Security news weekly round-up - 10 May 2024

Habdul Hazeez - May 10 - - Dev Community

Introduction

In this week's review, the articles that we'll cover are about digital security, internet security, misuse of generative artificial intelligence, and WordPress website security.


The hacker’s toolkit: 4 gadgets that could spell security trouble

They (the gadgets) can spell trouble if they get into the wrong hands. We are covering this article so that you can know what can happen if you misplace them. These gadgets are Ducky and Bunny, Flipper Zero, and O.MG.

The following excerpt explains what can go wrong:

There are a bunch of popular geeky gadgets with endearing names that provide valuable functionality for hobbyist hackers and security professionals alike. However, many such bits of kit can be likened to double-edged swords – they can assist both in testing an organization’s security and breaching its defenses.

Novel attack against virtually all VPN apps neuters their entire purpose

Based on the researchers, the attack may have existed since 2002. It's a worthy read because almost every security-minded internet uses a Virtual Private Network (VPN) and you should know that its purpose can be defeated.

Here is a quick excerpt for you that shows why this attack is scary, to say the least:

The attack allows some or all traffic to be routed through the unencrypted tunnel. In either case, the VPN application will report that all data is being sent through the protected connection. Any traffic that’s diverted away from this tunnel will not be encrypted by the VPN

An Update on How Cybercriminals Are Using GenAI

The core of the article is that cybercriminals are using tools that can allow an LLM like ChatGPT to produce unethical answers. In technical jargon, this can be called a jailbreak.

The following is an excerpt from the article to get you started:

Service providers like OpenAI or Google are working hard to mitigate these jailbreaks and trying to patch any new vulnerability with every model update. This forces malicious users to come up with more sophisticated jailbreaking prompts.

This cat-and-mouse game has opened the market to a new class of criminal services in the form of jailbreaking chatbot offerings

Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites

Update to the latest version of the plugin, and stay safe. The excerpt below is why you should take this advice seriously.

Creating admin accounts on WordPress sites can have severe consequences, as it allows the threat actor to gain full control over the website and perform arbitrary actions, ranging from injecting malware to installing malicious plugins.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, and I'll see you next time.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .