DEV Community

Cover image for Security news weekly round-up - 4th October 2024
Habdul Hazeez
Habdul Hazeez

Posted on

Security news weekly round-up - 4th October 2024

Introduction

Hello everyone, and welcome to this week's review. In this edition, we'll review articles that are about network security, vulnerabilities, and malware.

Get ready, and let's go!


Record-Breaking DDoS Attack Peaked at 3.8 Tbps, 2.14 Billion Pps

Hats off to Cloudfare for mitigating the attack, if not, I don't the target will survive such an attack. Also, they did not name the target. This also reminds me of the Mirai 2016 attack against Brian Krebs and OVH. That seems like yesterday, but wow, that's almost eight years ago at the time of writing.

The following is a brief abstract description of the attack and its origin:

The campaign targeted customers in the financial services, telecoms, and internet sectors. The attacks came from systems around the world, including in Vietnam, Russia, Brazil, Spain and the United States, and they were powered by compromised web servers, DVRs, and routers.

Fake browser updates spread updated WarmCookie malware

Any news about malware is never good. I don't even remember when any good news about malware. I believe this type of attack can affect the less tech-savvy among us. However, depending on the situation, anyone can fall victim. Which is why education and awareness are important.

The routine of these fake browser updates certainly is a red flag because if you're a long-time internet user, you'll know that web browsers will silently update and apply the update after a restart. This attack does the opposite; it explicitly asks the would-be victims to go to a site and download the "update".

Here is more for you:

The infection chain starts with the user clicking on a fake browser update notice, which triggers JavaScript that fetches the WarmCookie installer and prompts the user to save the file.

When the fake software update is executed, the malware performs some anti-VM checks to ensure it's not running on an analyst's environment and sends the newly infected system's fingerprint to the command and control (C2) server, awaiting instructions.

Adobe Commerce Flaw Exploited to Compromise Thousands of Sites

This article is for the ecommerce stores out there and their customers. If you're one of them, then you should read the article and be on the lookout. And if you're a store owner, update your installation as soon as possible.

Here is how the attack works, and why you should be worried (emphasis mine):

According to Sansec, which named the bug CosmicSting, typically attackers steal the secret crypt key that allows them to modify CMS blocks using the Magento API, and then steal customer data from the compromised stores.

“Combined with another bug (CVE-2024-2961), attackers can also run code directly on your servers and use that to install backdoors,”

Thousands of Linux systems infected by stealthy malware since 2021

Over three years of operation without being detected is a scary thing. Who knows? There could be some infected systems still out there today. Also, can you guess the goal of the malware? Read the excerpt below.

The malware is designed to ensure persistence, meaning the ability to remain on the infected machine after reboots or attempts to delete core components

The researchers are calling the malware Perfctl, the name of a malicious component that surreptitiously mines cryptocurrency.

Besides running using the machine resources to mine cryptocurrency, Perfctl also turns the machine into a profit-making proxy that paying customers use to relay their Internet traffic

Perfctl further cloaks itself using a host of other tricks. One is that it installs many of its components as rootkits, a special class of malware that hides its presence from the operating system and administrative tools.

Credits

Cover photo by Debby Hudson on Unsplash.


That's it for this week, and I'll see you next time.

Top comments (0)