No system is safe. That's the theme of today's edition of our security review here on DEV. We all hope for a perfect system, with no flaws whatsoever. But, it's impossible. As long as humans design stuff, errors will creep in, waiting to be discovered by cyberdefenders or cybercriminals.
I came to this conclusion while analyzing the articles that we'll review today. They span many domains; even those that you might think: this is none of my business. Reality is, it is. From malware, application and business security, and vulnerabilities, it can affect us directly or indirectly.
Casio Website Infected With Skimmer
You think Casio, you might think calculators. I wouldn't blame you. Yet might think, what do I have to do with this? Well, skimmers. That's what concerns you and me. Here, it's, on Casio's website. It could be any website that accepts payments from users.
Also, in Casio's case, it's reported that the skimmer was active for 10 days on their website. Now, it begs the question: How many users have had their card details compromised? Time will tell.
From the article:
The attack flow relied on the victim adding items to the cart and then proceeding to checkout. If the user clicked on ‘buy now’ instead, the fake form was not displayed.
According to Jscrambler, the skimmer attack on Casio UK was possible because the website had a content security policy set to report-only, meaning that the events were only logged in the browser console, failing to prevent the attack.
Vulnerability Patched in Android Possibly Exploited by Forensic Tools
If true, it's like cyber defenders seeing a hole in an application. However, instead of reporting it for it to be patched, they bake a feature into their software to take advantage of it. I would have used exploited it, but I felt that would be cruel (if you read the article, you might think otherwise).
From the article:
The exploited vulnerability, tracked as CVE-2024-53104 (CVSS score of 7.8), is a high-severity out-of-bounds write bug that could be exploited to elevate privileges on a vulnerable Android device.
CVE-2024-53104 was introduced in 2008, in Linux kernel version 2.6.26, and was resolved in December 2024. Now, Google is rolling out fixes for it to Android users, warning that threat actors are exploiting it.
Abandoned Amazon S3 Buckets Could Have Enabled Attacks Against Governments, Big Firms
Based on the response of the Amazon spokesperson at the end of the article, I would say that it's a complicated issue. Without that response, I could have argued that if you want to clean up, clean up really good. Anyways, this article shows that systems with many dependencies increase the attack surface of an application.
From the article:
The abandoned S3 buckets received over eight million HTTP requests, including for software updates, VM images, JavaScript files, SSLVPN server configurations, CloudFormation templates, and pre-compiled binaries for Windows, Linux and macOS.
Had the 150 domains been registered by a malicious actor instead of the security firm, they could have been abused to deliver malicious software updates
Patch or perish: How organizations can master vulnerability management
I like the article's title because it creates a sense of urgency. Respect to the editor.
Now, back to the article. The lesson here is to prioritize vulnerability management. Organizations should not wait to be attacked before they respond. Being proactive can save face and money.
The following excerpt from the article should help cement my previous statement:
The truth is that there are simply too many CVEs published each month, across too many systems, for enterprise IT and security teams to patch them all. The focus should therefore be on prioritizing effectively according to risk appetite and severity.
How Agentic AI will be Weaponized for Social Engineering Attacks
For it was created by man to serve a good purpose. Those with malicious intent will gladly weaponize it to achieve their malicious objectives.
If found it difficult to extract an excerpt from the article. Meanwhile the following might suffice and it's only a tip of what the article contains (emphasis mine):
One of the key benefits of agentic AI is that it contains memory and therefore possesses the ability to learn and improvise. As the AI interacts with more victims over time, it gathers data on what types of messages or approaches work best for certain types of demographics. Thus, it adapts itself, refines its future phishing campaigns, making each subsequent attack more powerful, convincing, and effective.
Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking
I know this might be easier said than done. Anyway, I will say it.
Always download software updates for web browsers from official sources or via the built-in browser update mechanism.
The advantage of this approach? You're less likely to fall victim to this type of attack.
The following shows what the malware can siphon from your computer system if it infects you:
Compiled in Chinese and written in C++, ValleyRAT is a trojan that's designed to monitor screen content, log keystrokes, and establish persistence on the host. It's also capable of initiating communications with a remote server to await further instructions that allow it to enumerate processes, as well as download and execute arbitrary DLLs and binaries, among others.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)