We all want a safer internet. But that's not the case. However, we can do our best to stay safe while we explore the digital world that's almost inseparable from our daily lives. Welcome to another edition of our security review here on DEV, I am your host Habdul Hazeez.
The classes of threats that internet users face every day are, as always, what we'll cover in today's edition. At the forefront, we have phishing (leading to a malware delivery), vulnerabilities (in Git and Apple chips), exposed personal information (DeepSeek), outdated software (WordPress), and Artificial intelligence (malicious uses and LLM jailbreaking).
Hundreds of fake Reddit sites push Lumma Stealer malware
Watch out when you're on your favorite websites. It does not hurt to double-check the URL to confirm that you are not on a typosquatted domain. For example, what's the difference between https://google.com and https://gooogle.com? If you can spot the difference at first glance, you are battle-prepared for this type of attack.
Now, in this campaign, fake look-alike websites of Reddit are spreading Lumma Stealer. This is malware that can steal your login credentials that you have saved in your web browser, among other things. Moreover, the attack vector goes as follows:
- Would-be victim lands on a fake website using a typo squatted domain of a legitimate website
- They are tricked into clicking a link hosting the malware
- If they download the malware, they get infected with Lumma Stealer
You can read the article for more information.
Git Vulnerabilities Led to Credentials Exposure
I don't think perfectionism exists in software development. Well, if it does, we'll not have vulnerabilities, at all. But it doesn't, and here we are.
From the article's title, you can deduce that they have patched the vulnerability. But it's still driving the point home that: our favorite software can be vulnerable to attacks. This necessitates that we update our software when an update is available.
The article contains more information. Have fun reading.
Apple chips can be hacked to leak secrets from Gmail, iCloud, and more
First, it's a research scheduled for presentation at the USENIX Security Symposium and 2025 IEEE Symposium on Security and Privacy. Second, a spokesperson for Apple said they [Apple] do not believe that it poses a threat to their users.
I will be honest with you: it's a long and interesting read. If the excerpt below does not cut it for you, you can read the whole thing from the link above.
From the article:
The vulnerabilities, affecting the CPUs in later generations of Apple A- and M-series chip sets, open them to side channel attacks, a class of exploit that infers secrets by measuring manifestations such as timing, sound, and power consumption.
Both side channels are the result of the chips’ use of speculative execution, a performance optimization that improves speed by predicting the control flow the CPUs should take and following that path, rather than the instruction order in the program.
Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History
It's been a buzz in recent weeks, it shook the stock market and now, cybersecurity professionals are checking its security. This one, well, was disclosed responsibly to the security team at DeepSeek. Lucky them!
From the article:
This level of access posed a critical risk to DeepSeek’s own security and for its end-users. Not only an attacker could retrieve sensitive logs and actual plain-text chat messages, but they could also potentially exfiltrate plaintext passwords and local files along propriety information directly from the server using queries
Hackers are hijacking WordPress sites to push Windows and Mac malware
Based on the article, at the time of writing, the campaign is still "very much alive". Now, why WordPress? Well, it's popular and most use it to power their websites. This makes it a target for malicious people, aiming to cause havoc.
From the article:
The hackers’ goal is to spread malware capable of stealing passwords and other personal information from both Windows and Mac users. Some of the hacked websites are ranked among the most popular sites on the internet
Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations
If there is anything that you and I should take away from this article, it should be the following: be careful what you ask from an LLM like ChatGPT, Gemini, Claude, and the latest in town, DeepSeek. If it's something that you'd never ask a real person, don't ask the LLM. If it's something that you'll be ashamed to speak about publicly, don't ask the LLM.
From the article, we can learn the following:
- Tech companies evaluate how their users use the LLM
- They evaluate what they are doing (if they don't, articles like this will not surface)
You can do a comprehensive analysis by reading the article.
ChatGPT, DeepSeek Vulnerable to AI Jailbreaks
If you're new to AI Jailbreaks, it goes as follows: tricking the AI into generating malicious or illicit content despite preventive measures put in place by their owners.
What more can I add? Nothing. Or, wait. Yes, contrary to the article's title, it's not only ChatGPT and DeepSeek. Qwen AI model is also vulnerable to some jailbreaks.
From the article:
CERT/CC reported that researcher Dave Kuszmar has identified a ChatGPT-4o jailbreak vulnerability named Time Bandit, which involves asking the AI questions about a specific historical event, historical time period, or by instructing it to pretend that it’s assisting the user in a specific historical event.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)