DEV Community

Cover image for Security news weekly round-up - 5th April 2024
Habdul Hazeez
Habdul Hazeez

Posted on

Security news weekly round-up - 5th April 2024

Introduction

This week's review is about malware, vulnerabilities, data protection, and network security.


Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware

You rarely see malware targeting the macOS, but it's not impossible and this article is another proof that's the case. So, be careful!

Attacks leveraging this malware are said to have approached victims under the pretext of discussing job opportunities and interviewing them for a podcast, subsequently asking them to download an app from meethub[.]gg to join a video conference provided in the meeting invites.

What we know about the xz Utils backdoor that almost infected the world

This is a follow-up article for this article, and it details how a backdoor almost found it's way into major Linux distributions. Based on Bruce Schneier, he said "we got really, really lucky". Finally, Bleeping Computer has an article about a scanner that can detect the backdoor

Here is a quick excerpt from the article:

Malicious code added to xz Utils versions 5.6.0 and 5.6.1 modified the way the software functions. The backdoor manipulated sshd, the executable file used to make remote SSH connections. Anyone in possession of a predetermined encryption key could stash any code of their choice in an SSH login certificate, upload it, and execute it on the backdoored device.

Chrome to Fight Cookie Theft With Device Bound Session Credentials

When I read this article's title, I thought: it's been a long time coming. Gladly, it's almost here, and you can also call it DBSC.

Here is a quick summary of how the technology will work:

With DBSC, the session between the server and the browser is associated with a pair of public and private keys that are stored safely on the device. Throughout the session’s lifetime, the server periodically checks for the private key, to ensure it is still on the same device.

Security Flaw in WP-Members Plugin Leads to Script Injection

Your application might be secure. However, a lone dependency might throw the security out the window. And this is one classical example.

Here is why:

The bug, tracked as CVE-2024-1852, is the result of insufficient input sanitization and output escaping, allowing an attacker to create accounts that have a malicious script stored as the value of the user’s IP address.

Malware hiding in pictures? More likely than you think

You might think that it's impossible, but it's not. The trick behind this? Steganography.

The following is a quick one from the article:

ESET Research spotted this technique being used by the Worok cyberespionage group, who hid malicious code in image files, only taking specific pixel information from them to extract a payload to execute.

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites

This is similar to the previous WordPress-related article, but this might be worse based on the installation numbers of the plugin.

Here is what's going on:

According to Defiant’s Wordfence team, due to β€œinsufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query,” an unauthenticated attacker can append SQL queries to existing queries and extract information such as password hashes.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, and I'll see you next time.

Top comments (0)