#AxisOfEasy 372: North Korean Hackers Use Linux Malware In Global ATM Heists


Weekly Axis Of Easy #372


Last Week’s Quote was: “If you don’t read the newspapers, you are uninformed, if you do, you are misinformed,” was by Mark Twain.  No one got it. 

This Week’s Quote: “The first condition of progress is the removal of censorship.”  By ???

THE RULES: No searching up the answer, must be posted at the bottom of the blog post, in the comments section.

The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.


This is your easyDNS #AxisOfEasy Briefing for the week of October 14th, 2024 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey Tweets, and Len the Lengend click here.


In this issue: 

  • North Korean Hackers Use Linux Malware in Global ATM Heists
  • Telekopye Scam Network Targets Booking.com and Airbnb Users
  • WordPress War Heats Up as WP Engine Faces Legal Showdown
  • US Agencies Sued Over Alleged Global Free Speech Suppression
  • EU’s Proposed Child Abuse Law Faces Privacy and Security Concerns

Elsewhere Online:

  • Hackers Utilize EDRSilencer to Tamper Endpoint Security
  • Chinese Hackers Exploit US Telecoms to Infiltrate Federal Surveillance
  • GitHub Enterprise Server Security Update Addresses Critical Vulnerability
  • DOJ Charges Hackers with Deadly DDoS Attacks on Hospitals
  • VMware Addresses SQL Injection Threat in HCX Platform

 

North Korean Hackers Use Linux Malware in Global ATM Heists

North Korean threat actors have developed a Linux variant of the FASTCash malware to target payment switches and steal funds from ATMs. This financially motivated campaign, first documented in 2018, enables fraudulent cash withdrawals across multiple countries.

The malware intercepts transaction messages on compromised systems, allowing unauthorized withdrawals from ATMs. One 2017 incident saw cash stolen simultaneously from ATMs in 30 countries.

Security researcher HaxRob emphasized, “The discovery of the Linux variant further emphasizes the need for adequate detection capabilities in Linux server environments.”

Read: https://thehackernews.com/2024/10/new-linux-variant-of-fastcash-malware.html

Telekopye Scam Network Targets Booking.com and Airbnb Users

ESET Research revealed the Telekopye scam network is targeting Booking.com and Airbnb users with phishing schemes. Scammers use compromised accounts of legitimate accommodation providers to create fake websites designed to steal personal and financial information from travelers.

In July 2024, Telekopye scams surged, surpassing their original focus on marketplace scams. These criminals send emails claiming payment issues, directing victims to convincing phishing sites that mimic the booking platforms. These fake pages include pre-filled booking details, making them highly believable.

“Throughout our tracking of Telekopye, we’ve observed advanced features aimed at improving the scam process,” ESET researchers noted.

Telekopye is run by organized cybercriminal groups, providing tools to launch large-scale scams. Despite arrests of key players in late 2023, the threat continues to grow, especially during the busy travel season.

Travelers should verify any communication directly with platform representatives, avoid clicking on suspicious links, and use security measures like two-factor authentication to protect themselves from these scams.

Read: https://hackread.com/telekopye-scam-toolkit-hit-booking-com-airbnb-users/

 

WordPress War Heats Up as WP Engine Faces Legal Showdown

The ongoing legal battle between WordPress founder Matt Mullenweg and WP Engine has intensified. Mullenweg accuses WP Engine of misusing the WordPress trademark and disabling key features, like post revision tracking, which he calls “core to protecting user data.” WP Engine responded by suing Automattic for trademark abuse, sparking fears of a damaging split within the WordPress community.

A potential “zombie fork” of WordPress may be on the horizon, where WP Engine could create a similar platform without WordPress’ legal restrictions. This could anger open-source advocates but might be embraced by customers as long as their websites run smoothly.

Meanwhile, Automattic temporarily blocked WP Engine’s access to WordPress.org, breaking plugin updates and security features for many sites. Some in the community worry that WordPress is becoming too centralized under Mullenweg’s control.

As both sides prepare for a long legal fight, the outcome could reshape the future of one of the internet’s most widely used platforms.

Read: https://darnell.day/why-world-war-wordpress-will-end-with-a-zombie-fork

 

US Agencies Sued Over Alleged Global Free Speech Suppression

America First Legal (AFL) has filed a lawsuit against the US Department of State, USAID, and the Department of Commerce in the District Court for the District of Columbia. AFL accuses these agencies of withholding documents that might reveal US involvement in global censorship efforts.

The case focuses on two incidents: the arrest of Telegram CEO Pavel Durov in France and censorship of social media in Brazil. AFL is investigating whether the Biden-Harris Administration had prior knowledge or played a role in these events.

Gene Hamilton, AFL’s Executive Director, emphasized, “The American people have every right to know whether their government and taxpayer dollars are being used to suppress free speech around the world.” The lawsuit seeks to force compliance with AFL’s Freedom of Information Act (FOIA) requests.

AFL also cited a report by journalist Michael Shellenberger, linking the US government to Brazilian censorship. The lawsuit highlights concerns about free speech and government transparency, questioning whether US agencies supported these actions.

Read: https://reclaimthenet.org/telegram-founders-arrest-and-brazil-censorship-spark-censorship-legal-battle-with-us-agencies

 

EU’s Proposed Child Abuse Law Faces Privacy and Security Concerns

The European Union’s plan to combat child sexual abuse, introduced in May 2022, has raised alarm over privacy risks for messaging app users. The proposal mandates platforms to scan messages for illegal content, including known and unknown child sexual abuse material (CSAM).

Critics, including privacy advocates, warn this could weaken end-to-end encryption (E2EE) and force mass surveillance of private messages. The EU’s Data Protection Supervisor also questioned the legality of such broad monitoring.

Gene Hamilton, AFL’s Executive Director, emphasized, “The American people have every right to know whether their government and taxpayer dollars are being used to suppress free speech around the world.” The lawsuit seeks to force compliance with AFL’s Freedom of Information Act (FOIA) requests.

The proposal has sparked opposition, with some members of the European Parliament pushing for revisions that protect privacy and limit scanning to targeted individuals suspected of abuse. However, divisions remain among EU member states on how to proceed.

The ongoing debate highlights the tension between child safety and protecting digital privacy across the EU.


Read: https://techcrunch.com/2024/10/12/chat-control-the-eus-controversial-csam-scanning-legal-proposal-explained/


Elsewhere Online:

Hackers Utilize EDRSilencer to Tamper Endpoint Security
Read: https://thehackernews.com/2024/10/hackers-abuse-edrsilencer-tool-to.html

Chinese Hackers Exploit US Telecoms to Infiltrate Federal Surveillance
Read: https://www.cpomagazine.com/cyber-security/chinese-hackers-penetrated-major-us-telecoms-may-have-breached-federal-surveillance-system/

GitHub Enterprise Server Security Update Addresses Critical Vulnerability
Read: https://thehackernews.com/2024/10/github-patches-critical-flaw-in.html

DOJ Charges Hackers with Deadly DDoS Attacks on Hospitals
Read: https://www.wired.com/story/anonymous-sudan-ddos-indictment-takedown/

VMware Addresses SQL Injection Threat in HCX Platform
Read: https://www.securityweek.com/vmware-patches-high-severity-sql-injection-flaw-in-hcx-platform/

If you missed the previous issues, they can be read online here:

 


 

2 thoughts on “#AxisOfEasy 372: North Korean Hackers Use Linux Malware In Global ATM Heists

Leave a Reply

Your email address will not be published. Required fields are marked *