Security news weekly round-up - 11th October 2024

Habdul Hazeez - Oct 11 - - Dev Community

Introduction

Hello everyone ๐Ÿ‘‹

Welcome to this week's edition of our security news review. I hope that you're doing good.

In this edition, we'll review articles that are about malware, vulnerabilities, and a data breach.


Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines

If you're looking for free stuff, you might be game! To complicate issues, it's an information-stealing malware. Oh my, what could go wrong? Just saying.

How can you get infected? Here is how:

the overall infection chain remains unchanged in that users searching popular cheating script engines like Solara and Electron on Google are served fake websites that embed links to booby-trapped ZIP archives on various GitHub repositories.

Hackers targeted Android users by exploiting zero-day bug in Qualcomm chips

It's a sensitive issue. Google and Amnesty International are involved. That should tell you that the zero-day bug was used in targeted attacks. Still, this begs the question: Which Android devices are affected? Read the excerpt below ๐Ÿ‘‡

Qualcomm listed 64 different chipsets affected by this vulnerability, including the companyโ€™s flagship Snapdragon 8 (Gen 1) mobile platform, which is used in dozens of Android phones, including some made by Motorola, Samsung, OnePlus, Oppo, Xiaomi, and ZTE โ€” meaning millions of users around the world are potentially vulnerable.

31 Million Users Affected by Internet Archive Hack

Someone, please tell me, who hacks the Internet Archive? Like, it's an Internet Archive; they store stuff for historical purposes! Why go after them? I am short of words ๐Ÿ˜ž.

There is no excerpt for you. Go read the article, then come back and finish the review.

Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms

Maintaining e-commerce stores will be a difficult task with cyber criminals on the horizon waiting to compromise your store. In this article, two cybercriminal groups targeted the same store and they were sharing information (via code comments) on how to share the profits!

There is no excerpt for this one. Have fun reading!

GitHub, Telegram Bots, and QR Codes Abused in New Wave of Phishing Attacks

Are you surprised? I am not. History books have shown us multiple times that threat actors use and are still using legitimate tools and services for malicious purposes.

In this case, here is what's going on:

Central to the attack chain is the abuse of GitHub infrastructure for staging the malicious payloads. One variation of the technique, first disclosed by OALABS Research in March 2024, involves threat actors opening a GitHub issue on well-known repositories and uploading to it a malicious payload, and then closing the issue without saving it.

In doing so, it has been found that the uploaded malware persists even though the issue is never saved, a vector that has become ripe for abuse as it allows attackers to upload any file of their choice and not leave any trace except for the link to the file itself.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, and I'll see you next time.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .