Introduction
We are here again for another review. Oh, my apologies; I forgot to welcome you. Now, let's fix that.
Hello everyone, welcome to this week's edition of our security review here on DEV. This week, it's everything cyber; I mean have articles about honeypots from Microsoft, Scam, research into cloud storage services, and malicious npm packages, just to name a few.
Let's break it all down, and let's find out what we have, shall we?
Microsoft creates fake Azure tenants to pull phishers into honeypots
Forgive me. I'll tag this as the cat and mouse race. It's not funny, and it could be. But, pardon my ignorance, it's the first time that I have learned of Microsoft creating honeypots meant for phishers. This approach, and based on the article, can allow Microsoft insights into the operations of the phishers.
Now, what can more Microsoft gain if the phishers fall for this? The excerpt below clears this up.
Once the attackers log into the fake tenants, which happens in 5% of the cases, it turns on detailed logging to track every action they take, thus learning the threat actors' tactics, techniques, and procedures.
Intelligence collected includes IP addresses, browsers, location, behavioral patterns, whether they use VPNs or VPSs, and what phishing kits they rely on.
Google Voice scams: What are they and how do I avoid them?
Well, here is how the scammers are trying to pull it off: They sign up for Google Voice and connect it to a Google account of their choice. Then they'll attempt to connect your number to that account. The catch? They'll need 2FA codes to get in. They don't have it, but you can get it if they try to link your number to their Google Voice account.
This, as documented in the article, can happen when they appear as paranoid buyers or sellers who are trying to be at "peace" that you are not fraud. Trust me, I am not kidding. So they need some kind of reassurance. The latter is the legitimate 2FA code that Google sends to your number when the attacker tries to link it to their Google Voice account. If you send it to them when you receive it, you are pwned.
Okay. That's almost the entire article summarized in two paragraphs. Wow, I am so good! And yes, there is no excerpt. Let's proceed.
Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers
There are mixed reactions from the affected cloud storage providers. Some offered reassurance that their users were not at risk, others admitted that they had fixed the issue, while others claimed that they were not affected by the attacks detailed by the researchers, and so on.
Nonetheless, here is what the researchers said about the attack:
Not all of our attacks are sophisticated in nature, which means that they are within reach of attackers who are not necessarily skilled in cryptography. Indeed, our attacks are highly practical and can be carried out without significant resources.
Over 6,000 WordPress sites hacked to install plugins pushing infostealers
WordPress. Its popularity makes it a constant target for cybercriminals. When I read the article's title, I was not surprised. How, do you know that you are affected? Read the excerpt below.
If you are a WordPress operator and are receiving reports of fake alerts being displayed to visitors, you should immediately examine the list of installed plugins, and remove any that you did not install yourself.
If you find unknown plugins, you should also immediately reset the passwords for any admin users to a unique password only used at your site.
Malicious npm Packages Target Developers' Ethereum Wallets with SSH Backdoor
The good news about the article is that the packages were removed from npm by the authors themselves. Seems it was more for testing purposes. Nonetheless, it shows you that you can inadvertently download a malicious package from npm. So, stay safe and watch out!
The following is how the attack worked, and you can read the article for more details:
What makes this attack a lot more sneaky is the fact that it requires the developer to actually use the package in their code β such as creating a new Wallet instance using the imported package β unlike typically observed cases where simply installing the package is enough to trigger the execution of the malware.
Researchers Reveal 'Deceptive Delight' Method to Jailbreak AI Models
I'll admit that this is complicated if you've not been following the AI world since the public birth of ChatGPT. For my non-technical readers, here is a simplified explanation: It's a way to make the AI generate harmful content that it should not do on a normal day.
For my technical readers, here is what's going on:
This method approach involves filtering and extracting key terms from the target, constructing contextual scenarios around these terms, dynamically integrating the target into the scenarios, replacing malicious key terms within the target, and thereby concealing the direct malicious intent.
Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices
I am not going to lie. What enticed me about the article is the word "control" in the title. I am like: control computers? This should be interesting. And I was not disappointed. They used a website and to say the least, the attack is crafty. But don't worry, Google patched the vulnerability in May 2024. Therefore, if you're using an updated version of Google Chrome, which I believe to be true, you should be fine. Or, you're not?
Here is what happened:
On the surface, this website resembled a professionally designed product page for a decentralized finance (DeFi) NFT-based (non-fungible token) multiplayer online battle arena (MOBA) tank game, inviting users to download a trial version.
But that was just a disguise. Under the hood, this website had a hidden script that ran in the user's Google Chrome browser, launching a zero-day exploit and giving the attackers complete control over the victim's PC.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)