Cookie Consent by Free Privacy Policy Generator 📌 Security news weekly round-up - 14th June 2024


✅ Security news weekly round-up - 14th June 2024


💡 Newskategorie: Programmierung
🔗 Quelle: dev.to

Introduction

Hello, and welcome to our security news weekly review here on DEV. In this edition, it's 80% of the articles are about malware, and 20% are about vulnerability.

So, everyone, let's get started.

Malicious VSCode extensions with millions of installs discovered

As a developer, this can be tough to handle because you have many things to worry about when coding than an extension which could be malicious. Nonetheless, you should know this exists and hope Microsoft puts in more strict policies about the extensions that find their way to the VSC Marketplace. My advice: install only the necessary extensions that you need in VSCode.

The following is an excerpt from the article:

VSCode extensions are an abused and exposed attack vertical, with zero visibility, high impact, and high risk. This issue poses a direct threat to organizations and deserves the security community’s attention.

More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack

Irrespective of your job, don't think "Who will target me, I mean, I don't offer any value". No, no, no, don't think that. As detailed in the article, the would-be victim was a recruiter, but the attack was not successful. What's more, beware of using pirated software because it could be a lure to get something dangerous on your computer system.

Read the following excerpt and take time to read the full article linked above:

More_eggs campaigns are still active and their operators continue to use social engineering tactics such as posing to be job applicants who are looking to apply for a particular role and luring victims (specifically recruiters) to download their malware

Phishing emails abuse Windows search protocol to push malicious scripts

This is a dangerous combination. Phishing plus legitimate Windows feature, and finally, a malicious script. We might as well refer to this as a nightmare. Armed with this knowledge, be wary of downloading HTML attachments in your email.

What's more, here is an excerpt from the article:

The recent attacks described in the Trustwave report start with a malicious email carrying an HTML attachment disguised as an invoice document placed within a small ZIP archive. The ZIP helps evade security/AV scanners that may not parse archives for malicious content.

The HTML file uses the <meta http-equiv= "refresh"> tag to cause the browser to automatically open a malicious URL when the HTML document is opened.

New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems

It's scary when malware is cross-platform, especially targeting two popular operating systems used by millions of people. The excerpt below is a quick overview of how the malware works.

The Windows version of Noodle RAT, an in-memory modular backdoor, has been put to use by hacking crews like Iron Tiger and Calypso. Launched via a loader due to its shellcode foundations, it supports commands to download/upload files, run additional types of malware, function as a TCP proxy, and even delete itself.

Ransomware attackers quickly weaponize PHP vulnerability with 9.8 severity rating

The bug was first reported on June 7, 2024. Now, a week later, some have been victims of threat actors taking advantage of the vulnerability. I'll encourage you to read the article, starting with the excerpt below. It briefly explains how the bug works.

CVE-2024-4577 affects PHP only when it runs in a mode known as CGI, in which a web server parses HTTP requests and passes them to a PHP script for processing. Even when PHP isn’t set to CGI mode, however, the vulnerability may still be exploitable when PHP executables such as php.exe and php-cgi.exe are in directories that are accessible by the web server.

Credits

Cover photo by Debby Hudson on Unsplash.

That's it for this week, and I'll see you next time.

...

✅ Security news weekly round-up - 7th June 2024


📈 37.98 Punkte

✅ Security news weekly round-up - 21st June 2024


📈 37.98 Punkte

✅ Security news weekly round-up - 28th June 2024


📈 37.98 Punkte

✅ Security news weekly round-up - 5th April 2024


📈 28.95 Punkte

✅ Security news weekly round-up - 12th April 2024


📈 28.95 Punkte

✅ Security news weekly round-up - 19th April 2024


📈 28.95 Punkte

✅ Security news weekly round-up - 26th April 2024


📈 28.95 Punkte

✅ Security news weekly round-up - 3rd May 2024


📈 28.95 Punkte

✅ Security news weekly round-up - 10 May 2024


📈 28.95 Punkte

✅ Security news weekly round-up - 17 May 2024


📈 28.95 Punkte

✅ Security news weekly round-up - 24 May 2024


📈 28.95 Punkte

✅ Security news weekly round-up - 31 May 2024


📈 28.95 Punkte

✅ Security news weekly round-up - 5th July 2024


📈 28.95 Punkte

✅ Security news weekly round-up - 12th July 2024


📈 28.95 Punkte

✅ Security news weekly round-up - 19th July 2024


📈 28.95 Punkte

✅ Build beautifully for Android Wear’s Round Screen using API 23’s -round identifier


📈 23.17 Punkte

✅ Space Photos of the Week: A Pulsar Spins Right Round, Baby, Right Round


📈 23.17 Punkte

✅ Build beautifully for Android Wear’s Round Screen using API 23’s -round identifier


📈 23.17 Punkte

✅ Space Photos of the Week: A Pulsar Spins Right Round, Baby, Right Round


📈 23.17 Punkte

✅ Pandas round() Method – How To Round a Float in Pandas


📈 23.17 Punkte

✅ Application News – Application Security Weekly #58 Application Security Weekly #58


📈 22.71 Punkte

✅ Application News – Application Security Weekly #58 Application Security Weekly #58


📈 22.71 Punkte

✅ 2024 AI Trends | June 2024 | IDZ News | Intel Software


📈 21.05 Punkte

✅ Mobile NixOS June 2020 round-up


📈 20.62 Punkte

✅ Google Releases June Android Security Update (June 6, 2016)


📈 19.78 Punkte

✅ Google Releases June Android Security Update (June 6, 2016)


📈 19.78 Punkte

✅ Digest of Recent Articles on Just Security (June 3-June 7)


📈 19.78 Punkte

✅ Digest of Recent Articles on Just Security (June 10-June 14)


📈 19.78 Punkte

✅ Digest of Recent Articles on Just Security (June 17-June 21)


📈 19.78 Punkte

✅ Digest of Recent Articles on Just Security (June 24-June 28)


📈 19.78 Punkte

✅ AIM Weekly 03 June 2024


📈 19.53 Punkte

✅ Patchstack's Weekly WordPress Vulnerability Overview - May 29 to June 04 2024


📈 19.53 Punkte

✅ [$] LWN.net Weekly Edition for June 6, 2024


📈 19.53 Punkte

✅ Weekly Updates - June 7, 2024


📈 19.53 Punkte

✅ Weekly AI Webinars Alert (June 10-16, 2024): LLMs, RAG, Web Apps, AWS, GPT-4o, and many more…


📈 19.53 Punkte











matomo

Datei nicht gefunden!