Security news weekly round-up - 13th August 2021

Habdul Hazeez - Aug 13 '21 - - Dev Community

We are 2 weeks away from matching our previous streak of 14 weeks of constant publishing.

Introduction

Hello, and welcome to this week's edition of the Security news weekly round-up. As always, I am your host Habdul Hazeez.

This week's review covers stories that are all (except one) about malware and vulnerabilities.

Let's get started.


Go, Rust "net" library affected by critical IP address validation vulnerability

The title says it all but, still, if you are a developer who uses any of the above programming languages, kindly have a look at this article.

Excerpt from the article:

The vulnerability, tracked by CVE-2021-29922 (for Rust) and CVE-2021-29923 (for Golang) concerns how net handles mixed-format IP addresses, or more specifically when a decimal IPv4 address contains a leading zero.

FlyTrap malware hijacks thousands of Facebook accounts

It's an Android threat.

Moral of the article: Be watchful of the apps you download, especially if it asks you to authenticate via your social media accounts.

Excerpt from the article:

FlyTrap campaigns rely on simple social engineering tactics to trick victims into using their Facebook credentials to log into malicious apps that collected data associated with the social media session.

A Critical Random Number Generator Flaw Affects Billions of IoT Devices

It's all related to Cryptography. Random Number Generator is sometimes abbreviated as RNG, and IoT means Internet of Things.

Excerpt from the article:

It turns out that these 'randomly' chosen numbers aren't always as random as you'd like when it comes to IoT devices, in fact, in many cases, devices are choosing encryption keys of 0 or worse. This can lead to a catastrophic collapse of security for any upstream use.

Magento Update Released to Fix Critical Flaws Affecting E-Commerce Sites

Update your software.

Excerpt from the article:

The issues affect 2.3.7, 2.4.2-p1, 2.4.2, and earlier versions of Magento Commerce, and 2.3.7, 2.4.2-p1, and all prior versions of Magento Open Source edition. Of the 26 flaws addressed, 20 are rated critical, and six are rated Important in severity

Hackers Steal Over $600 Million Worth of Cryptocurrencies from Poly Network

It's an interesting read.

Excerpt from the article:

Poly Network, a China-based cross-chain decentralized finance (DeFi) platform for swapping tokens across multiple blockchains such as Bitcoin and Ethereum, on Tuesday disclosed unidentified actors had exploited a vulnerability in its system to plunder thousands of digital tokens such as Ether

Bugs in Managed DNS Services Cloud Let Attackers Spy On DNS Traffic

The title says it all.

Excerpt from the article:

We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google

Calling it a "bottomless well of valuable intel," the treasure trove of information contains internal and external IP addresses, computer names, employee names and locations, and details about organizations' web domains

Ransomware Gang Leaks Files Allegedly Stolen From Accenture

The Ransomware gang in question is LockBit.

Excerpt from the article:

The incident came to light when LockBit ransomware operators claimed on their website that they had breached Accenture’s systems. A counter displayed on the site showed that stolen files would be made public within hours, unless Accenture paid up.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, I'll see you next Friday.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .