Security news weekly round-up - 5th July 2024

Habdul Hazeez - Jul 5 - - Dev Community

Introduction

Hello everyone, welcome to this edition of our security news weekly round-up here on DEV. As you prepare for the weekend (or if you've passed that, depending on your time zone), we'll review some security news that should know about.

In summary, the articles that we'll cover are about the following:

  • Scams on Social Media
  • Spyware
  • Application Security
  • System Breach

Hijacked: How hacked YouTube channels spread scams and malware

It's not news and it's also news. I am saying this because the core behind these account takeovers is when you fall victim to phishing attacks. In some cases, these might render your two-factor authentication useless. Nonetheless, we all need reminders and education about these types of attacks.

What's more, we should educate others not to click on links in the video description of a video that's offering a paid application for "free". Stay safe and read the article. The following excerpt should get you started.

...it all starts with good ol’ phishing. Attackers create fake websites and send emails that look like they are from YouTube or Google and attempt to trick the targets into surrendering their “keys to the kingdom”

CapraRAT Spyware Disguised as Popular Apps Threatens Android Users

Being alert of typosquatting can potentially save you from this malware because one of the applications that contains the malware is called TikToks. If you want to know what I mean, read the last word of the previous sentence carefully. Did you spot it? 😊

The article is quite detailed on the attack. Meanwhile, I will launch you on your reading journey using the excerpt below.

The campaign, dubbed CapraTube, was first outlined by the cybersecurity company in September 2023, with the hacking crew employing weaponized Android apps impersonating legitimate apps like YouTube to deliver a spyware called CapraRAT, a modified version of AndroRAT with capabilities to capture a wide range of sensitive data.

3 million iOS and macOS apps were exposed to potent supply-chain attacks

They have patched the flaw. However it begs the question, is any system safe? Or they are just waiting to be exploited by anyone who knows where to look and how to look? To make it more thought-provoking, they are three vulnerabilities. Do you want more mind-blowing facts? It all dates back to 2014.

Take your reading inspiration from the following excerpt, then read the entire article. You'll learn something new.

The three vulnerabilities EVA discovered stem from an insecure verification email mechanism used to authenticate developers of individual pods. The developer entered the email address associated with their pod. The trunk server responded by sending a link to the address. When a person clicked on the link, they gained access to the account.

Hacker Stole Secrets From OpenAI

I'll guess that when you think of OpenAI, your subconscious will also mention ChatGPT 😊. Based on the article, nothing that sensitive was taken. Therefore, OpenAI did not report to an agency like the FBI. This article made the final edit before publishing because ChatGPT is that popular and you deserve to know when stuff like this happens to the maker, OpenAI.

Here is an excerpt from the linked article above:

After the breach, Leopold Aschenbrenner, an OpenAI technical program manager, focused on ensuring that future A.I. technologies do not cause serious harm, sent a memo to OpenAI’s board of directors, arguing that the company was not doing enough to prevent the Chinese government and other foreign adversaries from stealing its secrets.

Credits

Cover photo by Debby Hudson on Unsplash.

That's it for this week, and I'll see you next time.

Image
Enhancing User Experience: The Power of ChatGPT Voice Assistant Technology

ai, chatgpt, voicebot, voiceui
Image
Building a Quiz Application with React

react, css, javascript, quizwebsite
Image
Here are 10 key points about SakshCart, the comprehensive Node.js shopping cart solution:
Image
Facade Pattern
Image
Centralize API calls in Web Application - A must-have guide
Image
Install Docker on Mageia 9

linux, docker, mageia, development
Image
Spring Framework: A Beginner's Guide to the Ultimate Java Framework 🚀
Image
Object-Oriented Programming (OOP) in Python: Classes and Objects Explained

python, oop
Image
Why PHP 8 Has High Performance
Image
{useState} HooK { Briefly Explained};
Image
WebAssembly: The Future of Web Performance?
Image
MUI TextField: Build Variants, Colors & Styles

webdev, javascript, programming, tutorial
Image
Simplest Way to Set Up the Drogon C++ Framework
Image
Number of Substrings Containing All Three Characters
Image
Git Branching
Image
Why You Need Distributed Computing for Real-World Machine Learning
Image
Fruits in Baskets
Image
Max consecutive one's III

leetcode, dsa, slidingwindow, twopointer
Image
My First Project using Golang
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Terabox Video Player