Google. The exploit was abused to gain initial access to the victim’s device, the threat actors will then abuse another zero-day exploit that has not been captured yet and gain full access to the victim’s device.
The Amadey Bot malware is being distributed through the SmokeLoader malware, using software cracks and keygen sites as lures. Amadey Bot was first discovered 4 years ago, it is capable of gaining reconnaissance, stealing information, and loading additional payloads. The SmokeLoader payload is downloaded and executed voluntarily by the victim. The installation requires the user to disable Anti-virus, which is normal for software cracking and keygen. S