Introduction
Hello there, it's me again. I hope you are doing well, welcome to this week's review.
This week's review is about bugs, malware, and vulnerabilities.
Let's go!
Google Play apps downloaded 300,000 times stole bank credentials
You might think that applications on the Play store are "safe". History shows certain malware sneak into official app stores and this story is an example.
Excerpt from the article:
The apps—posing as QR scanners, PDF scanners, and cryptocurrency wallets—belonged to four separate Android malware families that were distributed over four months. They used several tricks to sidestep restrictions that Google has devised in an attempt to rein in the unending distribution of fraudulent apps in its official marketplace.
Project Zero Flags High-Risk Zoom Security Flaw
Zoom ain't going in the nearest future, meaning you have to take this news with utmost importance.
Excerpt from the article:
The flaws, discovered and reported by Google Project Zero researcher Natalie Silvanovich, affect the company’s flagship Zoom Client for Meetings on all major platforms and could be exploited for code execution attacks.
Zoom slapped a “high-severity” rating on the more serious of the two vulnerabilities (CVE-2021-34423) and warned that the issue also affects a wide range of downstream components and SDKs.
Critical Wormable Security Flaw Found in Several HP Printer Models
If a flaw is wormable, it is dangerous.
Excerpt from the article:
A successful attack will allow an adversary to achieve various objectives, including stealing information or using the compromised machine as a beachhead for future attacks against an organization.
Unpatched Unauthorized File Read Vulnerability Affects Microsoft Windows OS
The title says it all.
Excerpt from the article:
Tracked as CVE-2021-24084 (CVSS score: 5.5), the flaw concerns an information disclosure vulnerability in the Windows Mobile Device Management component that could enable an attacker to gain unauthorized file system access and read arbitrary files.
Malicious Android app steals Malaysian bank credentials, MFA codes
Humans are crafty creatures, no matter the security in place to protect something, we'll find a way to bypass it, whether it's legal or not.
Excerpt from the article:
A fake Android app is masquerading as a housekeeping service to steal online banking credentials from the customers of eight Malaysian banks.
The app is promoted through multiple fake or cloned websites and social media accounts to promote the malicious APK, 'Cleaning Service Malaysia.'
Nine WiFi routers used by millions were vulnerable to 226 flaws
No system is safe.
Excerpt from the article:
The tested routers are made by Asus, AVM, D-Link, Netgear, Edimax, TP-Link, Synology, and Linksys, and are used by millions of people.
The front-runners in terms of the number of vulnerabilities are the TP-Link Archer AX6000, having 32 flaws, and the Synology RT-2600ac, which has 30 security bugs.
Really stupid “smart contract” bug let hackers steal $31 million in digital coin
Smart might not be smart after all.
Excerpt from the article:
An accounting error built into the company’s software let an attacker inflate the price of the MONO token and to then use it to cash out all the other deposited tokens, MonoX Finance revealed in a post. The haul amounted to $31 million worth of tokens on the Ethereum or Polygon blockchains, both of which are supported by the MonoX protocol
Support Me
Writing makes me thirsty. I'll appreciate a cup of coffee 😉.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, I'll see you next Friday.