DEV Community

Cover image for Security news weekly round-up - 22nd May 2020
Habdul Hazeez
Habdul Hazeez

Posted on • Edited on

Security news weekly round-up - 22nd May 2020

Cover photo by Jazmin Quaynor on Unsplash.

Introduction

Welcome to the weekly round-up of security news from around the Web. I hope your week was fine.

This week round-up is about malware and vulnerabilities. Without no further ado let's go.


Adobe releases critical out-of-band security update

If you use any Adobe products, you should update your software. The updates include updates that fixes an RCE in Adobe Character Animator.

Excerpt from the article:

While the risks of being affected are low, users should still upgrade to the latest version as soon as possible as attackers can examine the changed files to help determine what was fixed.

Microsoft warns of 'massive' phishing attack pushing legit RAT

Phishing is not a new topic in Information security, attackers only change their tactics and can leverage the popularity of an event to start a campaign. In this case it's the current global pandemic COVID-19.

Excerpt from the article:

The attack starts with emails pretending to be from the Johns Hopkins Center, which is sending an update on the number of Coronavirus-related deaths there are in the United States.

HTTP Status Codes Command This Malware How to Control Hacked Systems

Humans always find crafty ways to use technology, in this case HTTP status codes was used to control a malware.

Excerpt from the article:

A new version of COMpfun remote access trojan (RAT) has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe.

New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks

The title says its all.

Excerpt from the article:

Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service (DDoS) attacks to takedown targeted websites.

Microsoft issues mitigation for the NXNSAttack DNS DDoS attack

This is the fix for the attack in the previously linked article.

Excerpt from the article:

Microsoft has released a security advisory to mitigate the NXNSAttack vulnerability in DNS servers that could be used to amplify a single DNS request into a DDoS attack against authoritative DNS servers.

New Bluetooth Vulnerability Exposes Billions of Devices to Hackers

We are all in this together (at least if you use a Bluetooth enabled device). This attack is called BIAS (Bluetooth Impersonation Attacks).

Excerpt from the article:

"The Bluetooth specification contains vulnerabilities enabling to perform impersonation attacks during secure connection establishment," the researchers outlined in the paper. "Such vulnerabilities include the lack of mandatory mutual authentication, overly permissive role switching, and an authentication procedure downgrade."

Hackers infect multiple game developers with advanced malware

If you are gamer you might be a game.

Excerpt from the article:

The recent attack used a never-before-seen backdoor that ESET has dubbed PipeMon. To evade security defenses, PipeMon installers bore the imprimatur of a legitimate Windows signing certificate that was stolen from Nfinity Games during a 2018 hack of that gaming developer.


That's it for this week, I'll see you next Friday.

Top comments (2)

Collapse
 
jlrxt profile image
Jose Luis Ramos T.

Estamos en serios problemas si las grandes empresas son blancos vulnerables. Chicos a tomar ingeniería a la inversa.

Collapse
 
ziizium profile image
Habdul Hazeez

No system is safe.