Security news weekly round-up - 31 May 2024

Habdul Hazeez - May 31 - - Dev Community

Introduction

Hello everyone, and welcome to another edition of our security news review here on DEV. If you're new here, you can read the previous editions using the accordion above this post.

Now, in today's edition, the article that we'll review, and of course worthy of your reading time are about artificial intelligence, ransomware, phishing, malware, and password security.


Google’s “AI Overview” can give false, misleading, and dangerous answers

It sounds funny, but it's not. What's more, the article's title is a fitting summary of what it entails. Meanwhile, one of the core of this issue is the AI overview treating jokes as fact.

Here is an excerpt from the article to get you started:

Some of the funniest example of Google's AI Overview failing come, ironically enough, when the system doesn't realize a source online was trying to be funny. An AI answer that suggested using "1/8 cup of non-toxic glue" to stop cheese from sliding off pizza can be traced back to someone who was obviously trying to troll an ongoing thread.

Newly discovered ransomware uses BitLocker to encrypt victim data

This is another classic tale of threat actors abusing a system feature. Only this time, it can be destructive because when they encrypt the victim's drive, there is no way to get it back without the decryption key. Even at the end of the article, the researchers (from Kaspersky) noted that there are no specific protections to prevent a successful attack.

Start reading the article using the following excerpt:

Recently, researchers from security firm Kaspersky found a threat actor using BitLocker to encrypt data on systems located in Mexico, Indonesia, and Jordan. The researchers named the new ransomware ShrinkLocker, both for its use of BitLocker and because it shrinks the size of each non-boot partition by 100 MB and splits the newly unallocated space into new primary partitions of the same size

New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI

Among the tricks of this phishing campaign is the abuse of yet another legitimate tool: Cloudflare Workers. The threat actors are using the latter to host phishing pages in the hope of harvesting victims' credentials for popular providers like Microsoft and Gmail.

Here is an excerpt that summarizes what's going on:

The phishing page, for its part, urges the victim to sign in with Microsoft Outlook or Office 365 (now Microsoft 365) to view a purported PDF document. Should they follow through, fake sign-in pages hosted on Cloudflare Workers are used to harvest their credentials and multi-factor authentication (MFA) codes.

Over 90 malicious Android apps with 5.5M installs found on Google Play

Don't ask me how they got onto the Play Store because I don't know. I mean despite the security checks in place, malicious apps still got published on the Play Store. Luckily, a statement highlighted that Google removed the apps. Still, it's worrying (what about those who have downloaded the infected apps?)

The following is what I am talking about:

At the time of Zscaler's analysis, the two apps had already amassed 70,000 installations, demonstrating the high risk of malicious dropper apps slipping through the cracks in Google's review process.

Researchers crack 11-year-old password, recover $3 million in bitcoin

This is an interesting read. First, it involves a random password generator that was not so "random". Second, the owner of the Bitcoin got their money back after 11 years with a huge appreciation in value ($5,300 in 2013 to around $3 million as of November 2023).

Enjoy reading using the following as an inspiration:

They really annoyed me, because who knows what I did 10 years ago,” he recalls. He found other passwords he generated with RoboForm in 2013, and two of them did not use special characters, so Grand and Bruno adjusted. Last November, they reached out to Michael to set up a meeting in person. “I thought, ‘Oh my God, they will ask me again for the settings”

Cybercriminals pose as "helpful" Stack Overflow users to push malware

It's safe to say that not everyone on Stack Overflow might be there to help you. Here, on certain questions, a malicious user is advising the OP of a question to install an application to solve their problem. However, it's malware.

An excerpt from the article states the following:

While malicious PyPi packages and information-stealers are nothing new, the cybercriminals' strategy to pose as helpful contributors on Stack Overflow is an interesting approach as it allows them to exploit the trust and authority of the site in the coding community.

This approach serves as a reminder of the constantly changing tactics of cybercriminals and, unfortunately, illustrates why you can never blindly trust what someone shares online.

Mystery malware destroys 600,000 routers from a single ISP during 72-hour span

Someone woke up one day and decided that "I will burn 600k routers just for the sake of it". How cute! 🥺. But it's not 🚫. Some users suffered financial losses because their businesses were online and their router was their gateway to the internet. Without it, they lost money.

Start reading from the excerpt below:

The actor took deliberate steps to cover their tracks by using commodity malware known as Chalubo, rather than a custom-developed toolkit.

A feature built into Chalubo allowed the actor to execute custom Lua scripts on the infected devices. The researchers believe the malware downloaded and ran code that permanently overwrote the router firmware.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, and I'll see you next time.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .