This is your easyDNS #AxisOfEasy Briefing for the week of July 1st 2024 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey Tweets, and Len the Lengend click here.

In this issue: 

• Evolve Bank Sends Legal Threat to Journalist Over Data Breach Reporting
• Passkey Redaction Attacks Undermine GitHub and Microsoft Security
• HealthEquity Hit by Data Breach, User Information Compromised
• Amazon Investigates Perplexity AI for Unauthorized Web Scraping
• X Re-Joins Advertisers’ Group Despite Censorship Concerns
• A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too

Elsewhere Online:

• Volcano Demon Unleashes Unseen Ransomware, Experts Scramble
• Unpatched Microsoft Browser Leaves Users Vulnerable to MerkSpy Spyware
• Hackers Target Factories? Microsoft Discovers Flaws in Rockwell PanelView Plus
• Don’t Trust Plane Wi-Fi! Hacker Caught Spying on Passengers
• Unpatched Dependency Manager Opens Door to Apple App Takeover

Evolve Bank Sends Legal Threat to Journalist Over Data Breach Reporting

Evolve Bank & Trust, which recently suffered a data breach, sent a cease and desist letter to Jason Mikula, author of Fintech Business Weekly. The bank claims Mikula should not share files from the dark web related to the breach. This letter came shortly after Evolve confirmed that stolen data from the hack was posted online.
Jason Mikula told TechCrunch he received the letter despite not actually sharing the files. He explained he offered to help impacted companies by showing them the stolen data. Mikula has reviewed some files himself to verify the breach. He stated, “Seeing the files would let [fintechs] confirm the breach had happened and identify specific customers impacted.”

Mikula’s reports on the situation have been praised by followers on social media. Parrot Capital commented that Mikula “has been providing better customer service for those affected by the Evolve Bank breach than anyone else.” Mikula plans to continue reporting responsibly.

While Evolve sent the cease and desist letter, on July 1, senators urged Synapse, a fintech company involved in the breach, to restore customers’ access to funds. Synapse filed for bankruptcy in May, freezing customer funds. The letter to Evolve’s CEO, W. Scott Stafford, and others alleges missing funds between $65 million and $95 million, but parties involved deny responsibility, each blaming the other.

Read: https://techcrunch.com/2024/07/02/evolve-bank-sent-a-cease-and-desist-letter-to-a-newsletter-writer-covering-its-data-breach/

Passkey Redaction Attacks Undermine GitHub and Microsoft Security

The US government banned Kaspersky, a Russian cybersecurity company, from selling its Adversary-in-the-middle (AitM) attacks that can remove the passkey option from login pages, leaving only less secure ways to log in. This problem affects many online accounts, including those for banking, e-commerce, social media, and more. Joe Stewart, a principal security researcher at eSentire, explains that attackers can manipulate login screens, making users unable to use passkeys.

Stewart noted, “Attackers can just remove the passkey option, leaving users with less secure methods that attackers can exploit.” This technique, known as “authentication method redaction,” was demonstrated using GitHub and Microsoft accounts. Attackers can hide the “Sign in with a passkey” option, tricking users into using their passwords, which the attackers can then steal.

The issue lies not in the passkeys themselves but in how they are implemented. Many sites provide backup methods for account recovery if passkeys fail, which attackers exploit. Stewart’s team found that users often choose these less secure options without noticing, allowing attackers to capture their credentials.

Stewart recommends using multiple passkeys and avoiding fallback methods that can be compromised. He suggests using “magic links” sent to email as a more secure backup method. These links open a new, secure login window, bypassing the attacker’s manipulations.

For organizations, Stewart advises using security policies that enforce secure login methods and prevent attackers from downgrading authentication. “Security teams should assume every login session could be compromised and ensure any attempt to change the authentication method is secure,” he said.

Read: https://www.darkreading.com/cloud-security/passkey-redaction-attacks-subvert-github-microsoft-authentication

HealthEquity Hit by Data Breach, User Information Compromised

Health care company HealthEquity suffered a data breach after a hacker compromised a partner’s account. The unauthorized party used the access to steal user information, potentially including names and health data protected by HIPAA regulations.

HealthEquity identified unusual activity from the partner’s device and launched an investigation. While the exact number of affected individuals remains unknown, the company has begun notifying them and is offering complimentary credit monitoring and identity restoration services to mitigate potential risks.

HealthEquity assures its users that there’s no evidence of malware on their systems and that no business interruptions occurred. They are currently assessing the incident’s impact but believe it won’t significantly affect their operations or finances.

Read: https://www.bleepingcomputer.com/news/security/healthequity-data-breach-exposes-protected-health-information/

Amazon Investigates Perplexity AI for Unauthorized Web Scraping

Amazon is investigating Perplexity AI for allegedly scraping content from websites without permission. This was discovered after WIRED reported the startup using Amazon Web Services (AWS) for unauthorized scraping. AWS has confirmed it is looking into these claims.

WIRED found that Perplexity AI, which is backed by Jeff Bezos’ family fund and Nvidia, used a hidden IP address to scrape content from Condé Nast, Forbes, and other major publishers. This practice violates AWS’s terms of service. An AWS spokesperson stated that their terms prohibit “abusive and illegal activities.”

Perplexity’s CEO, Aravind Srinivas, argued that there is a misunderstanding of how the company operates. He claimed the IP address was managed by a third-party company, which he refused to name due to a nondisclosure agreement. A spokesperson from Perplexity added that their bot respects website rules unless a user requests a specific URL, which they consider infrequent.

Jason Kint, CEO of Digital Content Next, commented on the issue, saying, “AI companies should assume they have no right to take and reuse publishers’ content without permission.” He added that ignoring terms of service or robots.txt indicates serious ethical concerns.

Read: https://www.wired.com/story/aws-perplexity-bot-scraping-investigation/

X Re-Joins Advertisers’ Group Despite Censorship Concerns

Social media platform X, formerly known as Twitter, has rejoined the Global Alliance for Responsible Media (GARM). GARM is a group linked to the World Economic Forum (WEF) and focuses on “brand safety,” which critics argue can lead to online censorship. The decision came in June 2023, even though X had previously exposed censorship issues through the Twitter Files.

GARM, formed in 2019, aims to promote responsible media through partnerships, including with the WEF’s Shaping the Future of Media project. It was investigated by the US House Judiciary Committee in May 2023. They questioned whether GARM’s brand safety efforts could be linked to censoring online speech. Committee Chairman Jim Jordan expressed concerns about possible antitrust law violations.

X’s move seems driven by financial motives. Joining GARM could attract more advertisers and boost the platform’s profitability. Despite this, some users hoped for more free speech under X’s new ownership. “Free speech absolutism” may not be fully realized on X, as its partnership with GARM reflects a practical compromise.
X announced its excitement about rejoining GARM, emphasizing “the safety of our global town square.” This decision places X alongside companies like YouTube and Chanel in the GARM alliance.

Read: https://reclaimthenet.org/x-re-joins-pro-censorship-advertisers-alliance

Elsewhere Online:

Volcano Demon Unleashes Unseen Ransomware, Experts Scramble
Read: https://www.darkreading.com/cyberattacks-data-breaches/ransomware-eruption-novel-locker-malware-flows-from-volcano-demon

Unpatched Microsoft Browser Leaves Users Vulnerable to MerkSpy Spyware
Read: https://thehackernews.com/2024/07/microsoft-mshtml-flaw-exploited-to.html

Hackers Target Factories? Microsoft Discovers Flaws in Rockwell PanelView Plus
Read: https://www.infosecurity-magazine.com/news/microsoft-uncovers-flaws-rockwell/

Don’t Trust Plane Wi-Fi! Hacker Caught Spying on Passengers
Read: https://www.darkreading.com/remote-workforce/hacker-busted-for-evil-twin-wi-fi-that-steals-airline-passenger-data

Unpatched Dependency Manager Opens Door to Apple App Takeover
Read: https://cyware.com/news/vulnerabilities-in-cocoapods-the-achilles-heel-of-the-apple-app-ecosystem-21e33ebb/