Posted on Sep 8 This week's review is mostly about malware, application and cloud security, vulnerabilities and phishing.Even with all the security software on your computer, you have to be extra vigilant. If you ever doubt that, this article is proof that you should not. Here is what's going on:The sneaky method, dubbed MalDoc in PDF by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023. Put differently; the PDF document embeds within itself a Word document with a VBS macro that's designed to download and install an MSI malware file if opened as a .DOC file in Microsoft Office.If you're a developer and you're using a Mac, please, be careful. As the title says, malicious packages are targeting your systems. Meanwhile, all the packages have something in common; harvesting system information.Here is more for you:Threat actors have started uploading malicious packages to PyPI, NPM, and RubyGems repositories in a new campaign aimed at stealing user information, software supply chain security firm Phylum reports. The first malicious packages were uploaded to PyPI and NPM repositories over the weekend, specifically targeting macOS users.Dear site admins, kindly check and ensure that you're not leaking sensitive information that can result in severe consequences for the site that you're managing. That's not from me, but the information from the article is indirectly telling you to do this:All (100%) had repo permissions, which would enable an attacker to take arbitrary actions against all of the victim user’s repositories, including, but not limited to implanting malware in the code.Keep calm. It's an academic research 😊. Still, we should be worried that browser extensions can do this. The details are technical, but, here is what's going on:Once loaded into the DOM tree, the lack of security boundaries allows the extension to leverage the DOM APIs to gain access to all DOM elements and extract the value of the input elements. Google.com and Cloudflare.com are two top websites impacted by this vulnerability.Stories like this remind me of "No System is Safe". Behind the scenes, it was a "race condition" that led to the exposure of a signing key. The aforementioned actors used this, and the rest, as they say, is history. More from the story:Our investigation found that a consumer signing system crash in April of 2021 resulted in a snapshot of the crashed process (“crash dump”). The crash dumps, which redact sensitive information, should not include the signing key. In this case, a race condition allowed the key to be present in the crash dump.Dear Mac users, I know, this is the second article that concerns you. Please, stay safe to the best of your abilities. Moreover, it's really scary as seen in the following excerpt:The malware is bundled in an ad-hoc signed app meaning it’s not an Apple certificate, so it cannot be revoked. Once executed, it will keep prompting for the user password in a never ending loop until victims finally relent and type it in,” Malwarebytes explained.The Curious Case of Using a Legitimate Tool for Malicious Purposes (Did you notice what I did 🤔?, Let me know in the comments section!). Now, the story is for real, here is why:This is a long way of saying that hackers are leveraging Google’s authority. An email security service will look at all these factors and have a good deal of confidence that it is not a phishing email, and that it comes from Google. And it does! Because the attack is nested so deep, all the standard checks will pass with flying colors.Cover photo by Debby Hudson on Unsplash.That's it for this week, and I'll see you next time.Templates let you quickly answer FAQs or store snippets for re-use. Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink. Hide child comments as well Confirm For further actions, you may consider blocking this person and/or reporting abuse AntDB - Sep 8 Massimo Biagioli - Sep 8 AntDB - Sep 8 AntDB - Sep 8 Once suspended, Ziizium will not be able to comment or publish posts until their suspension is removed. Once unsuspended, ziizium will be able to comment and publish posts again. Once unpublished, all posts by ziizium will become hidden and only accessible to themselves. If ziizium is not suspended, they can still re-publish their posts from their dashboard. Note: Once unpublished, this post will become invisible to the public and only accessible to Habdul Hazeez. They can still re-publish the post if they are not suspended. Thanks for keeping DEV Community safe. Here is what you can do to flag ziizium: ziizium consistently posts content that violates DEV Community's code of conduct because it is harassing, offensive or spammy. Unflagging ziizium will restore default visibility to their posts. DEV Community — A constructive and inclusive social network for software developers. With you every step of your journey. Built on Forem — the open source software that powers DEV and other inclusive communities.Made with love and Ruby on Rails. DEV Community © 2016 - 2023. We're a place where coders share, stay up-to-date and grow their careers.