Vulnerability and malware are the topics that dominate our review for this week. It's not good news that we will mostly talk about two topics. Mind you, these two, in the wrong hands, can wreak havoc on users around the world. Do you remember WannaCry?
Let's begin our review.
Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites
You might think: I don't use WordPress, why should I care? Well, you should care because you never know where you'll find yourself in the future, or what you'll be doing.
Here is what happened:
someone last year bought Essential Plugin and the backdoor was soon added to the plug-ins’ source code. The backdoor sat dormant until earlier this month when it activated and began distributing malicious code to any website with the plug-ins installed.
Plug-ins allow owners of WordPress-based websites to extend the site’s functionality, but in doing so grant the plug-ins access to their installations, which can open these websites to malicious extensions and potential compromise.
100 Chrome Extensions Steal User Data, Create Backdoor
I always think twice before installing a web browser extension. If you think that I am paranoid, this article should change your mind.
From the article:
The 108 extensions are published across several product categories: Telegram sidebar clients, slot machine and Keno games, YouTube and TikTok enhancers, a text translation tool, and page utility extensions. Each targets a different type of user, but all share the same backend.
The extensions provide the expected functionality to avoid raising suspicion, but malicious code running in the background connects to the threat actor’s C&C to perform the nefarious activities.
Signed software abused to deploy antivirus-killing scripts
Talk about "legend" in a negative way. This article should have your vote on that. I mean: what? Who would even think about this? I mean, read the excerpt below.
The ClockRemoval.ps1 script also executes a routine when the system boots, at logon, and every 30 minutes, to make sure that AV products are no longer present on the system by stopping services, killing processes, deleting installation directories and registry entries, silently running vendors' uninstallers, and forcefully deleting files when uninstallers fail.
It also ensures that the security products cannot be reinstalled or updated by blocking the vendor's domains through modifying the hosts file and null-routing them (redirecting to 0.0.0.0).
That data breach alert might be a trap
The article is not trying to tell you to ignore a data breach alert. They are raising your awareness that not all "data breaches" are worth reacting to. That's because, some alerts could be part of a social engineering attack.
If you are still wondering what that means, the following should make things clear:
To be clear: real breaches happen every day, and ignoring a legitimate notice could be as dangerous as clicking a fake one. The goal is to stop reacting on autopilot and being able to tell a genuine alert from a fake one. Take a minute to familiarize yourself with data breach-themed scams, and you’ll be better prepared the next time one lands in your inbox.
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
This is my first time reading about a zero in Microsoft Defender. To complicate issues, it could have been avoided, i.e., the disclosure of the zero-day. Based on the researcher who released the Proof of Concept (PoC) code, he released the code due to the way MSFT handled the vulnerability disclosure process. Do you smell frustration?
From the article:
The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and UnDefend, all of which were released as zero-days
While both BlueHammer and RedSun are local privilege escalation (LPE) flaws impacting Microsoft Defender, UnDefend can be used to trigger a denial-of-service (DoS) condition and effectively block definition updates.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)