Security news weekly round-up - 23rd April 2021

Habdul Hazeez - Apr 23 '21 - - Dev Community

I have been occupied with other activities therefore, we did not publish any weekly round-up in the last month.

My sincere apologies. I'll do my possible best not to miss a single week throughout this year.

Introduction

This week, it's a mixture of malware, vulnerability, and hacking. Are you ready? Let's go!.


Millions of web surfers are being targeted by a single malvertising group

So long there are are web surfers, there will always be attackers ready to exploit them. In this case, advertisement servers were compromised to target web surfers.

I'll always recommend installing an ad-blocker like uBlock Origin.

Excerpt from the article:

Over the past year, Tag Barnakle has infected more than 120 servers running Revive, an open source app for organizations that want to run their own ad server rather than relying on a third-party service. The 120 figure is twice the number of infected Revive servers Confiant found last year.

Once it has compromised an ad server, Tag Barnakle loads a malicious payload on it. To evade detection, the group uses client-side fingerprinting to ensure only a small number of the most attractive targets receive the malicious ads. The servers that deliver a secondary payload to those targets also use cloaking techniques to ensure that they also fly under the radar.

Lazarus APT Hackers are now using BMP images to hide RAT malware

Be careful. That seemingly innocent-looking image might be a malware.

Excerpt from the article:

"The actor has used a clever method to bypass security mechanisms in which it has embedded its malicious HTA file as a compressed zlib file within a PNG file that then has been decompressed during run time by converting itself to the BMP format" Malwarebytes researchers said.

Google Play apps steal texts and pepper you with unauthorized purchases

I know what you are thinking: Are you kidding me?

No, I am not.

Excerpt from the article:

“The malware hijacks the Notification Listener to steal incoming SMS messages like Android Joker malware does, without the SMS read permission,” the researchers wrote, referring to Etinu. “Like a chain system, the malware then passes the notification object to the final stage. When the notification has arisen from the default SMS package, the message is finally sent out using WebView JavaScript Interface.”

In epic hack, Signal developer turns the tables on forensics firm Cellebrite

This scenario goes thus: You get a taste of your own medicine.

Excerpt from the article:

On Wednesday (April 21, 2021), Marlinspike published a post that reported vulnerabilities in Cellebrite software that allowed him to execute malicious code on the Windows computer used to analyze devices.

The researcher and software engineer exploited the vulnerabilities by loading specially formatted files that can be embedded into any app installed on the device.

Hackers threaten to leak stolen Apple blueprints if $50 million ransom isn't paid

Who are the "Hackers"? REvil ransomware gang

Where did they allegedly get the blueprints? Quanta Computer

Excerpt from the article:

Prominent Apple supplier Quanta on Wednesday (April 21, 2021) said it suffered a ransomware attack from the REvil ransomware group, which is now demanding the iPhone maker pay a ransom of $50 million to prevent leaking sensitive files on the dark web.

Vulnerability in CocoaPods Dependency Manager Exposed Millions of Apps

Dear Swift developers,

Please, read this.

Excerpt from the article:

The identified vulnerability, Justicz explains, resides in a function designed to check that, when a package spec was uploaded to CocoaPods, it was not linking to a private repository.

In short: the manner in which the function checked the contents of a flag could have allowed an attacker to serve tailored content and abuse it to run commands.

Attackers can hide 'external sender' email warnings with HTML and CSS

Simple and Scary.

Excerpt from the article:

The "external sender" warnings shown to email recipients by clients like Microsoft Outlook can be hidden by the sender, as demonstrated by a researcher.

Turns out, all it takes for attackers to alter the "external sender" warning, or remove it altogether from emails is just a few lines of HTML and CSS code.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, I'll see you next Friday (In Sha Allah).

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .