Security news weekly round-up - 12th April 2024
Habdul Hazeez
Posted on April 12, 2024
Introduction
Hello, and welcome to this week's review of security-related articles that are worthy of your reading time. Today, we'll cover articles related to privacy, security, and malware.
Let's begin!
Browsing in Incognito Mode Doesn’t Protect You as Much as You Might Think
For some, you'll find this article as nothing new. However, don't be surprised that some think Incognito Mode means" invincible".
Nonetheless, here is an excerpt from the article:
Incognito modes generally do not prevent the websites you visit from seeing your location, via your IP address, or stop your internet service provider from logging your activities. As long as your IP address is visible, the Mozilla Foundation says your identity and activity remain fully exposed to search engines and third parties
Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation
The bad news here is that the devices are no longer supported. Therefore, D-Link will not be patching them.
What's more, it's gets worse, based on the following excerpt:
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the system, potentially leading to unauthorized access to sensitive information, modification of system configurations, or denial of service conditions
7 reasons why cybercriminals want your personal data
Do you think that you know the reasons? Guess before opening the link and see if you get it right.
Here is a quick excerpt from the article:
The more online services you use and share your information with, the greater the chance that your data ends up in the wrong hands, for example when one of those companies is compromised by hackers
Thousands of LG TVs are vulnerable to takeover—here’s how to ensure yours isn’t one
It's not funny when your TV is subject to takeover from remote threat actors. The article states that the vulnerable TVs are about 91k. Now, what's behind the vulnerability? Check the excerpt below.
The vulnerabilities, which affect internal services that allow users to control their sets using their phones, make it possible for attackers to bypass authentication measures designed to ensure only authorized devices can make use of the capabilities
Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing
Clicking on an attachment starts the infection chain. So, be sure you want to click that attachment!
Here is why:
The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked, activate the infection sequence
the SVG file serves as a conduit to drop a ZIP archive that contains a batch script likely created using BatCloak, which then unpacks the ScrubCrypt batch file to ultimately execute Venom RAT
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Posted on April 12, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.
Related
November 29, 2024
November 29, 2024
November 29, 2024