Google has recently implemented crucial security updates for its Chrome web browser, targeting a high-severity zero-day vulnerability actively exploited in the wild.
This critical flaw, identified as CVE-2023-7024, involves a heap-based buffer overflow in the WebRTC framework, posing risks of program crashes and arbitrary code execution.
Discovery and Reporting
The credit for uncovering and reporting this vulnerability goes to Clément Lecigne and Vlad Stolyarov from Google’s Threat Analysis Group (TAG).
While specific details are withheld to prevent further exploitation, Google has confirmed the existence of an in-the-wild exploit for CVE-2023-7024.
Series of Exploited Zero-Days
This marks the resolution of the eighth actively exploited zero-day in Chrome this year, further emphasizing the escalating cybersecurity challenges.
The vulnerabilities in this series include type confusion in V8 (CVE-2023-2033, CVE-2023-3079, CVE-2023-4762), integer overflow in Skia (CVE-2023-2136, CVE-2023-6345), and heap buffer overflow in WebP (CVE-2023-4863).
Recommended Action
To mitigate potential threats, users are strongly advised to upgrade to Chrome version 120.0.6099.129/130 for Windows and 120.0.6099.129 for macOS and Linux.
Chromium-based browser users, including Microsoft Edge, Brave, Opera, and Vivaldi, should promptly apply fixes as they become available.
Smishing Triad Exploits UAE Identity Agency Impersonation for Targeted Attacks
Concerning a development, the Smishing Triad, a group of Chinese-speaking threat actors, has been identified as executing sophisticated smishing attacks by posing as the United Arab Emirates Federal Authority for Identity and Citizenship.
Their modus operandi involves sending malicious SMS messages, utilizing URL shortening services to obfuscate their links and ensure the anonymity of their fake websites.
Background
Initially documented in September 2023, this threat group gained notoriety for employing compromised Apple iCloud accounts to orchestrate smishing attacks, specializing in identity theft and financial fraud.
The group is also known for offering smishing kits on a subscription basis, pricing them at $200 per month, enabling other cybercriminals to partake in their nefarious activities.
Additionally, the Smishing Triad engages in Magecart-style attacks, infiltrating e-commerce platforms to steal customer data by injecting malicious code.
Fraud-as-a-Service Model
A distinctive aspect of Smishing Triad’s operations is adopting a “Fraud-as-a-Service” (FaaS) model. Providing ready-to-use toolkits empowers other cybercriminals to execute independent smishing attacks, thereby scaling their criminal operations.
Latest Smishing Campaign
The recent wave of attacks focuses on individuals who have recently updated their residence visas, employing harmful messages that impact Android and iOS devices. The attackers likely utilize SMS spoofing or spam services to facilitate the scheme.
Upon clicking the embedded link, recipients are directed to a deceptive website (“rpjpapc[.]top”) imitating the UAE Federal Authority for Identity, Citizenship, Customs, and Port Security.
The fake site prompts users to input sensitive information like names, passport numbers, mobile numbers, addresses, and card details.
Geofencing Mechanism
The campaign incorporates a geofencing mechanism, loading the phishing form exclusively when accessed from IP addresses within the UAE and on mobile devices.
This strategic approach enhances their attacks’ precision and targeted nature, indicating potential access to private channels or sources providing information about UAE residents and foreigners.
Connection to OLVX Marketplace
Coinciding with this campaign, the discovery of a new underground market, OLVX Marketplace (“olvx[.]cc”), adds another layer to the cyber threat landscape. This marketplace claims to sell tools for online fraud, including phishing kits, web shells, and compromised credentials.
OLVX’s collaboration with cybercriminals further amplifies its impact and attractiveness to malicious actors.
Latest Fraudulent Activities To Be Aware Of!
The Smishing Triad’s sophisticated tactics and the emergence of platforms like OLVX Marketplace highlight the need for robust cybersecurity measures and collaborative efforts to thwart the expanding cybercrimes.
