Security news weekly round-up - 21st July 2023

Habdul Hazeez - Jul 21 '23 - - Dev Community

Welcome to this week's review. It's been a while and I am glad you have you all onboard! šŸ˜Š

Introduction

In this week's review, we'll cover stories about cyber crime, software vulnerabilities, malware, and artificial intelligence.


IT worker jailed for impersonating ransomware gang to extort employer

The article's title greatly describes what's going on. In a nutshell, the IT worker in question tried to redirect the ransomware payment to a wallet under his control. Well, that did not go according to plan, and the rest, as they say, is history. Here is an excerpt for you:

Liles, an IT security analyst at an Oxford-based company, exploited his position to intercept a ransomware payment following an attack suffered by his employer. To deceive the company, he impersonated the ransomware gang extorting them. He tried to redirect the ransomware payments by switching the cybercriminals' cryptocurrency wallet to one under his control.

Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps

Be careful when you're installing a Progressive Web Application (PWA) because you might unknowingly install a malicious application. In this story, it's a fraudulent "banking" app that asks the user for their credentials and two-factor authentication. More below šŸ‘‡:

The attack began with victims receiving SMS messages suggesting the need to update a mobile banking application," researchers from CSIRT KNF said in an analysis released last week. "The link contained in the message led to a site that used WebAPK technology to install a malicious application on the victim's device.

8 common work-from-home scams to avoid

The team from Welivesecurity has provided some scams that you should be aware of. Below, I list them and you should read the article to learn more and keep yourself safe online (Tip: they included tweets from people who almost fell into such scams):

  • Reshipping
  • Fake mystery shopper
  • Personal assistant
  • Start your own business
  • Medical billing
  • Fraudulent job listings
  • Home assembly
  • MLM scams

WordPress Sites Hacked via Critical Vulnerability in WooCommerce Payments Plugin

It's no secret, WordPress is popular, and site owners can come under attack via installed plugins. That's what happening here, and this serves as a reminder, to always update your plugins. Here is more for you:

All the observed exploits targeting CVE-2023-28121 contained a header that ā€œcauses vulnerable sites to treat any additional payloads as coming from an administrative userā€. Many of these requests, Defiant says, attempted to leverage admin privileges to install the WP Console plugin, to gain code execution.

Attackers find new ways to deliver DDoSes with ā€œalarmingā€ sophistication

It's the hunter vs the haunted, a game of cat and mouse, a never-ending story between defenders and threat actors. You've read it before and here is another one for you from Cloudfare "DDoS threat report for 2023 Q2" published on July 18, 2023. Here's what's new about the DDoS attack (emphasis mine):

The newer methods attempt to do two things: (1) conceal the maliciousness of the traffic so defenders donā€™t block it and (2) deliver ever-larger traffic floods that can overwhelm targets even when they have DDoS mitigations in place. These methods include HTTP DDoS attacks and Exploitation of servers running unpatched software

Firmware vulnerabilities in millions of computers could give hackers superuser status

This is a situation where a ransomware attack led to an investigation that uncovered unknown vulnerabilities, until now. The situation happened in 2021 to GIGABYTE, and Eclypsium did the investigation. Here's more:

The researchers went on to note that if they could locate the vulnerabilities and write exploits after analyzing the publicly available source code, thereā€™s nothing stopping malicious actors from doing the same. And even without access to the source code, the vulnerabilities could still be identified by decompiling BMC firmware images. There's no indication malicious parties have done so, but there's also no way to know they haven't.

Titans Promise Watermarks to Expose AI Creations

The year 2023 is arguably the year of the "AI burble". Some are excited, and others, not so much. Such is this story and the title says it all. Here is a snippet from the article:

Ways to tell when audio or imagery have been generated artificially are being sought to prevent people from being duped by fakes that look or sound real. The goal is for it to be easy for people to tell when online content is created by AI.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, and I'll see you next time.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .