Security news weekly round-up - 19th March 2021

Habdul Hazeez - Mar 19 '21 - - Dev Community

One thing led to another, we did not publish any weekly round-up last week. My sincere apologies.

Introduction

This week it's all about bugs and malware.


15-year-old Linux kernel bugs let attackers gain root privileges

You can introduce a bug into your application without knowing, and it might take you (or someone else) years to figure out.

Excerpt from the article:

Attackers can abuse the bugs to bypass exploit-blocking security features such as Kernel Address Space Layout Randomization (KASLR), Supervisor Mode Execution Protection (SMEP), Supervisor Mode Access Prevention (SMAP), and Kernel Page-Table Isolation (KPTI).

The three vulnerabilities can lead to local elevation of privileges, information leaks, and denials of service.

Twitter images can be abused to hide ZIP, MP3 files — here's how

Humans are crafty, and as always we have the tendency to use a service for other reasons that it was meant for.

Excerpt from the article:

Although the art of hiding non-image data in images (steganography) isn't novel, the fact that the images can be hosted on a popular website like Twitter and are not sanitized opens up a possibility for their abuse by malicious actors.

Flaws in Two Popular WordPress Plugins Affect Over 7 Million Websites

WordPress is a popular open-source CMS which has resulted in the number of websites affected by this bug.

Excerpt from the article:

The flaws were uncovered in Elementor, a website builder plugin used on more than seven million sites, and WP Super Cache, a tool used to serve cached pages of a WordPress site.

According to Wordfence, which discovered the security weaknesses in Elementor, the bug concerns a set of stored cross-site scripting (XSS) vulnerabilities (CVSS score: 6.4), which occurs when a malicious script is injected directly into a vulnerable web application.

New CopperStealer malware steals Google, Apple, Facebook accounts

Malware stealing account credentials is nothing new, but this malware is new.

Excerpt from the article:

The malware, dubbed CopperStealer by Proofpoint researchers, is an actively developed password and cookie stealer with a downloader feature that enables its operators to deliver additional malicious payloads to infected devices.

The threat actors behind this malware have used compromised accounts to run malicious ads and deliver additional malware in subsequent malvertising campaigns.

“Expert” hackers used 11 0-days to infect Windows, iOS, and Android users

If you think you are smart, trust me, there is someone out there smarter than you.

Excerpt from the article:

Using novel exploitation and obfuscation techniques, a mastery of a wide range of vulnerability types, and a complex delivery infrastructure, the group exploited four zero-days in February 2020.

he hackers’ ability to chain together multiple exploits that compromised fully patched Windows and Android devices led members of Google’s Project Zero and Threat Analysis Group to call the group “highly sophisticated.”

New Zoom Screen-Sharing Bug Lets Other Users Access Restricted Apps

Zoom was the breakout application of the COVID-19 pandemic, and ever since it has been in the news for all sort of reasons mostly privacy related. It's 2021, and it's in the news again for a bug in its application.

Excerpt from the article:

Tracked as CVE-2021-28133, the unpatched security vulnerability makes it possible to reveal contents of applications that are not shared, but only briefly, thereby making it harder to exploit it in the wild.

Hackers Infecting Apple App Developers With Trojanized Xcode Projects

Apple is a company whose main selling point is privacy therefore, you should not be surprised that its developers are targeted with malware.

Excerpt from the article:

Dubbed "XcodeSpy," the trojanized Xcode project is a tainted version of a legitimate, open-source project available on GitHub called TabBarInteraction that's used by developers to animate iOS tab bars based on user interaction.

"XcodeSpy is a malicious Xcode project that installs a custom variant of the EggShell backdoor on the developer's macOS computer along with a persistence mechanism," SentinelOne researchers said.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, I'll see you next Friday.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .