This Week in Security: Malicious Themes, Crypto Heists, and Wallbleed
2 min read
Summary
A report highlights that popular extensions for VSCode, including Material Theme, have been removed from the VSCode store after it was discovered they were obfuscating malicious code; it is still unclear what the exact purpose of the code was.
In other news, a minor endpoint on NAKIVO backup is highlighted, which allows unauthenticated users to perform an arbitrary file read of up to 512 bytes in size, although it is noted that this is likely not large enough for exfiltration of valuable data.
It is also reported that Apple has pulled access to Advanced Data Protection (ADP) for UK users after a tussle with the UK government over a requirement to include an encryption backdoor.
The largest crypto heist to date is reported to have been perpetrated by North Korean agents who stole $1.5bn from a Bybit “multisig” cold wallet and social engineering and UI manipulation are believed to have been involved.
A similar vulnerability to Heartbleed, known as Wallbleed, is reported in the Chinese Great Firewall system and is believed to have been in place for four years; it is noted that researchers used the vulnerability to gather data on the Great Firewall infrastructure.
