Security news weekly round-up - 19th July 2024

Habdul Hazeez - Jul 19 - - Dev Community

Introduction

Welcome to this week's edition of our security news weekly round-up here on DEV. Today, the articles that we'll review are about the following:

  • Online Scam
  • Malware and Threats
  • Stalkware
  • Security in Transportation

Hello, is it me you’re looking for? How scammers get your phone number

It's not a long read and it should not take more than five minutes of your time. If you take anything away from the article, let it be the following: be careful of the sites where you submit your phone number. What's more, think twice when someone calls you that an emergency has occurred and you need to share your sensitive online details. When this happens to you, keep a cool head and don't panic.

The following excerpt from the article highlights why you should think twice before submitting your personal information to any website:

Data brokers vacuum up your personal information from publicly available sources (government licenses/registrations), commercial sources (business partners like credit card providers or stores) as well as by tracking your online activities (activities on social media, ad clicks, etc.), before selling your information to others.

APT Exploits Windows Zero-Day to Execute Code via Disabled Internet Explorer

We covered an article related to this vulnerability in an earlier edition of our review. Now, a threat actor is exploiting it using spearphishing as the point of entry. With that said, stay safe, update your Microsoft Windows systems, and don't click on any link in your email messages.

Here is an excerpt from the article detailing what's going on and the threat actor behind it all:

Threat actors can still exploit lingering Windows relics like IE on their machine to infect users and organizations with ransomware, backdoors, or as a proxy to execute other strains of malware. The ability of APT groups like Void Banshee to exploit disabled services such as IE poses a significant threat to organizations worldwide

Hacked, leaked, exposed: Why you should never use stalkerware apps

An interesting read from TechCrunch on why you should not use stalkware. I have been looking at their articles filed under "security" (including this one and the next one discussed below), and some do qualify to be featured. So, you'll be paying some visits to TechCrunch in future editions of this review!

Okay, back to the review (apologies if I deviated a little bit). So, in the linked article above, you learn why stalkware is a thing that you should avoid for two reasons, among others. First, spying on people's phones does not end well when they find out. Second, the stalkware application itself can unintentionally leak the data that the application harvested from the person that you're spying on.

Do you need more convincing information on why stalkware is bad? Read the excerpt from the article below, and pay attention to the emphasis:

These companies often explicitly market their products as solutions to catch cheating partners by encouraging illegal and unethical behavior. And there have been multiple court cases, journalistic investigations and surveys of domestic abuse shelters that show that online stalking and monitoring can lead to cases of real-world harm and violence.

Hackers could create traffic jams thanks to flaw in traffic light controller, researcher says

There is nothing much to say about this article. The article's title perfectly describes what's going on and what you'll read. The takeaway from this article, some systems that you think should be secure might not be secure. In addition, the researcher received a legal letter from the company that makes the software behind the controller and he interpreted it as a way to silence him.

Read the excerpt below, and ensure that you read the whole thing, promise? What's more, "Lemon" is the name of the researcher, precisely, Andrew Lemon.

One of the devices Lemon looked at is the Intelight X-1, where he said he found a bug that allows anyone to take full control of the traffic lights. According to Lemon, the bug is very simple and basic: There is no authentication on the internet-exposed web interface of the device.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, and I'll see you next time.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .