Yes đ I made it this week!
Introduction
This week's review is about online and mobile security, malware, vulnerability, and bugs. As active internet users, we have to deal with these threats every day. So, let's discuss how we can stay safe online. Shall we?
5 ways cybercriminals steal credit card details
Almost every internet user has shopped online, whether it's on Amazon or Best Buy. While doing this, we use our credit cards at checkout. At this stage, on a compromised website, cybercriminals await you to enter your card details. When you do, they can use it for all sorts of malicious activities.
In this article, the author shared some ways that cybercriminals can get your credit card details. With the information contained therein, you are one step toward banking and shopping safely online. The author shared the following ways used by cybercriminals to steal your credit card:
- Phishing
- Malware
- Digital Skimming
- Data breaches
- Public Wi-Fi
Microsoft Exchange bug abused to hack building automation systems
It only takes one entry, and a mighty system could be down on its knees. The Microsoft Exchange bug in question is ProxyLogon tracked as CVE-2021-26855. Although Microsoft already patched the bug, there are still some unpatched servers out there. Such servers are ripe for the taken by anyone willing to take control or use them as an entry to a network.
Excerpts from the article:
The threat actors had a considerable number of potential victims to target, seeing that the Dutch Institute for Vulnerability Disclosure (DIVD) found 46,000 servers unpatched against the ProxyLogon flaws one week after Microsoft patched them.
The attacks began in March 2021 and were first spotted and collectively tracked as being coordinated by the same group starting in mid-October 2021 after discovering a ShadowPad backdoor (used by multiple other Chinese-speaking APT actors).
The backdoor, camouflaged as legitimate software, was found on the industrial control systems of a telecommunications firm in Pakistan.
Overview of Top Mobile Security Threats in 2022
The article's title says it all. The question is: Which of the security threats can affect you as a person? The following is the list from the article, it'll help you decide your answer:
- Data Leaks
- Spyware Pretending to be an Update
- Malware via SMS Messages
Azure Service Fabric Vulnerability Can Lead to Cluster Takeover
Microsoft has patched the vulnerability, but not due to its severity. It's because Service Fabric hosts over a million applications. The following is a quick summary of the article:
The security hole impacts Data Collection Agent (DCA), a Service Fabric component that âhandles files that could be modified by containersâ, thus allowing for container escape and root access to the node. DCA uses the LoadFromFile and SaveToFile functions to read from and write to files.
âThis functionality results in a symlink race. An attacker in a compromised container could place malicious content in the file that LoadFromFile reads. While it continues to parse the file, the attacker could overwrite the file with a symlink to a desirable path so that later SaveToFile will follow the symlink and write the malicious content to that path.
A wide range of routers are under attack by new, unusually sophisticated malware
The malware is ZuoRAT. And it affects connected devices running on Windows, Linux, and macOS. The following paragraph from the article sums it up:
Once installed, ZuoRAT enumerates the devices connected to the infected router. The threat actor can then use DNS hijacking and HTTP hijacking to cause the connected devices to install other malware.
Two of those malware piecesâdubbed CBeacon and GoBeaconâare custom-made, with the first written for Windows in C++ and the latter written in Go for cross-compiling on Linux and macOS devices. For flexibility, ZuoRAT can also infect connected devices with the widely used Cobalt Strike hacking tool.
YouTube content creator credentials are under siege by YTStealer malware
It's not a good time to be a YouTube content creator. Are you one? Or do you know someone that does it? Tell them to stay safe!
Excerpt from the article:
As soon as the malware obtains a YouTube authentication cookie it opens a headless browser and connects to YouTubeâs Studio page, which content creators use to manage the videos they produce. YTStealer then extracts all available information about the user account, including the account name, number of subscribers, age, and whether channels are monetized.
Vulnerability in Amazon Photos Android App Exposed User Information
The article title says it all.
Excerpt from the article:
In November 2021, Checkmarx researchers identified an issue in the application that could have leaked the Amazon access token to malicious applications on the userâs device, potentially exposing the user's personal information. The bug was addressed in December 2021.
The leaked Amazon access token is used for user authentication across Amazon APIs, including some that contain personal information such as names, addresses, and emails.Â
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, I'll see you next Friday.