Security news weekly round-up - 8th October 2021

Habdul Hazeez - Oct 8 '21 - - Dev Community

Introduction

Hello and welcome to this week's review. If you've been following this series for a while, I'll take a guess you already know my name, nevertheless, I'll state it again for those of you reading this for the first time. I am Habdul Hazeez, and I am your host for this series.

This week's review is packed with the entire theme of this series. From scam, malware, bugs, you name it, this week's review has got it all.

Grab a cup of coffee, and let's get started.


Hundreds of scam apps hit over 10 million Android devices

One of the things I like about the folks at Arstechnica is that the title of their articles makes you want to read the article because it's always a complete summary of what the article entails, this one is not an exception.

For this article, I'll advise you to be careful of the apps you install on your device.

Excerpt from the article:

The operation targeted Android users in more than 70 countries and specifically checked their IP addresses to get a sense of their geographic regions. The app would show webpages in that location's primary language to make the experience more compelling.

The malware operators took care not to reuse URLs, which can make it easier for security researchers to track them. And the content the attackers generated was high quality, without the typos and grammatical errors that can give away more obvious scams.

Hackers Stole Cryptocurrency From Thousands of Coinbase Accounts

Say what? That's what I thought when I read the article's title.

Stay safe, don't put all your savings in one account, unless you have absolute control of the account and, if any of your online accounts support Multi-factor authentication, please switch it on.

Excerpt from the article:

Between March and May 20, 2021, threat actors diverted cryptocurrency from the accounts of at least 6,000 customers, the cryptocurrency exchange platform says in a data breach notification letter submitted with the California Attorney General

The attack, Coibase explains, was a complex one, possible only if the attackers had prior knowledge of the victim’s email address, password, and phone number used for the Coinbase account. Furthermore, the attackers also needed access to the victim’s email inbox

Company that routes SMS for all major US carriers was hacked for five years

At first, when you read headlines like this one, you might think it's clickbait, and find it hard to believe, but when you read the entire article, you are left speechless.

Excerpt from the article:

Syniverse, a company that routes hundreds of billions of text messages every year for hundreds of carriers including Verizon, T-Mobile, and AT&T, revealed to government regulators that a hacker gained unauthorized access to its databases for five years. Syniverse and carriers have not said whether the hacker had access to customers' text messages

Apache web server zero-day bug is easy to exploit – patch now!

The title of articles by those at naked security by sophos can make you jump out of your bed (or whatever) because it sets you into panic mode. Now, read the article's title again, you'll know what I am talking about.

Excerpt from the article:

This bug is already both widely-known and trivial to exploit, with examples now circulating freely on Twitter, and a single, innocent-looking web request aimed at your server could be enough for an attacker to take it over completely

To the moon and hack: Fake SafeMoon app drops malware to spy on you

The team at welivesecurity have this sense of humor that they always add some poetry to the title of their articles and research papers.

Excerpt from the article:

A campaign spotted recently impersonates the SafeMoon cryptocurrency app and uses a fake update to lure Discord users to a website that distributes a well-known remote access tool (RAT)

ESET Discovers UEFI Bootkit in Cyber Espionage Campaign

You can get rid of malware using antimalware tools, but bootkit? That is a tough one to get rid of.

Excerpt from the article:

According to ESET researchers Anton Cherepanov and Martin Smolar, the malware has evaded detection for almost a decade and was engineered to bypass Windows Driver Signature Enforcement to load its own unsigned driver

Iranian Hackers Abuse Dropbox in Cyberattacks Against Aerospace and Telecom Firms

Using a legitimate service for something else is nothing new. Threat actors are known to abuse file-sharing services to store ex​fil​trat​ed data before moving the data to their server.

Excerpt from the article:

Boston-based cybersecurity company Cybereason dubbed the attacks "Operation Ghostshell," pointing out the use of a previously undocumented and stealthy remote access trojan (RAT) called ShellClient that's deployed as the main spy tool of choice

Support Me

Writing makes me thirsty. I'll appreciate a cup of coffee 😉.

Buy Me A Coffee

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, I'll see you next Friday.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .