DEV Community

Cover image for Security news weekly round-up - 27th August 2021
Habdul Hazeez
Habdul Hazeez

Posted on

Security news weekly round-up - 27th August 2021

With the publication of this week's review, we've matched our previous record of 14 weeks of constant publishing.

In addition, you'll find a Buy Me a Coffee link at the end of this article where you can support my work.

Introduction

Welcome to Edition 51 of this series of articles. I am your host, Habdul Hazeez.

This week's review is packed with stories about vulnerabilities, malware, exploit, and cyber-attack.

Let's dive in.


Cloudflare mitigated one of the largest DDoS attack involving 17.2 million rps

Remember Mirai or Anna Senpai? Well, they are back in the news for not-so-good reasons because the Mirai botnet was used to carry out the attack detailed in this story.

Excerpt from the article:

Within seconds, the botnet bombarded the Cloudflare edge with over 330 million attack requests," the company noted, at one point reaching a record high of 17.2 million requests-per-second (rps), making it three times bigger than previously reported HTTP DDoS attacks

Modified Version of WhatsApp for Android Spotted Installing Triada Trojan

It's best to stick with the original version of WhatsApp downloaded from official app stores. It's safe, unless, WhatsApp suffers a massive supply chain attack, in that case, billions of devices will be compromised.

Excerpt from the article:

The tampered variant of the app detected by Kaspersky comes equipped with capabilities to gather unique device identifiers, which are sent to a remote server that responds back with a link to a payload that's subsequently downloaded, decrypted, and launched by the Triada trojan

Bahraini Activists Targeted Using a New iPhone Zero-Day Exploit From NSO Group

Any system termed or deemed as "secure" comes under constant attack, just so attackers can confirm if it's truly secure. An example of such a system is Apple's iPhone.

Excerpt from the article:

Citizen Lab called the new exploit chain "FORCEDENTRY." It's also a zero-click exploit, meaning that it can be used to trigger an infection simply by sending a malicious message to the target, even without having to click a link or view the message in question

38 Million Records Exposed from Microsoft Power Apps of Dozens of Organisations

No system is safe.

Excerpt from the article:

The types of data varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants, employee IDs, and millions of names and email addresses

OpenSSL Vulnerability Can Be Exploited to Change Application Data

When I read that title, I only taught of one thing; Not good.

Excerpt from the article:

Think of any kind of data that an application might hold in memory (e.g. financials, credentials, etc), and then think what might happen if an attacker could change it

"Sophisticated" Cyber-Attack Compromises Patient Data at Private Health Clinic

The title says it all.

Excerpt from the article:

In a press release, Eye & Retina Surgeons revealed the attack took place on 6 August, compromising sensitive data including patients' names, addresses, ID card numbers, contact details and clinical information. However, no credit card or bank account details were accessed or compromised in the incident

Vulnerabilities Allow Hackers to Tamper With Doses Delivered by Medical Infusion Pumps

This is scary.

Excerpt from the article:

These critical vulnerabilities could allow an attacker to conduct remote network attacks and modify the amount of medication a patient will receive through infusion. This modification could appear as a device malfunction and be noticed only after a substantial amount of drug has been dispensed to a patient

Support me

Now, you can support what I do by buying me a coffee. It'll mean a lot to me.

Buy Me A Coffee

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, I'll see you next Friday.

Top comments (0)