Security news weekly round-up - 12th January 2024

Habdul Hazeez - Jan 12 - - Dev Community

Introduction

This week's review is about vulnerabilities and malicious software. Let's get started!


Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer

No matter the website, it does not hurt to double-check the URL that you click on. In this situation, they are malicious URLs shortened using URL shorteners like TinyURL, and they lead to a download of malicious software. So, be careful if you intend to search for "free" software download using YouTube.

Here is why you should adhere to that warning:

In the latest attack sequence documented by Fortinet, users searching for cracked versions of legitimate video editing tools like Vegas Pro on YouTube are prompted to click on a link located in the video's description, leading to the download of a bogus installer hosted on MediaFire.

Hackers can infect network-connected wrenches to install ransomware

This is more of an industrial news, but the lesson here is that important pieces of equipment that are utilized in mission-critical facilities can have vulnerabilities.

More from the article and why it's worth your reading time:

Nozomi researchers said the device is riddled with 23 vulnerabilities that, in certain cases, can be exploited to install malware. The malware could then be used to disable entire fleets of the devices or to cause them to tighten fastenings too loosely or tightly while the display continues to indicate the critical settings are still properly in place.

Attack of the copycats: How fake messaging apps and app mods could bite you

If it's not from the official application store (Google Play or Apple Store), think twice before you install it on your mobile phone.

Here is why:

Malicious developers have become pretty skilled at tricking users into downloading their wares. Often they will produce malicious copycat apps designed to mimic legitimate ones. They can then distribute them via phishing messages in email, by text, on social media or the communications app itself

Over 150k WordPress sites at takeover risk via vulnerable plugin

If a WordPress site is vulnerable it's likely a setting or a plugin. It's the latter on most occasions as evident in the linked article. What's more, there are two vulnerabilities in this situation.

The following sums it up:

The first, tracked as CVE-2023-6875, is a critical authorization bypass flaw arising from a “type juggling” issue on the connect-app REST endpoint.

The second vulnerability, is a cross-site scripting (XSS) problem identified as CVE-2023-7027 that arises from insufficient input sanitization and output escaping

Threat Actors Increasingly Abusing GitHub for Malicious Purposes

If you have coding experience, you will not like that one of your favorite developer websites can be abused. Sadly, that's the situation here and it allows adversaries to blend in with legitimate network traffic.

Here is more for you:

The cybersecurity firm described the approach as "living-off-trusted-sites" (LOTS), a spin on the living-off-the-land (LotL) techniques often adopted by threat actors to conceal rogue activity and fly under the radar.

Prominent among the methods by which GitHub is abused relates to payload delivery, with some actors leveraging its features for command-and-control (C2) obfuscation

New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms

FBot joins a list of other cloud hacking tools that target online services like Amazon Web Services (AWS) and Microsoft 365.

The following excerpt sums up the tool:

The end goal of the tool is to hijack cloud, SaaS, and web services as well as harvest credentials to obtain initial access and monetize it by selling the access to other actors.

Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload

Like regular software development, threat actors working on malicious software tend to update their creations to evade detection from security software.

A little excerpt from the article:

As stealers continue to be a top threat for Mac users, it is important to download software from trusted locations," Segura said. "Malicious ads and decoy sites can be very misleading though and it only takes a single mistake (entering your password) for the malware to collect and exfiltrate your data.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, and I'll see you next time.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .