Security news weekly round-up - 19th April 2024

Habdul Hazeez - Apr 19 - - Dev Community

Introduction

Welcome to this week's review. Today, it's mostly about cyber-attack news. So, let's go!


Attackers are pummeling networks around the world with millions of login attempts

If you're a network administrator (or know one), this article is for you. The IP addresses of the originating attack are from anonymous tools like TOR and proxies. What's more, it appears to be indiscriminate and a reconnaissance effort.

Here is a quick one from the article:

The attacks included hundreds of thousands or millions of rejected authentication attempts. Cisco went on to say that users can intermittently receive an error message that states, “Unable to complete connection. Cisco Secure Desktop not installed on the client.”

AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs

Amazon and Google consider this as an expected behavior. However, Microsoft addressed the issue in November 2023.

Nonetheless, here is why you should read the article:

If bad actors get their hands on these environment variables, this could potentially lead to view sensitive information including credentials, such as passwords, user names, and keys, which could allow them to access any resources that the repository owners can.

Multiple botnets exploiting one-year-old TP-Link flaw to hack routers

The flaw was discovered in January 2023, it was addressed in March 2023. Now, a year later, multiple botnets are trying to exploit it.

Here is an excerpt from the article that highlights what the botnets are trying to do:

Each of these botnets utilizes different methods and scripts to exploit the vulnerability, establish control over the compromised devices, and command them to take part in malicious activities such as distributed denial of service (DDoS) attacks.

LastPass users targeted in phishing attacks good enough to trick even the savvy

You can consider yourself "smart", but this attack might change your mind. What's more the attacks are leveraging a phishing-as-a-service kit called CryptoChameleon.

The following excerpt briefly explains some of the elements of the phishing kit and how it works:

Elements include high-quality URLs, a counterfeit single sign-on page for the service the target is using, and everything needed to make voice calls or send emails or texts in real time as targets are visiting a fake site. The end-to-end service can also bypass multi-factor authentication in the event a target is using the protection.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, and I'll see you next time.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .