Introduction
Hello and welcome. In this week's review, the articles that we'll cover are about malware, vulnerabilities, and WordPress website security.
GitHub comments abused to push malware via Microsoft repo URLs
If there is anything that you and I need to take away from this article, it should be the following: Don't blindly install anything from a GitHub repository that you consider trustworthy.
The following excerpt from the article is more reason why you should not doubt my previous statement:
As the file's URL contains the name of the repository the comment was created in, and as almost every software company uses GitHub, this flaw can allow threat actors to develop extraordinarily crafty and trustworthy lures.
Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers
It's evident that this is research and it shows us what's possible in the most popular operating system in the world, Windows. Take a few minutes and read the article, starting with the excerpt below.
We believe the implications are relevant not only to Microsoft Windows, which is the world's most widely used desktop OS, but also to all software vendors, most of whom also allow known issues to persist from version to version of their software.
Hackers infect users of antivirus service that delivered updates over HTTP
It appears that they have fixed the issue, but issuing antivirus updates via insecure HTTP is unbelievable. That was the vector that the threat actors leveraged to deliver tainted updates that eventually infected the end users.
Here is more from the article:
The complex infection chain started when eScan applications checked in with the eScan update system. The threat actors then performed a MitM attack that allowed them to intercept the package sent by the update server and replace it with a corrupted one that contained code to install GuptiMiner.
Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users
The title says it all. Furthermore, the article reported that most of the vendors have fixed the issue. Nonetheless, the excerpt below briefly explains what happened.
Successful exploitation of these vulnerabilities could permit adversaries to decrypt Chinese mobile users' keystrokes entirely passively without sending any additional network traffic.
Millions of IPs remain infected by USB worm years after its creators left it for dead
In this situation, the researchers were stuck with a decision to disinfect the infected systems or not. At the time of writing, they have left that decision to law enforcement agencies because to disinfect the system they will have to issue commands to systems that they don't own and this can lead to legal challenges.
The following excerpt is why this is the case:
Because of how the worm infects drives, disinfecting them risks deleting the legitimate data stored on them. On the other hand, allowing drives to remain infected makes it possible for the worm to start its proliferation all over again.
Powerful ‘Brokewell’ Android Trojan Allows Attackers to Takeover Devices
This malware can act as a banking trojan and allows attackers remote access to the infected devices. The excerpt below briefly explains how that malware works.
To harvest the victim’s credentials, the malware overlays fake windows over the targeted mobile applications. Furthermore, it can steal browser cookies by launching its own WebView, loading the legitimate site, and dumping session cookies after the user completes the login process.
Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites
It does not sound good, and the vulnerability in question has a CVSS score of 9.9 out of 10 (the maximum).
Here is how the attack works:
This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as attackers can exploit it to gain unauthorized access to websites, create admin‑level user accounts, upload malicious files, and potentially take full control of affected sites.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.