Security news weekly round-up - 26th January 2024

Habdul Hazeez - Jan 26 - - Dev Community

Introduction

Welcome everyone. This week's review will cover almost everything that we set out to do in this series. This includes security, malware, research in computer security, vulnerabilities, and cybercrime.


Meta won't remove fake Instagram profiles that are clearly catfishing

This article is worthy of your reading (as is everything in the review), but this is special. The lesson here is to be careful of the accounts you interact with on Instagram, especially the ones that appear "successful". You never know; it could be an imposter.

Here is why:

These imposters then begin to "follow" the followers of the real account, in hopes of getting followed back and establishing themselves as trustworthy on the platform, while simultaneously blocking the authentic profile whose pictures they are misusing. This cuts off the possibility of contact with and being seen by the authentic user.

NS-STEALER Uses Discord Bots to Exfiltrate Your Secrets from Popular Browsers

The lesson from this article? Think again before you download "cracked" software. Why? That's because the article explained that's how this stealer can get on your computer.

What's more, the following serves as extra motivation on why you should read this article now:

the malware subsequently saves screenshots, cookies, credentials, and autofill data stolen from over two dozen web browsers, system information, a list of installed programs, Discord tokens, Steam and Telegram session data. The captured information is then exfiltrated to a Discord Bot channel.

Ambient light sensors can reveal your device activity. How big a threat is it?

Keep calm, for now, it's research. However, it's bound to get better in the future and that's why you should be aware of it now. Nonetheless, it's a fun read.

Here is something to get you started:

There are plenty of limitations that prevent the attack as it exists now from being practical or posing an immediate threat. The biggest restrictions: It works only on devices with a large screen, in environments without bright ambient light, and when the screen is displaying certain types of content that are known to the attacker.

Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub

At the time of writing, the packages have been removed by the npm maintainers. This is where we have to state again: always double-check the package that you download from npm.

The following is a quick reminder of why this is necessary:

The campaign is just the latest example of cybercriminals and malicious actors using open source package managers and related infrastructure to support malicious software supply chain campaigns that target development organizations and end-user organizations

$1.7 Billion Stolen in Cryptocurrency Hacks in 2023: Analysis

That's a lot of money and it's scary because it shows that real people suffered considerable losses in the cryptocurrency world in 2023. Stay safe in 2024 and keep yourself updated with the latest security news (no matter how small it might seem).

An excerpt from the article:

Although the total amount stolen from crypto platforms in 2023 was down significantly from prior years, it is clear that attackers are becoming increasingly sophisticated and diverse in their exploits. The good news is, crypto platforms are becoming more sophisticated in their security and responses to attacks, too

Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug

It's really scary with a CVSS score of 10. Here, 10 means that it's severe. What's more, there are more than 5000 such servers currently out there.

Here is more about the bug:

the issue allows attackers to have password reset messages sent to unverified email addresses under their control, potentially leading to account takeover.

The life and times of Cozy Bear, the Russian hackers who just hit Microsoft and HPE

Cozy Bear also goes under different aliases like APT29, and The Dukes, among others. I have read some documented research about their attacks in the past. Now, based on public reports, they struck Hewlett Packard Enterprise and Microsoft in May and November 2023.

It's a bit of a long read, so here is what should inspire you to read it all:

Cozy Bear hacking its way into the email systems of two of the world’s most powerful companies and monitoring top employees’ accounts for months aren’t the only similarities in the two events.

Both breaches also involved the compromise of a single device on each corporate network, then escalating that toehold to the network itself. From there, Cozy Bear camped out undetected for months.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, and I'll see you next time.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .