Threats are everywhere. The question is: Who is searching for them? Malicious actors wanting to exploit them? Or security researchers who want to prevent or mitigate the risks that they pose to organizations and users? This is the theme of this week's review—whoever discovers a threat has the power of good or evil.
The hidden risks of browser extensions – and how to stay safe
Not everything that's shining needs to be added to your web browser no matter the functionality that it might promise. Sometimes—for those who know—the risk is not worth it. This applies to browser extensions.
The authors of these extensions can advertise some eye-catching functionalities that might convince you to install their extensions. However, when these extensions require permissions that can compromise your data, think again before adding them to your web browser.
A lesson from the article:
Think carefully about the value or convenience that an extension provides versus the potential risk. Ultimately, the goal is to make informed choices about the add-ons you allow into your digital space. Be sure to source your browser extensions and, indeed, all other software from reliable providers.
In search of riches, hackers plant 4G-enabled Raspberry Pi in bank network
The attackers tried. Meanwhile, it appears that they were not successful. Also, this shows the extent some are willing to go to acquire illegal riches.
From the article:
The group behind the attack is tracked in the industry under the name UNC2891. The financially motivated threat group has been active since at least 2017 in targeting the infrastructures of banks. It has earned a well-deserved reputation for proficiency in its use of custom malware in attacks targeting Linux, Unix, and Oracle Solaris systems.
To maintain persistence, UNC2891 also compromised a mail server because it had constant Internet connectivity. The Raspberry Pi and the mail server backdoor would then communicate by using the bank’s monitoring server as an intermediary.
Scammers Unleash Flood of Slick Online Gaming Sites
Looks like an odd Pig Butchering campaign, but the threat is real. Also, a big credit to who appears to have started the investigation leading to the coverage by Brian Krebs.
From the article:
The gaming sites all require users to create a free account to claim their $2,500 credit, which they can use to play any number of extremely polished video games that ask users to bet on each action.
The financial part of this scam begins when users try to cash out any “winnings.” At that point, the gaming site will reject the request and prompt the user to make a “verification deposit” of cryptocurrency — typically around $100 — before any money can be distributed.
Those who deposit cryptocurrency funds are soon asked for additional payments.
Flaw in Gemini CLI coding tool could allow hackers to run nasty commands
At the time of writing, you should update to version 0.1.14 of the Gemini CLI, or remain vulnerable. Now, what happened? The excerpt below is what the research said about the vulnerability.
Tracebit founder and CTO Sam Cox said in an email that he limited the severity of the command he chose to have silently executed strictly for demonstration purposes, since its output was concise enough to fit on a few lines. He said that his exploit made it possible to execute virtually any command, even irreversible and highly destructive ones like
rm -rf /or:(){ :|:& };:sometimes used in sabotage attacks by malicious insiders.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (1)
nice!