Habdul HazeezIntroduction
Today's review is about malware and a vulnerability. Unlike previous editions, this one is short because we have just 3 articles. All are worthy of your reading time, and you can relate to them (like every article that we have ever covered in the years gone by).
With that out of the way, let's begin.
New Linux malware is controlled through emojis sent from Discord
Emojis? Who would have thought that? Well, here we are and this shows that humans are creative. But, in this case, not for a good reason. This malware is linked to a threat actor tracked under the alias UTA0137, and the article claims they this threat actor has espionage in mind.
The takeaway from this article is that threat actors are always finding a way to infect your computer system. What's more, the nature of this malware can allow it to bypass some security solutions as stated in the excerpt below.
The malware is similar to many other backdoors/botnets used in different attacks, allowing threat actors to execute commands, take screenshots, steal files, deploy additional payloads, and search for files.
However, its use of Discord and emojis as a command and control (C2) platform makes the malware stand out from others and could allow it to bypass security software that looks for text-based commands.
Fake Google Chrome errors trick you into running malicious PowerShell scripts
When it comes to internet security, the one thing that can stop some attacks is education and awareness. The latter and former can prevent this type of attack. So, be nice to your non-technical family and friends and let them know the difference between a legitimate browser update and a fake one.
To aid you in this, you can start with the following excerpt:
...the threat actors exploit their targets' lack of awareness about the risks of executing PowerShell commands on their systems.
They also take advantage of Windows' inability to detect and block the malicious actions initiated by the pasted code.
Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs
The good news about this vulnerability is that it's now patched. Nonetheless, it got me thinking of Meltdown and Spectre. Read the article and check if it affects you.
Here is an excerpt to get you started:
Tracked as CVE-2024-0762 (CVSS score: 7.5), the "UEFIcanhazbufferoverflow" vulnerability has been described as a case of a buffer overflow stemming from the use of an unsafe variable in the Trusted Platform Module (TPM) configuration that could result in the execution of malicious code.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
