DEV Community

Cover image for Security news weekly round-up - 12th November 2021
Habdul Hazeez
Habdul Hazeez

Posted on

Security news weekly round-up - 12th November 2021

Introduction

Hello there. Welcome to this week's security review where we talk about stories that are worthy of your time.

I am your host Habdul Hazeez.

This week, if your device could get infected with malware or affected by a vulnerability just by reading this edition, I am sure your device will get infected or an attacker might find a vulnerability on an app on your device and might just execute an RCE on it. Just saying 😇.

Let's get on with it.


New Android malware targets Netflix, Instagram, and Twitter users

It's a banking Trojan using a fake overlay in an attempt to steal your credit card information.

Stay safe.

Excerpt from the article:

By utilizing the Application Accessibility toolkit installed on Android by default, the attacker is able to use the application to implement the Overlay attack to trick the user into entering credit card information for fake account breaches on both Netflix and Twitter

PhoneSpy: Android spyware campaign targeting South Korean users

I told you, it's spooky malware week. 😄

This malware in question can steal sensitive information from a device and also take over its camera and microphone. Unauthorized access to the latter and the former make spying possible.

Excerpt from the article:

The 'PhoneSpy' spyware comes disguised as a Yoga companion app, the Kakao Talk messaging app, an image gallery browser, a photo editing tool, and more.

Zimperium identified 23 laced apps that appear as harmless lifestyle apps, but in the background, the apps run all the time, silently spying on the user.

Critical Flaw in WordPress Plugin Leads to Database Wipe

When you read the article's title, what's is the first thing that popped into your mind?

Share it in the comments section.

Excerpt from the article:

A major security vulnerability in the WP Reset PRO WordPress plugin could be exploited by an authenticated user to wipe the entire database of a website, according to a warning from researchers at Packstack (formerly WebARX).

The issue can be exploited by any authenticated user, regardless of their authorization, to wipe all tables in a WordPress installation's database.

Invisible characters could be hiding backdoors in your JavaScript code

Do you remember the story that we covered last week titled 'Trojan Source' Attack Abuses Unicode to Inject Vulnerabilities Into Code?

Well, this attack from Certitude Consulting is an inspiration from that article.

Excerpt from the article:

Security researcher Wolfgang Ettlinger, who is also the Director of Certitude Consulting, surmised "what if a backdoor literally cannot be seen and thus evades detection even from thorough code reviews?"

And surely enough, it didn't take long for Ettlinger to come up with a proof of concept (PoC)

Palo Alto Warns of Zero-Day Bug in Firewalls Using GlobalProtect Portal VPN

One of the scariest things you can think of in computer security is when the software designed to protect a system becomes vulnerable to attacks. I mean, a firewall has a zero-day bug 🤔.

Excerpt from the article:

The vulnerability chain consists of a method for bypassing validations made by an external web server (HTTP smuggling) and a stack-based buffer overflow," Randori researchers said. "Exploitation of the vulnerability chain has been proven and allows for remote code execution on both physical and virtual firewall products.

13 New Flaws in Siemens Nucleus TCP/IP Stack Impact Safety-Critical Equipment

In context, this is similar to the previous story.

Excerpt from the article:

Collectively called "NUCLEUS:13," successful attacks abusing the flaws can "result in devices going offline and having their logic hijacked," and "spread[ing] malware to wherever they communicate on the network

Careful: 'Smart TV remote' Android app on Google Play is malware

The applications in question(the other being the Halloween Coloring app) are laced with Joker malware.

Excerpt from the article:

Joker malware hide malicious code in seemingly benign apps and publish these to official app stores. Earlier this year, over 500,000 Huawei Android devices were found to be infected with Joker.

The malware is known to subscribe users to premium mobile services without their consent or knowledge.

Support Me

Writing makes me thirsty. I'll appreciate a cup of coffee 😉.

Buy Me A Coffee

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, I'll see you next Friday.

Top comments (1)

Collapse
 
stoner55 profile image
stoner55 • Edited

thanks for sharing. cybersecurity is quite needed thing in our time. Plus do not forget that the software offers users the mandate to restrict particular actions and also block the usage of the phone completely. It is essential for parents who want to protect their kids. Thats why I started to use android spy apps