Security news weekly round-up - 28th June 2024

Habdul Hazeez - Jun 28 - - Dev Community

Introduction

In today's edition, we'll explore articles that discuss the following:

  • Supply chain security
  • Malware
  • Jailbreaking Generative Artificial Intelligence models

Get ready, and let's do some review!


Several Plugins Compromised in WordPress Supply Chain Attack

The attack resulted in the creation of an administrative user account on the affected websites, and then sending the details to the attacker. As a website owner, in situations like this, you should update the affected plugins as fast as you can. While at it, investigate your WordPress site and the user accounts contained therein.

The first plugin discovered was the "Social Warfare" plugin, while others are highlighted in the excerpt below:

Users of Blaze Widget versions 2.2.5 to 2.5.2, Wrapper Link Element versions 1.0.2 and 1.0.3, Contact Form 7 Multi-Step Addon versions 1.0.4 and 1.0.5, and Simply Show Hooks 1.2.1 are advised to remove the plugins and look for rogue administrative accounts on their websites.

New Medusa Android Trojan Targets Banking Users Across 7 Countries

The article is based on research from Cleafy, and the malware is, not in a good way, sophisticated. You need to read to know what I am talking about.

To get you started, read the following excerpt:

Medusa, also known as TangleBot, is a sophisticated Android malware first discovered in July 2020 targeting financial entities in Turkey. It comes with capabilities to read SMS messages, log keystrokes, capture screenshots, record calls, share the device screen in real-time, and perform unauthorized fund transfers using overlay attacks to steal banking credentials.

Mac users served info-stealer malware through Google ads

If you are thinking that every Google ads URL is legit, this article should make you think again. On any website that you find yourself, it does not hurt to double-check the website address in the URL bar. Stay safe, and read the excerpt below.

An analysis of the malware code shows that once installed, the stealer sends data to the IP address 79.137.192[.]4. The address happens to host the control panel for Poseidon, the name of a stealer actively sold in criminal markets. The panel allows customers to access accounts where data collected can be accessed.

Microsoft Details ‘Skeleton Key’ AI Jailbreak Technique

Before I started working on this article, I was reading this article about grimoires by Professor Ethan Mollick. The lesson that I have gained so far in the article is that you can tell Generative AI models like ChatGPT the way you want them to respond.

Now, that's the core of this "Skeleton Key" AI jailbreak; they asked the AI to respond to something that it's against its rule, here it's how to make a Molotov Cocktail. It declined, then, they told it it was for educational and research purposes but it should add a warning if the content might be offensive. Guess what? It obliged!

Read the following excerpt, and ensure that you read the whole article:

The Skeleton Key attack worked by asking an AI model to augment rather than change its behavior guidelines, and instructing it to add a ‘warning’ label if the output is considered harmful, offensive or illegal, instead of completely refusing to provide the requested information.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, and I'll see you next time.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .