Welcome to this week's review. I hope you had a joyful week. As you prepare for the weekend, let's get you up to speed on important security news that are worthy of your precious time.
Introduction
This week's review is about social engineering, software vulnerabilities, Artificial Intelligence, and Malware. Let's go!
Dear all, What are some common subject lines in phishing emails?
No one is immune to phishing. The best we can do is to keep ourselves updated on the tactics used by malicious users with the sole intent of getting out private information. In this article, the team at welivesecurity compiled the following email subject that should indicate that an email is likely to be a phishing attempt:
"Your session expired. Click here to sign in again."
"I need you to make an urgent payment"
"Dear applicant…"
"Due to the current situation…"
"Merry Christmas!"
"We are unable to process your tax return"
"No response required"
Zenbleed: New Flaw in AMD Zen 2 Processors Puts Encryption Keys and Passwords at Risk
Do you remember Spectre and Meltdown? Well, Zenbleed is another "speculative execution attack". It was discovered by Tavis Ormandy of Google Project Zero. The following is an excerpt from TheHackerNews article:
This attack works by manipulating register files to force a mispredicted command. Since the register file is shared by all the processes running on the same physical core, this exploit can be used to eavesdrop on even the most fundamental system operations by monitoring the data being transferred between the CPU and the rest of the computer
Code Execution Vulnerability Impacts 900k MikroTik Devices
If you have MikroTik devices (or know anyone that does), this article is for you. The article's title sums it up nicely, and below you have an excerpt of why this article is worth your time:
The issue, the firm says, should be taken seriously because it is rather easy to obtain RouterOS credentials and exploit this vulnerability to escalate privileges from admin to ‘super-admin’ – which provides the attacker with access to an arbitrary function call.
On the one hand, attackers can use default RouterOS credentials to compromise devices. On the other hand, they can use various tools to brute-force RouterOS devices, including API, web, and Winbox brute forcing tools (Shodan shows roughly 400,000 devices exposing the RouterOS API).
The Good, the Bad and the Ugly of Generative AI
The year 2023 will forever be remembered as the year of the AI bubble, but that does not come without its controversies. If you subscribed to some email listings about AI in 2023, there is a possibility that you've come across news about generative AI, like ChatGPT, producing wrong information. This article highlighted some of these concerns, and we've highlighted them in the excerpt below 👇:
Good: AI has a significant role in driving efficiency across the security operations lifecycle.
Bad and Ugly: Security operations can take a turn for the worse when we start to think we can hand the reigns over to AI models completely
Almost 40% of Ubuntu users vulnerable to new privilege elevation flaws
Both vulnerabilities are tracked as CVE-2023-32629 and CVE-2023-2640. Nonetheless, Ubuntu has made updates available, and if you're wondering if it's worth it, the following excerpt should convince you:
CVE-2023-2640 is a high-severity (CVSS v3 score: 7.8) vulnerability in the Ubuntu Linux kernel caused by inadequate permission checks allowing a local attacker to gain elevated privileges.
CVE-2023-32629 is a medium-severity (CVSS v3 score: 5.4) flaw in the Linux kernel memory management subsystem, where a race condition when accessing VMAs may lead to use-after-free, allowing a local attacker to perform arbitrary code execution.
WordPress Ninja Forms plugin flaw lets hackers steal submitted data
It's an XSS attack, an update is available but at the time of writing, thousands of sites are still vulnerable. So, read the excerpt below and inform a WordPress website that has the plugin installed:
The first vulnerability, is a POST-based reflected XSS (cross-site scripting) flaw that allows unauthenticated users to escalate their privileges and steal information. The second and third problems are broken access control issues on the plugin's form submissions export feature.
New Malvertising Campaign Distributing Trojanized IT Tools via Google and Bing Search Ads
When you're searching for IT tools, be careful about the ads that you click on. Unknowingly, you can download a trojanized installer that can facilitate the compromise of your network. Here is more for you:
Dubbed Nitrogen, the "opportunistic" activity is designed to deploy second-stage attack tools such as Cobalt Strike. Nitrogen was first documented by eSentire in June 2023, detailing an infection chain that redirects users to compromised WordPress sites hosting malicious ISO image files.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.