Introduction
Hello everyone, and welcome to this week's edition of our security news weekly round-up. Today the articles that we'll review span across different subfields of cyber security.
These fields include the following:
- Zero-day vulnerability
- Malware distribution network
- Abuse of cloud services
- Private key mismanagement
- Data breach (of a spyware vendor)
Let's begin.
Telegram zero-day allowed sending malicious Android APKs as videos
The zero-day vulnerability affects Telegram version 10.14.4 and lower. So, if you have this version, update it as soon as possible. The vulnerability works in a way that the attacker sends a malicious Android APK file disguised as a video file. Clicking on this "video" file and following the prompts from your phone can lead to the installation of the malicious file.
The following excerpt shows the origin of the zero-day, and you can read the linked article above for more details:
A threat actor named 'Ancryno' first began selling the Telegram zero-day exploit on June 6, 2024, in a post on the Russian-speaking XSS hacking forum, stating the flaw existed in Telegram v10.14.4 and older.
Network of 3,000 GitHub Accounts Used for Malware Distribution
This is as crafty as it gets. The threat actors in question created a system that's difficult to take down. You need to read the article to get the full picture of what I am talking about. You'll be impressed (but not with a good feeling).
The following excerpt should get you started:
By distributing responsibilities across multiple accounts, the network ensures flexibility in replacing its compromised components. This minimizes disruption to their operations, allowing them to swiftly adapt and continue their malicious activities on GitHub
PINEAPPLE and FLUXROOT Hacker Groups Abuse Google Cloud for Credential Phishing
It's another day for us to learn how threat actors are abusing legitimate (cloud) services for their malicious purposes. Based on the report the threat actors are operating out of Latin America.
In the excerpt below, you can conclude that this type of thing might not stop anytime soon:
The weaponization of cloud services and infrastructure by threat actors – ranging from illicit cryptocurrency mining as a consequence of weak configurations to ransomware – has been fueled by the enhanced adoption of cloud across industries.
Secure Boot is completely broken on 200+ models from 5 big device makers
This is the case of "it should have been secured at all costs". Unfortunately, it was not. Therefore, it found its way to a public GitHub repository before it was taken down at an unknown date. What am I talking about specifically?
The following excerpt briefly explains what I am talking about:
The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it.
Data breach exposes US spyware maker behind Windows, Mac, Android and Chromebook malware
Last week we covered an article about a spyware vendor, and now we have another one. They just won't go away, would they? Just like last week's article, this vendor was also, wait for it, hacked.
The excerpt below is a quick brief from the article:
The breached data, seen by TechCrunch, contains logs of all the devices under Spytech’s control, including records of each device’s activity. Most of the devices compromised by the spyware are Windows PCs, and to a lesser degree Android devices, Macs and Chromebooks.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)