DEV Community

Cover image for Security news weekly round-up - 8th November 2024
Habdul Hazeez
Habdul Hazeez

Posted on

Security news weekly round-up - 8th November 2024

Introduction

Cybersecurity knowledge is a must for any internet user, no matter how little. If there is anything that you should have learned from this series, that should be it. Okay, today, as always, we'll review articles that are worthy of your time.

From zero-day to malware, like always, the articles all fall under the topics that we have covered in the 4+ years of this review.

Be comfortable, and let's begin.


Autonomous Discovery of Critical Zero-Days

It's an interesting research and it shows the good side of artificial intelligence. In essence, the core of the research is vulnerability discovery using their methodology. At the time of writing, they could not list some of the zero-days because they are yet to be fixed.

The following is the TL;DR of the research from the article:

Most of these bugs are simple and could have been found with a code review from a security researcher or, in some cases, scanners.

The historical issue, however, with automating the discovery of these bugs is that traditional SAST tools rely on pattern matching and predefined rules, and miss complex vulnerabilities that do not fit known patterns.

The biggest underestimated security threat of today? Advanced persistent teenagers

When I think of APT in a cybersecurity context, the first thing that comes to my mind is Advanced Persistent Threats like APT29. I would never have taught of Advanced Persistent Teenagers. Like never. And one of their motivation is boredom. Someone needs to start interacting with people and putting their skills to good use!

Here is more from the article:

These are skilled, financially motivated hackers, like Lapsus$ and Scattered Spider, which have proven capable of digitally breaking into hotel chains, casinos, and technology giants.

By using tactics that rely on credible email lures and convincing phone calls posing as a company’s help desk, these hackers can trick unsuspecting employees into giving up their corporate passwords or network access.

Thousands of hacked TP-Link routers used in yearslong account takeover attacks

When I read this article, I thought: how many of the router owners know that their devices have been hacked? And now, it's in the thousands! The goal of the hacking is to compromise credentials. And in one case, the attackers were using the credentials on the same day that they got it. To complicate issues, at the time of writing, it's still not clear how the routers are hacked.

The following contains the name of the group behind this, their targets, and what happens when they compromise a target.

One of the threat groups Microsoft named using the botnet is tracked under the name Storm-0940. The group regularly targets think tanks, government organizations, non-governmental organizations, law firms, defense industrial bases, and others in North America and Europe.

Once the targeted Azure accounts are compromised, the threat actors attempt to move laterally to other parts of the infected network. The threat actors also attempt to exfiltrate data and install remote-access trojans.

Google's AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine

It's no surprise that AI can do this even though it's barely 2 years since they came to the limelight with the release of ChatGPT. Still, this is impressive. And, the AI found the zero-day on a development branch before it made its way into production. However, they have stated that it's still experimental.

The following details the zero-day that the AI found:

The vulnerability in question is a stack buffer underflow in SQLite, which occurs when a piece of software references a memory location prior to the beginning of the memory buffer, thereby resulting in a crash or arbitrary code execution.

This typically occurs when a pointer or its index is decremented to a position before the buffer, when pointer arithmetic results in a position before the beginning of the valid memory location, or when a negative index is used.

DocuSign Abused to Deliver Fake Invoices

Another case of cybercriminals using legitimate services for malicious purposes. And as always, it's motivated by money.

Here is how they are carrying out the attack:

the miscreants create a template that mimics the requests to e-sign documents from well-known brands, such as software companies, and send these to the unsuspecting victims.

The messages may come in the form of fake invoices containing pricing information or direct wire instructions. The invoices typically follow a pattern of requesting signatures that would authorize payment directly into the attackers’ accounts.

Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps

Don't be a game while playing the game! Stay safe by downloading game installers from official sources.

Here is how the malware works:

Fortinet's latest analysis shows that users who end up running the malicious game-related applications trigger a multi-stage infection process that begins with retrieving a fake BMP file from a remote server ("ad59t82g[.]com") that's then decoded into a dynamic-link library (DLL).

The DLL file takes care setting up the execution environment by downloading three files from the same server: t3d.tmp, t4d.tmp, and t5d.tmp, the first two of which are subsequently unpacked to obtain the next set of payloads comprising an executable ("u72kOdQ.exe") and three DLL files, including "libcef.dll."

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, and I'll see you next time.

Top comments (0)