Movatterモバイル変換

[0]ホーム
URL:

Skip to content
DEV Community
Log in Create account

DEV Community

Cover image for Security news weekly round-up - 6th September 2024
Habdul Hazeez
Habdul Hazeez

Posted on

     

Security news weekly round-up - 6th September 2024

Introduction

Hello everyone, and welcome to the first edition of our security review for September 2024. In this week's edition, we'll review three articles

These articles are about the following:

  • Vulnerability
  • Artificial Intelligence
  • Malware

Bypassing airport security via SQL injection

When I saw the article's headline, I was immediately interested. I mean, SQL injection in a system used by an airport will be an interesting read. I was not disappointed, and it was more interesting because it was easy to exploit.

Here is the interesting bit from the article:

we noticed every airline had its own login page, such as Air Transport International (8C) being available at /ati. With only a login page exposed, we thought we had hit a dead end.

Just to be sure though, we tried a single quote in the username as a SQL injection test, and immediately received a MySQL error.

Using the username of' or '1'='1 and password of') OR MD5('1')=MD5('1, we were able to login to FlyCASS as an administrator of Air Transport International!

AI is growing faster than companies can secure it, warn industry leaders

I hope we heed the warning before it's too late. Despite this, Venture Capital is pumping lots of money into AI. A recent (and outrageous example) isSSI raising one billion United States Dollars.

The article is an interesting read and the following short excerpt should get you started:

Clinton warned that this rapid growth is pushing AI capabilities into uncharted territory, where today’s safeguards may quickly become obsolete.

SpyAgent Android malware steals your crypto recovery phrases from images

Threat actors can steal your money using methods that you and I might not even think about. This article is an example of securing or encrypting sensitive images on your mobile phone. However, there is no cause for alarm (unless you're in South Korea at the time of writing).

Here is how the malware works:

Once it infects a new device, SpyAgent begins sending the following sensitive information to its command and control (C2) server:

  • Victim’s contact list, likely for distributing the malware via SMS originating from trusted contacts.
  • Incoming SMS messages, including those containing one-time passwords (OTPs).Images stored on the device to use for OCR scanning.
  • Generic device information, likely for optimizing the attacks.

Credits

Cover photo byDebby Hudson on Unsplash.

That's it for this week, and I'll see you next time.

Top comments(0)

Subscribe
pic
Create template

Templates let you quickly answer FAQs or store snippets for re-use.

Dismiss

Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment'spermalink.

For further actions, you may consider blocking this person and/orreporting abuse

I teach and write code with interests in Web Development, Computer Security, and Artificial Intelligence.
  • Location
    Nigeria
  • Education
    B.Sc. Computer Science
  • Work
    Web Developer and Technical Writer
  • Joined

More fromHabdul Hazeez

DEV Community

We're a place where coders share, stay up-to-date and grow their careers.

Log in Create account
[8]ページ先頭
©2009-2025 Movatter.jp