When we think that we are safe, that's when we should be on the alert. Or, maybe, just check if you're truly safe. You never know, attackers may be lurking in your system, copying files as you read this, and waiting to detonate that ransomware followed by their demands.
We just need to be vigilant. If you design a system as "safe", have it at the back of your mind that someone can break it. It's not a matter of "if", it's "when". This mindset ensures that nothing catches you by surprise. And in the intense atmosphere where your company is responding to a cyber incident, your level of calmness will be unmatched. That's because you knew that days like this are inevitable.
I welcome you all to this week's edition of our security review here on DEV.
A new unpatchable flaw in Apple chips opens the door to an iPhone jailbreak
When I read "unpatchable flaw", I was muted.
Here is what's going on:
On Friday, Paradigm Shift, an offensive cybersecurity company based in Barcelona, published a blog post about the vulnerability, which it dubbed “usbliter8.” The company also published a proof of concept that shows how to exploit the vulnerability, which requires physical access to the target phone.
The flaw and related exploit affect iPhones that have Apple-made chips A12 and A13, which were released in 2018 and 2019, and are included in older iPhones such as the XS, XR and up to the iPhone 11.
WhatsApp phishing attack uses fake business docs to hack PCs
While reading the article, I thought to myself that no tech-savvy individual will fall for this attack. Because, who will read a file name that's supposed to be a document and ends with .vbs? Then I remembered not everyone knows this, and they can fall victim. Also, even if you're tech-savvy, a slight dip in attention, can actually cause you to fall victim.
Here is what's going on:
The threat actor is using file names that indicate business and financial documents delivered by the victim's contacts, whose accounts had been compromised.
These files are given names that make them appear to be financial reports, billing statements, account notices, and similar documents likely to draw the target’s attention and prompt them to open the file.
Phishing hides in routine Microsoft 365 workflows
Falling victim to a phishing attack where you least expect it, can haunt you for a very long time. I mean, you'll keep asking yourself: how did they do it? I did not click on any phishing link! Just how?
From the article:
The attack begins when a target is added to or invited into an attacker-controlled Microsoft 365 Group. The group’s name, description, or welcome message is designed to create urgency, often using themes such as payroll updates, contract renewals, supplier requests, or mandatory training notices.
Follow-up content is delivered through the group mailbox, shared files, or calendar invitations, often using one of four CalPhishing techniques. CalPhishing, short for Calendar Phishing, uses Outlook and Microsoft 365 calendar features to deliver phishing lures through meeting invitations and .ics files that can place events directly on a victim’s calendar.
New ‘Mistic’ RAT Opens Door to Several Ransomware Families
Don't be surprised that cyber criminals work together. If you are, this is one example that it's happening.
From the article:
The threat actor, tracked as Woodgnat and KongTuke, and active since at least May 2024, is known to have ties to ransomware groups such as Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta.
Also tracked as MLTBackdoor, Mistic provides attackers with typical capabilities, including file download and upload, file manipulation, folder creation, and code execution. The attackers can also modify the frequency at which the malware checks for new commands and can instruct it to terminate itself.
The Identity Problem Hiding in AI Agent Deployments
When you know who is who in a system, you still have to ensure that they don't exploit their access. Now, what happens when you know of an Agent that accessed a system access but you don't know the relationship between that Agent and who granted it that access? This and more is what the article is trying to explain and ways to navigate the situation.
From the article:
Even when we specify both identities, the relationship between the user and the agent is not captured anywhere.
The relationship between Claude Code and the programmer who initiated a task that caused Claude Code to get a token to access GitHub, for example, is very different from the relationship an autonomous agent has with the user whose HR case it picks up in its workflow.
Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability
It only takes one decision, and such capabilities can allow the developers of the extension to do whatever the devices. The question is: why was it there in the first place?
From the article:
It's worth emphasizing here that there is no evidence malicious payload has been distributed to users in this manner, but the mere presence of the capability, coupled with ties to other ad-blocking extensions that have since been removed from the storefront for malware, raises privacy and security risks
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)