Security news weekly round-up - 4th August 2023

Habdul Hazeez - Aug 4 '23 - - Dev Community

This is the first review for August 2023. I welcome you all. Let's get to it!

Introduction

This week's review is about malware, artificial intelligence, endpoint security, printer, and cloud security.


Android malware steals user credentials using optical character recognition

Threat actors always get crafty, so you need to be aware. This malware can take screenshots and use OCR to extract the text and send it to a C&C server. Here is more for you:

The most interesting aspect of the malware is its rare, if not novel, feature that allows it to capture mnemonic passphrases used to gain access to an account. When the legitimate apps display passphrases on phone screens, the malware first takes an image of the screen and then uses OCR to translate the image into a text format that can be used to raid the account.

Hackers Abusing Windows Search Feature to Install Remote Access Trojans

Be careful before you click any link in your email, especially if it causes Windows to display a warning about opening Windows Explorer. You might be downloading RAT which allows remote access to your computer. The following is a quick recap of the article:

... threat actors have been observed creating deceptive emails that embed hyperlinks or HTML attachments containing a URL that redirects users to compromised websites. This triggers the execution of JavaScript that makes use of the URI protocol handlers to perform searches on an attacker-controlled server.

Hackers steal Signal, WhatsApp user data with fake Android chat app

Don't download any "chat app", if it's not reputable, and if it has an enticing name like "SafeChat" (I did not make that up). More reasons why you should adhere to this:

The analysts report that Safe Chat features a deceiving interface that makes it appear as a real chat app and also takes the victim through a seemingly legitimate user registration process that adds credibility and serves as an excellent cover for the spyware.

One critical step in the infection is the acquisition of permissions to use the Accessibility Services, which are subsequently abused to automatically grant the spyware more permissions.

Canon warns of Wi-Fi security risks when discarding inkjet printers

If you no longer use it, wipe it thoroughly before you discard it. This is basic information for every privacy-focused individual, but now, Canon is repeating that message for some of its InkJet printers. That's because it could lead to theft of your network credentials, as a result, compromising your network security. More on this:

Canon is warning users of home, office, and large format inkjet printers that their Wi-Fi connection settings stored in the devices' memories are not wiped, as they should, during initialization, allowing others to gain access to the data.

The specific information stored in a Canon printer varies depending on the model and configuration but generally includes the network SSID, the password, network type (WPA3, WEP, etc.), assigned IP address, MAC address, and network profile.

Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack

This attack is sophisticated and currently poses little risk, but you should be aware that it's possible. Some of the researchers involved worked on Spectre and Meltdown vulnerabilities, which is why you should take it seriously. A quick excerpt from the article:

An unprivileged attacker — for instance, by using malware planted on the targeted device — can leverage the Collide+Power attack to obtain valuable data such as passwords or encryption keys. The researchers noted that the Collide+Power attack enhances other power side-channel signals, such as the ones used in the PLATYPUS and Hertzbleed attacks.

Researchers figure out how to make AI misbehave, serve up prohibited content

You can dub this the "jailbreak of AI". As humans, we often find ways to make machines do our bidding (good or bad). Here are specific details of this attack:

The researchers used an open source language model to develop what are known as adversarial attacks. This involves tweaking the prompt given to a bot so as to gradually nudge it toward breaking its shackles. The attack forces chatbots to give disallowed responses to harmful prompts by adding a certain string of information to the end.

Microsoft comes under blistering criticism for “grossly irresponsible” security

UPDATE August 4, 2023: Bleeping computer reported that they've fixed it. Nonetheless you can read the original review before the fix below 👇.

Occasionally, Big Tech does come under fire. This time it's Billy's Microsoft. This is coming after Senator Ron Wyden called out Microsoft for "negligent cybersecurity practices (PDF file). This time, it's Amit Yoran, chairman and CEO of Tenable. Here are bits of what he said, and you can read the article for more details:

Yoran took to LinkedIn to castigate Microsoft for failing to fix what the company said on Monday was a “critical” issue that gives hackers unauthorized access to data and apps managed by Azure AD.

In a separate email, Yoran responded: "It now appears that it's either fixed, or we are blocked from testing. We don't know the fix, or mitigation, so hard to say if it's truly fixed, or Microsoft put a control in place like a firewall rule or ACL to block us.


Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, and I'll see you next time.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .