Security news weekly round-up - 9th July 2021

7 weeks in a row! Let's go! 🤠

Introduction

Hello. Welcome to this week's security review. As usual, I am your host Habdul Hazeez.

My inbox is open if you'd like to send me a message here on DEV. If email is your thing, my email is ziizium @ protonmail.ch. You can also say hi on Twitter @ziizium.

In this week's review, most of what we'll discuss surrounds software bugs and malware relating to software from Microsoft, Apple, and Google.

Everyone, let's start.

Android Apps with 5.8 million Installs Caught Stealing Users' Facebook Passwords

The article's title did a pretty good job to let you know what it's all about.

Excerpt from article:

The offending apps masked their malicious intent by disguising as photo-editing, optimizer, fitness, and astrology programs, only to trick victims into logging into their Facebook accounts and hijack the entered credentials via a piece of JavaScript code received from an adversary-controlled server.

Microsoft Urges Azure Users to Update PowerShell to Patch RCE Flaw

Yet another story that the title sums it all up. The only word you might foreign is RCE.

RCE stands for Remote Code Execution. This article from N-ABLE explains RCE in detail.

Excerpt from the article:

A remote code execution vulnerability exists in .NET 5 and .NET Core due to how text encoding is performed," the company noted in an advisory published earlier this April, adding that the problem resides in the "System.Text.Encodings.Web" package, which provides types for encoding and escaping strings for use in JavaScript, HTML, and URLs.

Up to 1,500 businesses infected in one of the worst ransomware attacks ever

What should I say? It's really scary.

Excerpt from the article:

As many as 1,500 businesses around the world have been infected by highly destructive malware that first struck software maker Kaseya. In one of the worst ransom attacks ever, the malware, in turn, used that access to fell Kaseya’s customers.

Dozens of Vulnerable NuGet Packages Allow Attackers to Target .NET Platform

What is NuGet? The first excerpt answers this question.

NuGet is a Microsoft-supported mechanism for the .NET platform and functions as a package manager designed to enable developers to share reusable code. The framework maintains a central repository of over 264,000 unique packages that have collectively produced more than 109 billion package downloads.

Now, what went wrong?

Here you go:

An analysis of off-the-shelf packages hosted on the NuGet repository has revealed 51 unique software components to be vulnerable to actively exploited, high-severity vulnerabilities

Bandidos at large: A spying campaign in Latin America

The article's title says it all.

Excerpt from the article:

We also found that this campaign targeting Venezuela, despite being active since at least 2015, has somehow remained undocumented. Given the malware used and the targeted locale, we chose to name this campaign Bandidos.

Non-Malicious Android Crypto Mining Apps Scam Users at Scale

Do you want some money? Unknowingly, you might make money for others in the process.

Excerpt from the article:

The apps are hardly sophisticated -- but scams don't need to be sophisticated, they just need to work. These work. The Lookout researchers report that the apps have scammed more than 86,000 people, and have stolen at least $350,000.

Mac Malware Used in Attacks Targeting Industrial Organizations in Middle East

Yet again, the title says it all.

Excerpt from the article:

Dubbed WildPressure, the campaign started in May 2019 and for more than a year, it involved only a Windows version of a malware named Milum. Earlier this year, however, the campaign’s operators started using new versions of the Trojan, to target macOS systems as well.

Credits

Cover photo by Debby Hudson on Unsplash.

That's it for this week, I'll see you next Friday.