DEV Community

Cover image for Security news weekly round-up - 26th June 2020
Habdul Hazeez
Habdul Hazeez

Posted on • Edited on

Security news weekly round-up - 26th June 2020

Cover photo by Jazmin Quaynor on Unsplash.

Introduction

Welcome to the weekly round-up of security news from around the Web. I hope your week was fine.

This week it's about attack, vulnerability, malware and privacy.


Akamai Mitigates Record 809 MPPS DDoS Attack

Akamai is a Content Delivery Network (CDN) provider and cloud security solutions and the title says it all.

Excerpt from the article:

The attack, which lasted just over 10 minutes, reached 418 GBPS within seconds, and 809 MPPS in two minutes. The attack vector was UDP on port 80.

Ransomware Operators Claim They Hacked LG

LG electronics is a South Korean company and if my assumption is correct (at the time writing, they need no introduction).

The operators of MAZE ransomware claim to have stolen files from LG.

Excerpt from the article:

The operators of the Maze ransomware are known for targeting major organizations and not only encrypting their files, but also stealing files and threatening to make them public unless a ransom is paid.

The hackers recently claimed to have breached LG and they posted a few screenshots apparently showing files taken from the electronics giant’s systems.

VMware Patches Several Vulnerabilities Allowing Code Execution on Hypervisor

The title says it all.

Excerpt from the article:

The most serious of the vulnerabilities is CVE-2020-3962, a critical use-after-free bug related to the SVGA device. An attacker who has local access to a virtual machine (VM) with 3D graphics enabled can exploit the weakness for arbitrary code execution on the hypervisor from the VM.

Docker Images Containing Cryptojacking Malware Distributed via Docker Hub

Humans always find a way to use legitimate services for other purposes, this case is one such example.

Excerpt from the article:

According to a report published by Palo Alto Networks' Unit 42 threat intelligence team, the purpose of these Docker images is to generate funds by deploying a cryptocurrency miner using Docker containers and leveraging the Docker Hub repository to distribute these images.

Hackers use Google Analytics to steal credit cards, bypass CSP

Another case of using legitimate services for other purposes.

Excerpt from the article:

This new tactic takes advantage of the fact that e-commerce web sites using Google's web analytics service for tracking visitors are whitelisting Google Analytics domains in their CSP configuration (a security standard used to block the execution of untrusted code on web apps).

New research from web security companies Sansec and PerimeterX shows that using CSP to prevent credit card skimming attacks is pointless on sites that also deploy Google Analytics (GA) as threat actors can use it to exfiltrate harvested data to their own accounts.

New Privacy Features Added to the Upcoming Apple iOS 14 and macOS Big Sur

The title says it all.

Excerpt from the article:

Privacy is a fundamental human right and at the core of everything we do. That's why with iOS 14, we're giving you more control over the data you share and more transparency into how it's used.

AdBlock is causing YouTube video errors in Microsoft Edge

AdBlock is an ad-blocking extension available for both Firefox and Chrome.

Excerpt from the article:

According to Microsoft, when Microsoft Edge users with the AdBlock (Plus) or Adblock for YouTube extensions installed watch a YouTube video, they may be shown an error stating, "An error occurred. Please try again later. (Playback ID: [video_id])."


That's it for this week, I'll see you next Friday.

Edit July 10, 2020: Add cover photo credit.

Top comments (0)