Security news weekly round-up - 16th August 2024

ziizium

Habdul Hazeez

Posted on August 16, 2024

Security news weekly round-up - 16th August 2024

Introduction

Hello! It's another week and it's time for another review of security news that is worthy of your attention. In this week's edition, the articles that we'll review are about malware, vulnerabilities, and scams

So, let's get started.


New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions

At the end of the article, there are ways to get rid of the malware if you're infected. Nonetheless, this shows the lengths threat actors are willing to go to to compromise your computer system.

From the article:

At the heart of the campaign is the use of malvertising to push lookalike websites promoting known software like Roblox FPS Unlocker, YouTube, VLC media player, Steam, or KeePass to trick users searching for these programs into downloading a trojan, which serves as a conduit for installing the browser extensions.

Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure

Reading articles like this is what keeps me going in computer security. The ingenuity with which people find vulnerabilities will never cease to amaze me. Okay, back to the topic. The vuln is tracked as CVE-2024-38200 and has a CVSS score of 7.5.

From the article on how the vulnerability can be exploited:

In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability

Why scammers want your phone number

Something within you might yell "I know this already". But wait 🛑. There is more for you to learn in this article. Why? If words like pig butchering, smishing, and CEO fraud are new to you. You should read the article.

Here is some quick information from the article and more reasons why it's worthy of your time:

Why are all these scams such a threat? These days, many online services rely on phone numbers for authentication and account recovery. Compromising a phone number can, therefore, be tantamount to bypassing your security safeguards, including two-factor authentication (2FA). Additionally, scammers may impersonate you to defraud your contacts – or your employer.

GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential Takeover

From the guys at Palo Alto Networks Unit 42, the vulnerability is related to GitHub Actions. Now, wait, before you panic, based on the original author, some companies have patched their code.

From the article, it's on you (as the repository owner) to take action:

A number of open-source repositories related to Amazon Web Services (AWS), Google, Microsoft, Red Hat, and Ubuntu have been found susceptible to the attack. GitHub, for its part, has categorized the issue as informational, requiring that users take it upon themselves to secure their uploaded artifacts.

Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw

At the time of writing, technical details of the vulnerability have not been made available due to some factors or other. To make matters worse, the vulnerability is susceptible to zero-click exploit; an exploit that requires no human interaction can be developed to exploit it. To complicate issues and to show the severity of this vulnerability, Microsoft has tagged it with a CVSS severity score of 9.8 out of 10.

From the article where they quoted Microsoft:

An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution

Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at Risk

As a normal user, you can't uninstall the app. However, you're in luck. At the time of writing, the article quoted a Google spokesperson saying that they will be removing the app from all supported in-market Pixel devices with an upcoming Pixel software update. Good news!

Here is what's wrong with the vulnerable application in question:

The crux of the problem has to do with the app downloading a configuration file over an unencrypted HTTP web connection, as opposed to HTTPS, thereby opening the door for altering it during transit to the targeted phone.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, and I'll see you next time.

đź’– đź’Ş đź™… đźš©
ziizium
Habdul Hazeez

Posted on August 16, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related