Security news weekly round-up - 23rd July 2021

We've been at this for 9 weeks in a row, on track to beat the previous record of 14 weeks in a row which was set between May 15, 2020, and August 14, 2020.

Can we do this? Yes! we can.

Introduction

Hello, and welcome to this week's security round-up. As always, I am your host Habdul Hazeez.

In this week's review, we have bugs everywhere.

Let's begin.

CloudFlare CDNJS Bug Could Have Led to Widespread Supply-Chain Attacks

CloudFlare is a popular name in the security world and among developers. Its CDNJS is used to serve JavaScript and CSS libraries and it's used by 12.7% of all websites on the internet.

The bug can lead to a complete server takeover.

Excerpt from the article:

Specifically, the vulnerability works by publishing packages to Cloudflare's CDNJS using GitHub and npm, using it to trigger a path traversal vulnerability, and ultimately trick the server into executing arbitrary code, thus achieving remote code execution.

16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers

Bugs can lie dormant for decades until finds they intentionally or by accident.

Excerpt from the article:

Tracked as CVE-2021-3438 (CVSS score: 8.8), the issue concerns a buffer overflow in a print driver installer package named "SSPORT.SYS" that can enable remote privilege and arbitrary code execution.

This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection

Talk about smart. This is smart.

Excerpt from the article:

Upon successful infection, the initial Delphi-based dropper — which masquerades as a software installer — acts as an entry point to fetch next-stage payloads from a remote server and also add local exclusions in Windows Defender for the two downloaded executables in an attempt to thwart antivirus scanning

Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling

The title says it all.

Excerpt from the article:

The world woke up on Tuesday to two new vulnerabilities—one in Windows and the other in Linux—that allow hackers with a toehold in a vulnerable system to bypass OS security restrictions and access sensitive resources.

XLoader malware steals logins from macOS and Windows systems

Tell me something that I don't know.

Excerpt from the article:

XLoader is currently being offered on an underground forum as a botnet loader service that can “recover” passwords from web browsers and some email clients (Chrome, Firefox, Opera, Edge, IE, Outlook, Thunderbird, Foxmail).

Popular Wi‑Fi routers still using default passwords making them susceptible to attacks

Kindly change to router password.

Excerpt from the article:

These routers, which number in the tens of thousands, can be remotely found and attacked using publicly available passwords, granting malicious hackers access to the victim’s home network

Fake Windows 11 installers now used to infect you with malware

Stay safe, be careful of what you download.

Excerpt from the article:

Although Microsoft has made the process of downloading and installing Windows 11 from its official website fairly straightforward, many still visit other sources to download the software, which often contains unadvertised goodies from cybercriminals (and isn’t necessarily Windows 11 at all)

Credits

Cover photo by Debby Hudson on Unsplash.

That's it for this week, I'll see you next Friday.