Security news weekly round-up - 21st October 2022

Habdul Hazeez - Oct 21 '22 - - Dev Community

It's been a while. I hope you are all doing good. Now, let's do some review!"

Introduction

This week's review is about malware, vulnerabilities, and cyber attacks. The malware story concerns Facebook, Microsoft, and Google; three of the biggest tech companies. While the cyberattacks relate to NPM and Zoom.


New PHP Version of Ducktail Malware Hijacking Facebook Business Accounts

Malware can have "catchy" names, and this one is no different; I mean "Ducktail" (think of Ducks 🦆). Ok, back to the story, this malware tries to steal saved credentials of your Facebook Business account. This shows the alleged culprit actor (an unnamed Vietnamese threat actor) is financially motivated. So, stay safe and read the following excerpt from the article:

Attack chains observed by Zscaler entail embedding the malware in ZIP archive files hosted on file-sharing services like mediafire[.]com, masquerading as cracked versions of Microsoft Office, games, and p**n-related files.

Timing Attacks Can Be Used to Check for Existence of Private NPM Packages

The response time from an API can say a lot, and that's what this attack is all about. The researchers were able to guess if a company had a private NPM package based on API response time. They reached out to GitHub, and it turns out it's the behavior of NPM API architecture. The following excerpt sums it up:

If a threat actor sends around five consecutive requests for information about a private package then analyzes the time taken for npm to reply, it is possible for them to determine whether the private package in fact exists.

How a Microsoft blunder opened millions of PCs to potent malware attacks

Security is not a one-way street, and big tech tries their best to keep their users secure. Although some measures might not be enough, that's the case of Microsoft in this article. They want to protect their users from "bad" and malicious drivers, but as it turns out, it might not be enough. In situations like this, security researchers step in to offer their help.

The following excerpt from the article gives you an idea of what I'm talking about:

The most common mechanism for driver blocking uses a combination of what's called memory integrity and HVCI, short for Hypervisor-Protected Code Integrity. A separate mechanism for preventing bad drivers from being written to disk is known as ASR, or Attack Surface Reduction. Unfortunately, neither approach seems to have worked as well as intended.

Zoom for macOS Contains High-Risk Security Flaw

If you have to Zoom, you have to be careful. Well, not really, but still stay safe out there. This story is about a vulnerability in the Zoom client for macOS. Zoom already provided a patch, but the following is why the article got featured in this week's review:

Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to join could prevent participants from receiving audio and video causing meeting disruptions

Experts Warn of Stealthy PowerShell Backdoor Disguising as Windows Update

Appearance can deceive and everything is not what it seems. Here, we have a malicious PowerShell script disguised as a Windows update. The script can and will exfiltrate data from an infected system. The following excerpt sums it up:

Metadata associated with the lure document indicates that the initial intrusion vector is a LinkedIn-based spear-phishing attack, which ultimately leads to the execution of a PowerShell script via a piece of embedded macro code.

These 16 Clicker Malware Infected Android Apps Were Downloaded Over 20 Million Times

Threat actors using Google Play store as a hunting ground infect innocent-looking apps with malware with the hope that unsuspecting users will download them. Most of the time, it works, and Google takes down the applications when they get discovered. Such is the case of this story, and the culprit applications were downloaded over 20 million times.

The following excerpt from the article gives you an overview of the entire story:

The Clicker malware masqueraded as seemingly harmless utilities like cameras, currency/unit converters, QR code readers, note-taking apps, and dictionaries, among others, in a bid to trick users into downloading them.

Microsoft leaked 2.4TB of data belonging to sensitive customer. Critics are furious

How secure is your data? That's the question for Microsoft in this story. Turns out, 2.4 Terabytes of sensitive data was available online for months before it was taken offline. As it turns out, not everyone welcomed the news about sensitive data exposed to the public. Have a look at the following excerpt from the article:

The trove included proof-of-execution and statement of work documents, user information, product orders/offers, project details, personally identifiable information, and documents that may reveal intellectual property.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, until next time.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .