Hack­ers pounce on Win­dows Crack ex­posed by Google

Kuwait Times - - TECHNOLOGY -

Mi­crosoft on Tues­day warned that a Win­dows vul­ner­a­bil­ity ex­posed by ri­val Google was be­ing ex­ploited by a hacking group sus­pected of cy­ber at­tacks on US po­lit­i­cal in­sti­tu­tions. Hack­ers that Mi­crosoft re­searchers call “Stron­tium” launched a low-vol­ume spear-phish­ing cam­paign aimed at a spe­cific set of peo­ple, Win­dows and De­vices Group ex­ec­u­tive vice pres­i­dent Terry My­er­son said in a blog post.

Spear phish­ing in­volves trick­ing peo­ple with per­son­ally crafted email mes­sages that get them to click on links or files booby-trapped with ma­li­cious code that in­fects ma­chines, let­ting hack­ers steal in­for­ma­tion or take con­trol. The vul­ner­a­bil­ity ex­posed this week let hack­ers slip into com­put­ers through web brows­ing soft­ware, even­tu­ally in­stalling “back doors” through which they could en­ter as they please.

Stron­tium, given an ar­ray of names by cy­ber se­cu­rity re­searchers, has been de­scribed as a so­phis­ti­cated hacking op­er­a­tion with ties to Rus­sia. The group has also been sus­pected of in­volve­ment in hacks of po­lit­i­cal par­ties in the US pres­i­den­tial race. In a threat re­port, Mi­crosoft de­scribed Stron­tium as hav­ing the mark­ings of be­ing backed by a na­tion state, but did not con­clude which one. How­ever, the US tech­nol­ogy ti­tan did take aim at Google, say­ing that a “re­spon­si­ble” mem­ber of the in­dus­try would have put users first and waited for a patch to be ready be­fore mak­ing the vul­ner­a­bil­ity pub­lic.

“Google’s de­ci­sion to dis­close these vul­ner­a­bil­i­ties be­fore patches are broadly avail­able and tested is dis­ap­point­ing, and puts cus­tomers at in­creased risk,” My­er­son said. Google coun­tered that it gave Mi­crosoft seven days to fix the flaw, as per its pol­icy re­gard­ing crit­i­cal flaws, be­fore mak­ing it pub­lic on Mon­day. “This vul­ner­a­bil­ity is par­tic­u­larly se­ri­ous be­cause we know it is be­ing ac­tively ex­ploited,” Neel Me­hta and Billy Leonard of the Google threat anal­y­sis group said in an on­line post. Google said it told Mi­crosoft and Adobe about the vul­ner­a­bil­i­ties on Oc­to­ber 21, and an up­date to Flash ad­dress­ing the weak­ness was re­leased five days later.

Mi­crosoft said peo­ple us­ing the Edge browser on fully up­dated Win­dows 10 oper­at­ing sys­tems should be pro­tected from the at­tack. “We have co­or­di­nated with Google and Adobe to in­ves­ti­gate this ma­li­cious cam­paign and to cre­ate a patch for down­level ver­sions of Win­dows,” My­er­son said. Adobe Patches for Win­dows are be­ing tested and Mi­crosoft planned to re­leased them on Novem­ber 8. A Mi­crosoft threat re­port de­scribed Stron­tium as a group that usu­ally tar­gets gov­ern­ment agen­cies, di­plo­matic in­sti­tu­tions and mil­i­tary or­ga­ni­za­tions, as well as af­fil­i­ated pri­vate sec­tor or­ga­ni­za­tions such as de­fense con­trac­tors and pub­lic pol­icy re­search in­sti­tutes. — AFP

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.