In response to a high-severity security vulnerability in its Chrome browser that it said has been used in the wild, Google released updates for the browser on Thursday.
The vulnerability, which has been assigned the CVE identifier CVE-2024-5274, is related to a type misunderstanding fault in the WebAssembly and JavaScript V8 engines. On May 20, 2024, Brendon Tiszka of Chrome Security and Clément Lecigne of Google’s Threat Analysis Group reported it.
Type confusion vulnerabilities happen when a programme tries to use a resource that isn’t compatible with its kind. Because it gives threat actors the ability to run arbitrary code, do out-of-bounds memory access, and cause a crash, it may have dangerous repercussions.
With the development, Google has now fixed four zero-day vulnerabilities this month, following CVE-2024-4671, CVE-2024-4761, and CVE-2024-4947.
Although it could not provide further technical information regarding the vulnerability, the tech giant did admit that it “is aware that an exploit for CVE-2024-5274 exists in the wild.” It is unclear whether the flaw is a workaround for CVE-2024-4947, a V8 type confusion fault.
Since the beginning of the year, Google has fixed eight zero-day vulnerabilities in Chrome with the most recent patch.
To reduce possible risks, users are advised to update to Chrome versions 125.0.6422.112/.113 for Windows and macOS and 125.0.6422.112 for Linux.
It’s also recommended that users of Chromium-based browsers like Vivaldi, Microsoft Edge, Brave, Opera, and Opera update the changes as soon as they become available.
New research reveals that ransomware assaults on VMware ESXi infrastructure follow a consistent pattern, independent of the file-encrypting malware used.
“Virtualization platforms are a core component of organizational IT infrastructure, yet they often suffer from inherent misconfigurations and vulnerabilities, making them a lucrative and highly effective target for threat actors to abuse,” cybersecurity firm Sygnia said in a report shared with The Hacker News.
The Israeli business discovered that attacks on virtualization environments follow a similar pattern of events through its incident response work with different ransomware families, including LockBit, HelloKitty, BlackMatter, RedAlert (N13V), Scattered Spider, Akira, Cactus, BlackCat, and Cheerscrypt.
This entails taking the subsequent actions:
Gaining first access by means of phishing scams, downloading malicious files, and taking advantage of known flaws in assets that are visible to the internet
Escalating their privileges to use brute-force assaults or other techniques to get credentials for ESXi hosts or Center
Establishing the ransomware and confirming their access to the virtualization infrastructure
Destroying or encrypting backup systems, or in certain situations, altering the passwords, to make recovery attempts more difficult
Stealing information and transferring it to other sites like Dropbox, Mega.io, or their own hosting services
Starting the ransomware’s execution to encrypt the ESXi filesystem’s “/vmfs/volumes” subdirectory
Spreading the ransomware to workstations and servers that aren’t virtualized in order to increase the attack’s reach
Organizations should make sure that sufficient monitoring and logging are in place, develop reliable backup plans, impose stringent authentication procedures, harden the environment, and put in place network limitations to stop lateral movement in order to reduce the dangers caused by such attacks.
The development came about after cybersecurity firm Rapid7 issued a warning on a campaign that has been going on since early March 2024 and uses malicious advertisements on popular search engines to disseminate trojanized installers for PuTTY and WinSCP via typosquatted domains, which in turn installs ransomware.
By dropping the Sliver post-exploitation toolkit through these fake installers, additional payloads are sent, such as a Cobalt Strike Beacon that is used to spread ransomware.
The action is tactically similar to other BlackCat ransomware assaults in which the initial access vector was malvertising, as part of a recurrent campaign that spreads the Nitrogen malware.
“The campaign disproportionately affects members of IT teams, who are most likely to download the trojanized files while looking for legitimate versions,” Tyler McGraw, a security researcher, stated.
“The successful execution of the malware gives the threat actor a stronger footing and impedes analysis by distorting the aim of following administrative activities.”
The discovery also comes following the introduction of new ransomware families such as Beast, MorLock, Synapse, and Trinity, with the MorLock gang specifically targeting Russian companies and encrypting files without first exfiltrating them.
“The [MorLock] attackers demand a significant ransom, which can be tens or hundreds of millions of rubles,” Group-IB’s Russian subsidiary F.A.C.C.T. claimed.
According to NCC Group data, global ransomware attacks in April 2024 decreased by 15% from the previous month, from 421 to 356.
Notably, April 2024 marks the end of LockBit’s eight-month reign as the threat actor with the most victims, showing the company’s difficulties to survive surviving a massive law enforcement takedown earlier this year.
However, in an unexpected change of events, the business reported that LockBit 3.0 had fewer than half of the detected attacks from March and was not the most prevalent threat group for the month. “Instead, Play was the most active threat group, followed shortly after by Hunters.”
Cybercriminals promoting hidden Virtual Network Computing (hVNC) and remote access services like Pandora and TMChecker that might be used for data exfiltration, distributing more malware, and enabling ransomware assaults have added to the instability in the ransomware scenario.
According to Security, a number of initial access brokers (IABs) and ransomware operators use [TMChecker] to examine hacked data that is readily available to determine whether corporate VPN and email account credentials are legitimate.
The significance of TMChecker’s concurrent growth lies in the fact that it significantly reduces the entrance hurdles for threat actors seeking high-impact corporate access for their own use or to sell to other enemies on the secondary market.
According to people familiar with the situation, Nvidia’s (NVDA.O) most powerful AI chip, which it created specifically for the Chinese market, has not had the best of starts due to an abundance of supply, which has forced it to be priced lower than a rival chip from Huawei, a major player in the Chinese tech industry. The declining prices highlight the difficulties that Nvidia’s China division is facing in light of US bans on the sale of AI chips and increased competition, raising doubts about the company’s future in a country that accounted for 17% of its revenue in the company’s fiscal year 2024.
Investors in the American semiconductor designer should exercise caution in light of the increasing competitive pressure in China, as the company’s shares continued their impressive upward trend after Wednesday’s impressive revenue prediction. The industry leader in artificial intelligence (AI) chips, Nvidia, released three chips specifically designed for China in the latter part of 2018 after being banned from exporting its most sophisticated semiconductors due to U.S. sanctions.
Since the H20 is the most potent Nvidia product available in China, it is the chip that is being watched the most. However, three supply chain sources told Reuters that there is an abundance of the chip on the market, indicating lackluster demand. Two of the three people told Reuters that this has resulted in H20 chips being sold in certain instances at a discount of more than 10% to Huawei’s Ascend 910B, the most potent AI chip from a Chinese business. The sources declined to be named because of the sensitive nature of the matter.
Nvidia was making a lot of effort to gain market share, which it cannot afford to lose, but analysts claimed the future is looking more and more bleak. In 2035, China is expected to hold a larger worldwide share of the AI business than 30%, according to a report by the Chinese market research firm CCID Consulting. According to Hebe Chen, an IG market analyst, “Nvidia is walking a fine line and working on a balancing act between maintaining the Chinese market and navigating U.S. tensions.” “Nvidia is definitely preparing for the worst in the long term.”
Senior executives from Nvidia said during the company’s first-quarter earnings call on Wednesday that the sanctions have “substantially” reduced the company’s operations in China. “Our data center revenue in China is down significantly from the level prior to the imposition of the new export control restrictions in October,” stated Colette Kress, CFO. “We expect the market in China to remain very competitive going forward.”
The H20’s performance in China will be crucial to its business, according to analysts, and its long-term prospects will be determined by how it performs in comparison to Huawei, the country’s dominant tech company. The Guangdong-based manufacturer, Huawei, only started to take on Nvidia last year. According to the sources, it will significantly increase the shipments of its Ascend 910B chip this year, which beats the H20 in some important parameters. Huawei did not answer a request for comment right away.
Reuters’s checks on available government procurement data, which is not exhaustive and may not reflect the full extent of market demand, show that over a dozen buyers expressed interest in purchasing Huawei’s 910B during the same period, while just five state or state-affiliated buyers expressed interest in purchasing H20 chips.
Squeezing the margins
Nvidia’s H800 and A800 are banned in China due to US sanctions aimed at limiting China’s ability to become a technological powerhouse. Its other advanced product lines, such as H100 and B100, have also been prohibited. Another big impediment to the development of Nvidia’s H20 chip in China has been Beijing’s instruction for enterprises to purchase Chinese processors, though two of the three individuals said such orders have decreased in recent months. According to the sources, the H20 became widely available in China last month, with deliveries to clients arriving in just over a month.
Some of China’s internet behemoths have already placed orders, with Alibaba ordering over 30,000 H20 chips, according to two sources. Alibaba did not immediately reply to a request for comment. According to sources, server distributors in China are selling the H20 for roughly 100,000 yuan per card and the eight-card server for between 1.1 million and 1.3 million yuan per server. For example, wholesalers sell the Huawei 910B for more than 120,000 yuan for each card, while the eight-card server equivalent starts at 1.3-1.5 million yuan per server. According to the sources, costs for both the H20 and Huawei’s 910B can vary based on the volume of orders submitted.
According to Dylan Patel, founder of research firm SemiAnalysis, about a million H20 chips will be transported to China in the second half of 2024, forcing Nvidia to compete on pricing with Huawei. “The H20 cost more to manufacture than an H100 due to its higher memory capacity,” Patel said, adding that it is being marketed for half the price of the H100, alluding to the powerful Nvidia processor prohibited from export to China in 2022.
