Security news weekly round-up - 24 May 2024

Habdul Hazeez - May 24 - - Dev Community

Introduction

It's another Friday and it's time for a review of top security news that are worthy of your time. Get ready because in this edition we'll cover articles that are about malware, artificial intelligence_, and vulnerability.

Now, let's begin.


Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users

There are so many things to say about this threat actor. First, they are using legitimate cloud services. Second, they are tricking the user into launching an executable file disguised as an Excel file. In the end, they drop a decoy Excel file, (among other scripts), and the user thinks that everything is fine 😔.

The excerpt below sheds more light on what happens afterward:

The executable is designed to drop a total of eight payloads, including a decoy Excel file ("20240416.xlsx") and a heavily obfuscated Visual Basic (VB) Script ("3156.vbs") that's responsible for displaying the XLSX file to the user to maintain the ruse and launch two other scripts named "i4703.vbs" and "i6050.vbs."

Both scripts are used to set up persistence on the Windows host by means of a scheduled task by masquerading them as a Google Chrome browser update task to avoid raising red flags.

What happens when AI goes rogue (and how to stop it)

This is a question that we all need to ask ourselves. The article is an estimated 3 minutes read, and it's thought-provoking.

Here is an excerpt to get you started:

Is AI at fault? When asked for justification when AI gets it wrong, people simply quipped “it’s complicated”. But as AI gets closer to the ability to cause physical harm and impact the real world, it’s no longer a satisfying and adequate response.

MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks

All the vulnerabilities that were exploited date back to 2021. This means anyone affected by this attack has not updated their Exchange Server in the last 3 years. Looking at the targeted countries, I am like: What's Nigeria doing in the list 😂.

Start reading with the following excerpt:

The attack chains commence with the exploitation of ProxyShell flaws (CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207) that were originally patched by Microsoft in May 2021.

Successful exploitation of the vulnerabilities could allow an attacker to bypass authentication, elevate their privileges, and carry out unauthenticated, remote code execution

High-severity GitLab flaw lets attackers take over accounts

These types of attacks are not new, but we still need to mention them so we don't forget about them. Moreover, it's a popular attack method; Cross Site Scripting (XSS). The good news is that they have fixed it at the time of writing. Nonetheless, the excerpt below briefly explains how the bug worked.

The security flaw (tracked as CVE-2024-4835) is an XSS weakness in the VS code editor (Web IDE) that lets threat actors steal restricted information using maliciously crafted pages.

While they can exploit this vulnerability in attacks that don't require authentication, user interaction is still needed, increasing the attacks' complexity.

Crooks plant backdoor in software used by courtrooms around the world

I wonder what they were trying to achieve. I mean courtrooms? In another twist, the software was available from the official vendor's website. This means that this is another case of a supply chain attack.

Here is a quick excerpt from the article:

The malicious download, planted inside an executable file that installs the JAVS Viewer version 8.3.7, was available no later than April 1, when a post on X (formerly Twitter) reported it. It’s unclear when the backdoored version was removed from the company’s download page.

Users who have version 8.3.7 of the JAVS Viewer executable installed are at high risk and should take immediate action.

Beware: These Fake Antivirus Sites Spreading Android and Windows Malware

A warning to myself and you: Never download antivirus software from unofficial websites and always double-check the address bar even if you think that you're on the accurate vendor's website. That's it, I said it.

Here is why:

Hosting malicious software through sites which look legitimate is predatory to general consumers, especially those who look to protect their devices from cyber attacks.

The list of websites are avast-securedownload[.]com, bitdefender-app[.]com, and malwarebytes[.]pro

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, and I'll see you next time.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .