Security news weekly round-up - 12th April 2024

ziizium

Habdul Hazeez

Posted on April 12, 2024

Security news weekly round-up - 12th April 2024

Introduction

Hello, and welcome to this week's review of security-related articles that are worthy of your reading time. Today, we'll cover articles related to privacy, security, and malware.

Let's begin!


Browsing in Incognito Mode Doesn’t Protect You as Much as You Might Think

For some, you'll find this article as nothing new. However, don't be surprised that some think Incognito Mode means" invincible".

Nonetheless, here is an excerpt from the article:

Incognito modes generally do not prevent the websites you visit from seeing your location, via your IP address, or stop your internet service provider from logging your activities. As long as your IP address is visible, the Mozilla Foundation says your identity and activity remain fully exposed to search engines and third parties

Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation

The bad news here is that the devices are no longer supported. Therefore, D-Link will not be patching them.

What's more, it's gets worse, based on the following excerpt:

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the system, potentially leading to unauthorized access to sensitive information, modification of system configurations, or denial of service conditions

7 reasons why cybercriminals want your personal data

Do you think that you know the reasons? Guess before opening the link and see if you get it right.

Here is a quick excerpt from the article:

The more online services you use and share your information with, the greater the chance that your data ends up in the wrong hands, for example when one of those companies is compromised by hackers

Thousands of LG TVs are vulnerable to takeover—here’s how to ensure yours isn’t one

It's not funny when your TV is subject to takeover from remote threat actors. The article states that the vulnerable TVs are about 91k. Now, what's behind the vulnerability? Check the excerpt below.

The vulnerabilities, which affect internal services that allow users to control their sets using their phones, make it possible for attackers to bypass authentication measures designed to ensure only authorized devices can make use of the capabilities

Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing

Clicking on an attachment starts the infection chain. So, be sure you want to click that attachment!

Here is why:

The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked, activate the infection sequence

the SVG file serves as a conduit to drop a ZIP archive that contains a batch script likely created using BatCloak, which then unpacks the ScrubCrypt batch file to ultimately execute Venom RAT

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, and I'll see you next time.

💖 💪 🙅 🚩
ziizium
Habdul Hazeez

Posted on April 12, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related