Security news weekly round-up - 29th March 2024

Habdul Hazeez - Mar 29 - - Dev Community

Introduction

Hello there, it's Habdul Hazeez, and welcome to another edition of the security news weekly round-up here on Dev. In today's edition, we'll cover articles related to malware, vulnerability, social engineering, and device security.


Google's new AI search results promotes sites pushing malware, scams

One of the dangerous things on the web is to search for something on the web only for you to shown the way to a malicious or scam website without your knowledge. Unfortunately, that's what the above-linked article is all about. So, be extra careful before you click that link the next you search on Google (or anywhere else).

Some excerpts for you:

When clicking on the site in the Google search results, visitors will go through a series of redirects until they reach a scam site.

In BleepingComputer's tests, the redirects most commonly lead you to fake captchas or YouTube sites that try to trick the visitor into subscribing to browser notifications.

Top Python Developers Hacked in Sophisticated Supply Chain Attack

If you think that you are smart and cannot be hacked, kindly think again. If you're still feeling confident read the excerpt below.

To mount their supply chain attack, the hackers cloned the tool, inserted malicious code into it, and placed the malicious version on a fake mirror domain that relied on typosquatting to trick developers into mistaking it for the legitimate ‘files.pythonhosted.org’ mirror.

New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys

The researchers informed Apple in November 2023, and the technical details of the vulnerability can overwhelm you. Nonetheless, the excerpt below should get you started.

Like other attacks of this kind, the setup requires that the victim and attacker have two different processes co-located on the same machine and on the same CPU cluster. Specifically, the threat actor could lure a target into downloading a malicious app that exploits GoFetch.

Thousands of phones and routers swept into proxy service, unbeknownst to users

In this modern world, your device could be aiding cybercrimes without you knowing. If you think that's impossible, then you need to read this article, starting with the excerpt below.

The malware responsible is a variant of TheMoon, a malicious code family dating back to at least 2014. In its earliest days, TheMoon almost exclusively infected Linksys E1000 series routers. Over the years it branched out to targeting the Asus WRTs, Vivotek Network Cameras, and multiple D-Link models.

Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice

Before you open that email from your bank, ensure that it's from your bank. What's don't open any email attachments if you're not expecting one and if you can, turn off auto-download of any external media files in your email.

Here is more on why you should remember that:

The message masquerades as a bank payment notification, urging the user to open an archive file attachment. The archive ("Bank Handlowy w Warszawie - dowód wpłaty_pdf.tar.gz") conceals a malicious loader that activates the procedure to deploy Agent Tesla on the compromised host.

“MFA Fatigue” attack targets iPhone owners with endless password reset prompts

It's scary and hope (or pray) it does not happen to you. And if it does, remember to keep calm and don't click that "Allow" button out of frustration that you want to stop password reset prompts.

A quick one from the article:

If the device owner is annoyed by the sudden sound or deluge of notifications (which essentially block access to other phone features) or just considers the prompt too quickly and has trained themselves to click "Yes"/"Allow" to most other prompts, they may click "Allow" and give the attackers the access they need.

New Linux Bug Could Lead to User Password Leaks and Clipboard Hijacking

The bug is tracked under CVE-2024-28085 and it's codenamed WallEscape.

Here is how the bug works:

CVE-2024-28085 essentially exploits improperly filtered escape sequences provided via command line arguments to trick users into creating a fake SUDO prompt on other users' terminals and trick them into entering their passwords.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, and I'll see you next time.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .