Introduction
Welcome to this week's review. Today, we'll cover articles about vulnerabilities, cyber crime, fraud and identity theft, and malware.
Let's begin.
Mastodon vulnerability allows attackers to take over accounts
Mastodon has fixed the vulnerability, and they're alerting those vulnerable instances (servers) to update as soon as possible. Speaking of the technical details of the vulnerability, it can allow account takeover and so it has a score of 9.4 on the Common Vulnerability Scoring System (CVSS).
Here is more about it:
The newly fixed flaw is tracked as CVE-2024-23832 and stems from insufficient origin validation in Mastodon, allowing attackers to impersonate users and take over their accounts.
Deepfake scammer walks off with $25 million in first-of-its-kind AI heist
Hopefully, we don't see this often. I mean, it's just scary, and it takes social engineering to a whole new level.
More for you:
Despite initial doubts, the employee was convinced enough by the presence of the CFO and others in a group video call to make 15 transfers totaling HK$200 million to five different Hong Kong bank accounts. Officials realized the scam occurred about a week later, prompting a police investigation.
Millions of User Records Stolen From 65 Websites via SQL Injection Attacks
Web security is essential, and if you're learning web development, ensure that you don't overlook it. This article should serve as a motivation why should take security seriously.
Here is a quick excerpt from the article:
In one instance, the group created a fake employer profile on a recruitment website, and injected an XSS script using one of the fields in the profile. In another instance, XSS code was included in a fake CV.
Through the injection of malicious SQL queries, the threat actor was able to retrieve databases containing close to 2.2 million rows, more than 500,000 of which represented user data from employment websites.
Critical vulnerability affecting most Linux distros allows for bootkits
Lookout for patches and install them immediately they become available. The excerpt below is why you should do this.
The vulnerability, tracked as CVE-2023-40547, is what’s known as a buffer overflow, a coding bug that allows attackers to execute code of their choice. It resides in a part of the shim that processes booting up from a central server on a network using the same HTTP that the web is based on.
Google Announces Enhanced Fraud Protection for Android
It's about protecting Android users from fraudulent applications that can intercept one-time passwords. Specifically, this protection will block the permissions that these applications can abuse on an Android device.
More for you:
Part of Google Play Protect, the enhanced fraud protection will block the installation of sideloaded applications that request sensitive runtime permissions that are frequently abused by fraudsters.
The feature will analyze attempts to install applications from internet-sideloading sources, such as browsers, file managers, or messaging applications
New macOS Backdoor Linked to Prominent Ransomware Groups
The Command and Control Server used by this backdoor is what led to the connection with the prominent ransomware. Specifically, they are the Black Basta and Alphv/BlackCat ransomware families.
Here is more from the article:
All analyzed samples support multiple commands to harvest and exfiltrate files and to gather details about the infected machine. The information is sent to a command-and-control (C&C) server to generate a victim ID that is used in subsequent communication.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.