#AxisOfEasy 228: NY AG Notifies Threat Actors Stole 1.1 Million Customer Accounts From 17 Well-Known Firms


Weekly Axis Of Easy #228


Last Week’s Quote was “True wisdom comes to each of us when we realize how little we understand about life, ourselves, and the world around us.” was by Socrates.  No one got it.

This Week’s Quote:  “You cannot escape from a prison if you don’t know you’re in one.” …by???

THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.



In this issue:


  • Norton Crypto: The new crypto-miner of Norton 360 antivirus
  • NY AG notifies threat actors stole 1.1 million customer accounts from 17 well-known firms
  • FTC warns organizations to patch Log4j vulnerability and hints at potential legal action
  • Malsmoke exploits Microsoft Signature Verification with new Zloader malware
  • ‘doorLock’ – New HomeKit bug found in Apple iOS


Elsewhere online:
 

  • Encrypted anom phones secretly harvested GPS data for the FBI
  • SEGA Europe’s data expose after being stored in a misconfigured AWS S3 Bucket
  • North Korean cyberespionage group attacks Russian diplomats with weaponized New Year greetings
  • Purple Fox Malware found in malicious Telegram Installer
  • French Authorities hit Google, Facebook with $210 million in fines over ‘cookies’

 

Norton Crypto: The new crypto-miner of Norton 360 antivirus

One of the best-known antivirus makers, Norton, has recently released a new crypto miner as part of its Norton 360 antivirus subscription. Norton crypto is installed automatically as part of Norton 360, something that hasn’t gone well with the public. Even though nothing malicious happens with the software, users are not happy with Norton as it doesn’t appear to be a way to uninstall the crypto mining software completely.

Norton Crypto is a new feature that allows users to mine Ethereum cryptocurrency while their computer remains idle. Norton’s crypto mining software will enable users to mine Ethereum safely while their computers are idle. Users will operate within a ‘pool’ of Norton Crypto miners, delivering greater efficiencies and allowing all users to share the rewards.

The new feature is available on all plans. The company will charge users 15% off the top and an additional fee for transferring the user’s cryptocurrency to another wallet. To use this crypto miner, the users will need to not only turn on the feature but will also need to meet Norton’s strict system requirements.

Read: https://www.howtogeek.com/777952/norton-360-antivirus-now-mines-cryptocurrency/


NY AG notifies threat actors stole 1.1 million customer accounts from 17 well-known firms

The Office of the Attorney General (OAG) for the State of New York announced that 1.1 million consumer online accounts had been compromised in credential stuffing attacks. The stolen credentials belong to 17 well-known companies, including online retailers, restaurant chains, and food delivery services.

The “sweeping investigation” conducted by NY OAG lasted several months, during which they monitored multiple hacking communities focused on credential stuffing. The experts reviewed thousands of posts containing login credentials. After discovering the attacks, the compromised companies were alerted “so that passwords could be reset and consumers could be notified.”

Currently, more than 15 billion stolen credentials are being circulated throughout the internet, putting users’ personal information at risk, said New York Attorney General Letitia James. In its published report, the NY OAG provided further details on its investigation and gave some guidelines on how companies can protect their customers’ data and respond to these kinds of incidents.

Read: https://www.bleepingcomputer.com/news/security/ny-oag-hackers-stole-11-million-customer-accounts-from-17-companies/


FTC warns organizations to patch Log4j vulnerability and hints at potential legal action

According to a statement published on January 4, 2022, the U.S. Federal Trade Commission (FTC) plans to take legal action against companies who fail to mitigate the Log4j vulnerability.

Since early December, various vulnerabilities have been discovered in the Log4j java-based logging utility, the most serious of which has been the CVE-2021-44228, dubbed as Log4Shell. This zero-day vulnerability has recently been exploited by threat actors and cybercriminals in several attacks. In response to these attacks, the FTC has found it necessary to enforce its authority to protect customers’ personal information.

Accordingly, the duty to mitigate known software vulnerabilities implicates laws such as the Federal Trade Commission Act and the Gramm Leach Bliley Act. To avoid legal action by the FTC, companies, and vendors must immediately rely on the Log4j act.

In the statement, the FTC cites its prior settlement with Equifax as an example of what’s to come to companies who fail to patch Log4j and advises companies to check their use of the Log4j software library by consulting the Cybersecurity and Infrastructure Security Agency (CISA) guidance.

Read: https://www.securityweek.com/ftc-patch-log4j-vulnerability-avoid-potential-legal-action 


Malsmoke exploits Microsoft Signature Verification with new Zloader malware

Security researchers have spotted an ongoing malware campaign in which cybercriminals abuse Microsoft’s e-signature verification tool to deploy Zloader and steal user data. This new banking malware is designed to steal cookies, passwords, and sensitive information.

Researchers at CheckPoint Research identified the infection chain in early November 2021 and attributed it to a cybercriminal group named Malsmoke. “The infected machines were initially accessed using remote management software, or RMM,” said Check Point’s Golan Cohen. “The malware then exploits Microsoft’s digital signature verification method to inject its payload into a signed system DLL to evade the system’s defenses further.

The campaign has claimed more than 2,000 victims in 111 countries, with the most affected users in the U.S, Canada, India, Indonesia, and Australia. Researchers also stated that the authors behind the Zloader campaign have put a great effort into defense evasion and “are still updating their methods weekly.

Read: https://thehackernews.com/2022/01/new-zloader-banking-malware-campaign.html


‘doorLock’ – New HomeKit bug found in Apple iOS

A novel denial-of-service vulnerability has been discovered in Apple HomeKit. This DoS bug was publicly disclosed by security researcher Trevor Spiniolas, who explains that exploiting the vulnerability can render HomeKit devices non-functional as it sends affected devices into a crash or reboot loop.

According to Spiniolas, Apple has known about the flaw since August 2021, but the matter remains unresolved as the Cupertino giant keeps delaying the security update. Given the flaw’s seriousness, the researcher decided to go public and alert users. As Spiniolas wrote in his post, this bug represents a significant risk to the data of iOS users. Still, they can protect themselves by disabling Home devices in the control center to protect local data.

Apple has promised Spiniolas they’d fix the bug in “early 2022,” but, as a definitive solution to the matter is yet to arrive, the researcher has given some recommended actions for users to protect themselves from ‘doorLock.’

Read: https://latesthackingnews.com/2022/01/06/researcher-found-doorlock-dos-bug-in-apple-homekit/ 

Elsewhere online:

Encrypted anom phones secretly harvested GPS data for the FBI
https://www.vice.com/en/article/93b3ay/fbi-backdoor-anom-phones-gps-data 

SEGA Europe’s data expose after being stored in a misconfigured AWS S3 Bucket
https://threatpost.com/sega-security-aws-s3-exposed-steam/177352/

North Korean cyberespionage group attacks Russian diplomats with weaponized New Year greetings
https://therecord.media/north-korean-hackers-attack-russian-diplomats-using-new-year-greetings/ 

Purple Fox Malware found in malicious Telegram Installer
https://threatpost.com/purple-fox-rootkit-telegram-installers/177330/

French Authorities hit Google, Facebook with $210 million in fines over ‘cookies’
https://www.securityweek.com/france-hits-google-facebook-huge-fines-over-cookies 

 
Previously on #AxisOfEasy
 

2 thoughts on “#AxisOfEasy 228: NY AG Notifies Threat Actors Stole 1.1 Million Customer Accounts From 17 Well-Known Firms

Leave a Reply

Your email address will not be published. Required fields are marked *