DEV Community

Cover image for Security news weekly round-up - 2nd February 2024
Habdul Hazeez
Habdul Hazeez

Posted on

Security news weekly round-up - 2nd February 2024

Introduction

Hello there 👋. This week's review is about artificial intelligence, malware, and security architecture. Let's get started


ChatGPT Violated European Privacy Laws, Italy Tells Chatbot Maker OpenAI

It might not come as a surprise to some. Once upon a time, Italy issued a temporary ban on ChatGPT, and now, this.

A quick look at what the article entails:

Based on the results of its “fact-finding activity,” the watchdog said it “concluded that the available evidence pointed to the existence of breaches of the provisions” in the EU privacy rules.

OpenAI has 30 days to reply to the allegations.

Hackers push USB malware payloads via news, media hosting sites

The first thing that I mumbled to myself after reading the article's title is: wow 😲. Then I read the article, and I was a bit surprised at how legitimate websites were used by the hackers. This shows how creative we are, but in this case, not for good.

Here is what I am talking about:

The attackers hide these payloads in plain sight, placing them in forum user profiles on tech news sites or video descriptions on media hosting platforms.

These payloads pose no risks to users visiting these web pages, as they are simply text strings. However, when integrated into the campaign's attack chain, they are pivotal in downloading and executing malware in attacks.

GNU C Library Vulnerability Leads to Full Root Access

First, it's documented that it cannot be triggered remotely. Second, they have fixed it in glibc 2.3.8. Nonetheless, if you are still doubting if the update is worth it, read the excerpt below.

...the severity of the bug should not be underestimated, as it could provide an attacker with full root access through crafted inputs to applications that employ the syslog() and vsyslog() logging functions

CISA warns of patched iPhone kernel bug now exploited in attacks

I don't know what to say about this issue. However, I remember one thing, and that is: No System is Safe. Still, it's worth knowing that your favorite device could be vulnerable.

Here is more for you:

Tracked as CVE-2022-48618 and discovered by Apple's security researchers, the bug was only disclosed on January 9th in an update to a security advisory published in December 2022.

The company has yet to reveal if the vulnerability was also silently patched more than two years ago when the advisory was first issued.

Cloudflare hacked using auth tokens stolen in Okta attack

Sometimes, your system might be considered "safe". However, the dependencies might make it vulnerable. Such is the case in this situation.

Here is why:

To access its systems, the attackers used one access token and three service account credentials stolen during a previous compromise linked to Okta's breach from October 2023 that Cloudflare failed to rotate

Cloudflare detected the malicious activity on November 23, severed the hacker's access in the morning of November 24, and its cybersecurity forensics specialists began investigating the incident three days later, on November 26.

At Least 30 Journalists, Lawyers and Activists Hacked With Pegasus in Jordan, Forensic Probe Finds

If you have not heard of Pegasus before today, read this article from Norton of what Pegasus is, or this article from Avast.

Now, here is a brief from the article:

Citizen Lab confirmed all but five of the infections, with 21 victims asking to remain anonymous, citing the risk of reprisal. The rest were identified by Human Rights Watch, Amnesty International’s Security Lab, and the Organized Crime and Corruption Reporting Project.

More Android apps riddled with malware spotted on Google Play

Stay calm. At the time of writing, Google has pulled them from the Play Store. However, the scary part of the article was that the malicious applications were on the Play Store for two years, five months, and nine days. And it gets scarier; they are still available on third-party app stores.

Here is more from the article:

The malicious apps, which have now been removed from Google Play but remain available on third-party app stores, are disguised as messaging or news apps.

Those installing the apps became infected with VajraSpy, allowing the malware to steal personal data, including contacts and messages, and depending on the granted permissions, even to record their phone calls.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, and I'll see you next time.

Top comments (0)