Chrome, Defender and Firefox 0-days Linked To Commercial IT firm in Spain 13
Google researchers say they have linked a Barcelona, Spain-based IT company to the sale of advanced software frameworks that exploit vulnerabilities in Chrome, Firefox, and Windows Defender. From a report: Variston IT bills itself as a provider of tailor-made Information security solutions, including technology for embedded SCADA (supervisory control and data acquisition) and Internet of Things integrators, custom security patches for proprietary systems, tools for data discovery, security training, and the development of secure protocols for embedded devices.
According to a report from Google's Threat Analysis Group, Variston sells another product not mentioned on its website: software frameworks that provide everything a customer needs to surreptitiously install malware on devices they want to spy on. Researchers Clement Lecigne and Benoit Sevens said the exploit frameworks were used to exploit n-day vulnerabilities, which are those that have been patched recently enough that some targets haven't yet installed them. Evidence suggests, they added, that the frameworks were also used when the vulnerabilities were zero-days. The researchers are disclosing their findings in an attempt to disrupt the market for spyware, which they said is booming and poses a threat to various groups.
According to a report from Google's Threat Analysis Group, Variston sells another product not mentioned on its website: software frameworks that provide everything a customer needs to surreptitiously install malware on devices they want to spy on. Researchers Clement Lecigne and Benoit Sevens said the exploit frameworks were used to exploit n-day vulnerabilities, which are those that have been patched recently enough that some targets haven't yet installed them. Evidence suggests, they added, that the frameworks were also used when the vulnerabilities were zero-days. The researchers are disclosing their findings in an attempt to disrupt the market for spyware, which they said is booming and poses a threat to various groups.
Re: (Score:2)
"Barcelona, Spain" is like "Edinburgh, Britain" (Score:1)
I don't think you would use the latter, so don't use the former.
It's "Barcelona, Catalunya".
On topic: Why is Google telling this to the public, and not to the Catalan police ?
product you buy (Score:2)
So this is a product you buy and that product has a 0-day ? If so, why is this tagged as a Firefox/Chrome issue ?
Is this product only for Windows ? I suspect yes since Defender is mentioned.
Re: (Score:2)
Re: (Score:2)
No. This is a product that you buy to exploit 0-days on other people's computers, via Firefox, Chrome, and Windows Defender. Can you not read the summary?
Variston sells another product not mentioned on its website: software frameworks that provide everything a customer needs to surreptitiously install malware on devices they want to spy on.
TFA has more details:
Heliconia Noise included both an exploit for the Chrome renderer andan exploit for escaping the Chrome security sandbox,
The Files framework contained a fully documented exploit chain for Firefox running on Windows and Linux. It exploits CVE-2022-26485, a use-after-free vulnerability that Firefox fixed last March. The researchers said Files likely exploited the code-execution vulnerability since at least 2019, long before it was publicly known or patched.
Re: (Score:2)
Now a One-day exploit (Score:3)
Since this article came out yesterday, it's no longer Day 0, but Day 1.
Oh but wait, the exploit probably happened weeks ago, since it's just now reaching the press. So how many days is it, exactly?