This is your easyDNS #AxisOfEasy Briefing for the week of January 27th  2025 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the 'net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey and Len the Lengend click here.

In this issue: 

• DeepSeek's Disruption Could Trigger an AI Market Collapse
• OAuth Flaw in Travel Services Provider Put Millions of Airline Accounts at Risk
• IntelBroker Claims Second HPE Breach With Plans to Sell Access
• PowerSchool Data Breach Exposes Millions of Students and Teachers
• Apple Chip Flaws Expose Gmail and iCloud Data to Hackers
• Memo: Google tech support will never call you

Elsewhere Online:

DeepSeek's Disruption Could Trigger an AI Market Collapse

DeepSeek's recent unveiling of a suite of AI tools has the potential to cause a seismic shift in the AI market. These tools, which could rival OpenAI's models while using significantly fewer computing resources, pose a serious challenge to the dominance of companies like Nvidia and Big Tech firms investing billions in AI infrastructure.

DeepSeek's innovation relies on software efficiency rather than expensive, energy-intensive processors. Unlike conventional AI, which requires vast data centers, DeepSeek's models can run on smartphones and personal computers. "The AI hardware monopoly and quasi-monopoly of AI software has been broken," wrote analyst Charles Hugh Smith.

This shift could disrupt the AI industry's business model, undermining the profitability of AI chips and subscription-based services. Investors are now questioning the sustainability of AI-driven stock market valuations. Some experts warn DeepSeek may be the "Sputnik moment" that reshapes the landscape.

If AI's high-margin market crumbles, it could ripple across global markets. As Smith put it, "Software may not eat the world, but it could consume the stock market bubble in a single gulp.”

Read: https://charleshughsmith.substack.com/p/is-deepseek-a-sputnik-moment


OAuth Flaw in Travel Services Provider Put Millions of Airline Accounts at Risk

A significant travel services company integrated with multiple airline websites recently patched a critical OAuth vulnerability that left millions of airline users vulnerable to account takeovers. Researchers at Salt Security discovered the flaw while investigating API supply chain attacks.

The vulnerability allowed attackers to redirect a user's OAuth credentials to their server, which gave them access to session tokens. This enabled unauthorized bookings using airline loyalty points. "This critical risk highlights the vulnerabilities in third-party integrations," Salt Security researcher Amit Elbirt wrote.

To exploit the flaw, attackers could send phishing links that appeared legitimate. Once a victim logged in, their credentials would be stolen without any visible warning. Salt Security's vice president of research, Yaniv Balmas, noted that these attacks were indistinguishable from normal logins from the airline's perspective.

This incident underscores the risks of misconfigured OAuth implementations. Similar flaws have been found in platforms like Booking.com and Grammarly, raising concerns about third-party security standards in authentication systems.

Read: https://www.darkreading.com/application-security/oauth-flaw-exposed-millions-airline-users-account-takeovers

IntelBroker Claims Second HPE Breach With Plans to Sell Access

IntelBroker, a hacker known for high-profile cyberattacks, claims to have again breached Hewlett-Packard Enterprise (HPE). The hacker alleges access to HPE's internal infrastructure and is considering selling entries rather than just stolen data. Screenshots provided to Hackread.com show exposed credentials, internal configurations, and proprietary source code.

This marks IntelBroker's second alleged breach of HPE in January 2025. The first attack involved a significant exfiltration of sensitive data, which was offered for sale on Breach Forums. In this latest incident, the hacker claims to have accessed proprietary source code, private keys, internal services, and MongoDB credentials.

Unlike the previous breach, IntelBroker has not decided whether to leak or sell the stolen data. "I am not sure about selling the data; maybe I will just leak it for free this time," the hacker told Hackread.com. However, they indicated their team may sell access to HPE's infrastructure instead.

This breach raises serious security concerns for HPE and its customers if verified. It underscores the need for stronger access controls and continuous monitoring to prevent unauthorized intrusions.

Read: https://hackread.com/hackers-claim-2nd-breach-hp-enterprise-sell-access/

PowerSchool Data Breach Exposes Millions of Students and Teachers

PowerSchool, a major U.S. edtech company, has begun notifying individuals affected by a December 2024 data breach. Attackers gained access using stolen credentials, compromising sensitive data of students and teachers across North America. PowerSchool confirmed filing regulatory notifications but has not disclosed the total number of affected individuals.

The breach is believed to be massive. Bleeping Computer reports that hackers accessed data from over 62 million students and 9.5 million teachers. However, PowerSchool spokesperson Beth Keebler stated the company "cannot confirm" the exact figures as its investigation continues. A notification filed in Maine confirmed that more than 33,000 state residents were affected.

Toronto District School Board (TDSB) was hit hardest, with nearly 40 years' worth of student records compromised, affecting 1.5 million students. A letter to parents confirmed the stolen data included gender, grade information, medical records, and parental access rights. Calgary Board of Education (CBE) was also impacted, with data from over 500,000 students potentially exposed.
Several school districts, including Idaho's West Ada School District and Virginia's Alexandria City Public Schools, have also confirmed breaches. The Rochester City School District reported that 134,000 students were affected, and the data accessed included medical diagnoses and legal alerts.

PowerSchool has not disclosed details about ransom demands or whether stolen data was deleted. The breach raises serious concerns about school cybersecurity and the protection of student data.

Read: https://techcrunch.com/2025/01/28/powerschool-begins-notifying-students-and-teachers-after-massive-data-breach/

Apple Chip Flaws Expose Gmail and iCloud Data to Hackers

Apple's A and M-series chips contain two critical vulnerabilities, FLOP and SLAP. These flaws exploit speculative execution to extract credit card details, emails, and location history, allowing attackers to steal sensitive data from Gmail, iCloud, and Google Maps.

FLOP targets the load value predictor (LVP), tricking the CPU into leaking restricted memory. It affects both Chrome and Safari, requiring a victim to have an attacker's site open alongside a targeted webpage. SLAP manipulates Safari's load address predictor (LAP) to access sensitive data from other open tabs.

Researchers warned that "SLAP and FLOP break these protections," bypassing safeguards that separate webpages. Affected devices include all MacBooks since 2022, Mac desktops since 2023, and iPhones and iPads from 2021 onward.

Hackers can exploit these flaws remotely without user authentication, making them particularly dangerous. Apple has yet to release a fix, leaving millions of users vulnerable. Until then, security experts advise using alternative browsers and limiting exposure to untrusted websites.

Read:
https://arstechnica.com/security/2025/01/newly-discovered-flaws-in-apple-chips-leak-secrets-in-safari-and-chrome/


Memo: Google tech support will never call you

This next item shows how even experienced technically adept people can be (nearly) phished via social engineering attacks.

Zach Latta, co-founder of @hackclub ("a worldwide community of high school hackers") published his account via his Github on how an attacker used a weakness in Google's g{.}co URL shortener to create an official looking domain, from which they launched their attack.

His account is very long and detailed - he did not fall for it but did a great job stringing the attacker along as he grew more suspicious.

The two big takeways are this:

• Anybody can create subdomains under the g{.}co redirect domain, like "headoffice.g{.}co"
• GOOGLE TECH SUPPORT WILL NEVER CALL YOU ABOUT YOUR ACCOUNT.

If you're getting a call from any of the big tech companies: Google, Apple, Amazon, Microsoft (and especially crypto wallet providers) and they're telling you that you need to do something to protect your account you are under attack and being socially engineered.

End the call. Change your passwords. Turn up 2FA if you haven't already.

easyDNS may send you emails about your account, but we will only call if it's part of an ongoing support issue you already have open with us.

When in doubt, make a note of ticket number and support rep's name, then call us back at the number posted on our website.

Read the account: https://gist.github.com/zachlatta/f86317493654b550c689dc6509973aa4

Elsewhere Online:

Stealthy TorNet Backdoor Expands Phishing Attacks in Poland and Germany
Read: https://hackread.com/tornet-backdoor-exploits-tor-network-phishing-attack/

Microsoft Addresses Critical Vulnerabilities with January 2025 Patch Tuesday Updates
Read: https://latesthackingnews.com/2025/01/22/microsoft-released-huge-patch-tuesday-updates-for-january-2025/

Hackers Steal Over $85 Million in Crypto from Phemex Exchange in Sophisticated Heist
Read: https://www.securityweek.com/hackers-drain-over-85-million-from-crypto-exchange-phemex/

Apple Patches Actively Exploited Zero-Day Vulnerability Affecting Multiple Devices
Read: https://thehackernews.com/2025/01/apple-patches-actively-exploited-zero.html

PayPal Admits Freezing Accounts Over Criticism of Covid Mandates
Read: https://reclaimthenet.org/paypal-debanking-covid-critics-usforthem-molly-kingsley