Introduction
Hello there. Welcome to this week's review, I am your host Habdul Hazeez.
This week's review is about malware, vulnerabilities, computer security and one article that I authored.
Let's go.
Zoom Patches High-Risk Flaws in Meeting Connector, Keybase Client
Zoom, the technology breakout star of the COVID-19 pandemic. They were in the news for all sorts of privacy-related stuff, ever since they've stepped up their security, this is another step in that direction.
Excerpt from the article:
The company released multiple security bulletins to warn of the risks and called special attention to a pair of “high-risk” bugs affecting its on-prem meeting connector software and the popular Keybase Client.
“The network proxy page on the web portal for the [affected] products fails to validate input sent in requests to set the network proxy password. This could lead to remote command injection by a web portal administrator"
Cloudflare Battles 2 Tbps DDoS Attack Launched by Mirai Botnet
Mirai never sleeps, from 2016 till date.
Excerpt from the article:
The multi-vector assault was launched by a botnet of approximately 15,000 machines infected with a variant of the original Mirai malware. The bots included Internet of Things (IoT) devices and GitLab instances, Cloudflare said in a new report.
Strengthen your Android or iOS Application Security using MobSF - Learn by example (2021)
I authored this article for Aviyel, and it's about making your mobile applications secure using Mobile Security Framework (MobSF).
With MobSF, you can put your application to the test to know what vulnerabilities or other security considerations that you need to address.
Excerpt from the article:
MobSF can reveal vulnerabilities in your application. Therefore, you can fix these vulnerabilities before the application is released, but if the application is already out there, you can offer the fix as an update.
High severity BIOS flaws affect numerous Intel processors
The title says it all.
Excerpt from the article:
The flaws were discovered by SentinelOne and are tracked as CVE-2021-0157 and CVE-2021-0158, and both have a CVSS v3 score of 8.2 (high).
The former concerns the insufficient control flow management in the BIOS firmware for some Intel processors, while the latter relies on the improper input validation on the same component.
SharkBot — A New Android Trojan Stealing Banking and Cryptocurrency Accounts
Stay safe, be on the watch for the application that you download and install.
Excerpt from the article:
Dubbed "SharkBot" by Cleafy, the malware is designed to strike a total of 27 targets — counting 22 unnamed international banks in Italy and the U.K. as well as five cryptocurrency apps in the U.S. — at least since late October 2021 and is believed to be in its early stages of development, with no overlaps found to that of any known families.
‘My bank account was in a shambles’: The ordeal of an identity theft victim
I hope you are never a victim of identity theft.
Excerpt from the article:
At first, I was actually sure that it had to be a mistake. Before long, though, I began to suspect that I might have become a victim of identity theft. At that time, I hadn’t lived at my old address for three years and had no connection to Simplytel. My suspicions were quickly confirmed, because in the following weeks I received more letters similar to the first one, from other companies.
Android malware BrazKing returns as a stealthier banking trojan
Banking Trojan is a security nightmare. Your hard-earned money can disappear right in front of your eyes.
Excerpt from the article:
The BrazKing Android banking trojan has returned with dynamic banking overlays and a new implementation trick that enables it to operate without requesting risky permissions.
A new malware sample was analyzed by IBM Trusteer researchers who found it outside the Play Store, on sites where people end up after receiving smishing (SMS) messages.
Support Me
Writing makes me thirsty. I'll appreciate a cup of coffee 😉.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, I'll see you next Friday.