Introduction
Welcome to another review! As always, I am Habdul Hazeez.
This week is about malware, vulnerabilities, and staying safe online.
Here we go!
Beware of these 5 common scams you can encounter on Instagram
It's a nice piece about staying safe on IG. Guess what? I learned something from it!
Excerpt from the article:
To avoid falling victim to these scams, watch out for telltale signs such as poor grammar, or the use of generic greetings instead of personalized ones
WordPress 5.8.1 Patches Several Vulnerabilities
Hello, WP users!
Please, update ASAP.
Excerpt from the article:
Users have been informed that the latest update includes three security fixes, including for a data exposure flaw related to the REST API, and a cross-site scripting (XSS) issue in the block editor. WordPress 5.8.1 also updates Lodash, a JavaScript library that provides utility functions for common programming tasks, to address security issues
New SpookJS Attack Bypasses Google Chrome's Site Isolation Protection
If you lock it pretty well, it will take time, eventually, someone will break it.
Excerpt from the article:
The technique is a JavaScript-based line of attack that specifically aims to get around barriers Google put in place to potentially prevent leakage by ensuring that content from different domains is not shared in the same address space
Apple patches “FORCEDENTRY” zero-day exploited by Pegasus spyware
The title says it all.
Excerpt from the article:
Apple has released several security updates this week to patch a "FORCEDENTRY" vulnerability on iOS devices. The "zero-click, zero-day" vulnerability has been actively exploited by Pegasus, a spyware app developed by the Israeli company NSO Group, which has been known to target activists, journalists, and prominent people around the world
Ransomware encrypts South Africa's entire Dept of Justice network
To say the least, this is scary.
Excerpt from the article:
The incident happened on September 6 and the department activated the contingency plan for such events to ensure the continuation of some activity in the country
Several Access Bypass, CSRF Vulnerabilities Patched in Drupal
Kindly update your software.
Excerpt from the article:
All of the vulnerabilities have been assigned a moderately critical severity rating. It’s worth noting that Drupal classifies vulnerabilities based on the NIST Common Misuse Scoring System and moderately critical is roughly the equivalent of medium severity in the Common Vulnerability Scoring System (CVSS)
Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years
An operation like this can go on for a while, but it'll get revealed similarly to Operation Aurora.
Excerpt from the article:
The threat actor is believed to have been active at least since 2013. The attacks involve emails containing specific lure documents centered around the aviation or cargo industry that purport to be PDF files but link to a VBScript file hosted on Google Drive, which ultimately leads to the delivery of remote access trojans (RATs) like AsyncRAT and njRAT
Support me
Writing makes me thirsty. I'll appreciate a cup of coffee 😉.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, I'll see you next Friday.
Top comments (0)