Security news weekly round-up - 30th July 2021

Habdul Hazeez - Jul 30 '21 - - Dev Community

The tenth week in a row! Let's keep up the momentum!

Introduction

Hello and welcome to this week's security round-up. As always, I am your host Habdul Hazeez.

Half of the stories that we'll cover this week are about malware, actually 3 of them, 2 are about vulnerabilities, 1 is about bugs and 1 is about mobile security.

That brings the total to 7 stories, which is the tradition of this series i.e. we review 7 stories that are worth your time and attention every week.

That's it for the introduction, now, let's examine what we have for this week.


Fake Windows 11 installers now used to infect you with malware

Windows 11 is the latest installment in Microsoft's line of Windows Operating System. Announced on June 24, and it's scheduled to start rolling out in early 2022 (except you are on the insider program).

As humans, we are always in haste for anything new and shinning in technology, and there are people out there ready to take advantage of that. Such is the case of this story.

Excerpt from the article:

Windows 11 installer lures were also used to directly push a wide range of other payloads, ranging from the adware (considered mostly harmless by anti-malware software) to a lot more dangerous trojans, password stealers, and similar hazardous stuff.

Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software

Another malware, another trouble but this seems specific. The reason being it targets Apple macOS.

Excerpt from the article:

The malware comes with numerous capabilities, such as reading and dumping Safari cookies, injecting malicious JavaScript code into various websites, stealing information from applications, such as Notes, WeChat, Skype, Telegram, and encrypting user files.

New PetitPotam NTLM Relay Attack Lets Hackers Take Over Windows Domains

For almost a decade, novel attacks of this nature have always had a catchy name. From Heartbleed bug, Meltdown and Spectre, Stagefright to Shellshock and the list goes on. Now, we have PetitPotam.

Excerpt from the article:

Specifically, the attack enables a domain controller to authenticate against a remote NTLM under a bad actor's control using the MS-EFSRPC interface and share its authentication information. This is done by connecting to LSARPC, resulting in a scenario where the target server connects to an arbitrary server and performs NTLM authentication.

Several Bugs Found in 3 Open-Source Software Used by Several Businesses

The title says it all.

Excerpt from the article:

All the security flaws in question, which impact EspoCRM v6.1.6, Pimcore Customer Data Framework v3.0.0, Pimcore AdminBundle v6.8.0, and Akaunting v2.1.12, were fixed within a day of responsible disclosure, researchers Wiktor Sędkowski of Nokia and Trevor Christiansen of Rapid7 noted. Six of the nine flaws were uncovered in the Akaunting project.

Turn Off, Turn On: Simple Step Can Thwart Top Phone Hackers

It's quite easy to do, but it can make it difficult for hackers to getting stuff out of your phone.

Excerpt from the article:

Regularly rebooting phones won’t stop the army of cybercriminals or spy-for-hire firms that have sowed chaos and doubt about the ability to keep any information safe and private in our digital lives. But it can make even the most sophisticated hackers work harder to maintain access and steal data from a phone.

New Android Malware Uses VNC to Spy and Steal Passwords from Victims

VNC stands for Virtual Network Computing.

Excerpt from the article:

For the first time we are seeing an Android banking trojan that has screen recording and keylogging as the main strategy to harvest login credentials in an automated and scalable way.

Serious Vulnerabilities Found in Firmware Used by Many IP Camera Vendors

The title says it all.

Excerpt from the article:

While the vulnerabilities were identified during the analysis of IP cameras offered by Germany-based video management solutions provider Geutebrück, RandoriSec founder Davy Douhine told SecurityWeek they are confident that IP cameras from all the other vendors using the UDP Technology firmware are also affected.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, I'll see you next Friday.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .