YouTube Faces Surge in Phishing and Deepfake Scams

YouTube is now a target for phishing, malware, and fake investment schemes, according to a report by security researchers at Avast. They highlighted the tactics of Lumma and RedLine, which use phishing and scam pages to spread malicious software. YouTube channels act as a distribution system, leading users to dangerous sites.

Deepfake videos are also on the rise. These realistic but fake videos mislead viewers and spread false information. Avast discovered multiple compromised accounts with millions of subscribers promoting cryptocurrency scams through deepfakes, using fake comments and malicious links.

Researchers identified five exploitation methods on YouTube. Personalized phishing emails propose fake collaborations to gain creators’ trust and send harmful links. Compromised video descriptions contain malware links, while hijacked channels spread further scams. Fraudulent websites mimicking legitimate brands also direct users to malware.

Avast protected over 4 million YouTube users in 2023, and around 500,000 in early 2024. Trevor Collins, a WatchGuard Network security engineer, stressed the need for continuous education. “Regular education is essential. Make people aware that there are scammers out there doing this,” he said, emphasizing the importance of reporting suspicious activities before acting on them.

Read: https://www.darkreading.com/vulnerabilities-threats/youtube-becomes-latest-frontier-for-phishing-deepfakes

Europol Data Breach Exposes Security Weaknesses

In May, Europol, the EU’s police organization, experienced a significant data breach, exposing internal documents and possibly classified information on the dark web. This incident undermines Europol’s push for encryption backdoors, which would weaken internet security. Europol has downplayed the breach, claiming key systems remain “unaffected” and no operational information was leaked.

The compromised data reportedly includes information from the European Cybercrime Center, the Europol Platform for Experts, the Law Enforcement Forum, and the SIRIUS platform. This breach highlights the irony of Europol’s recent campaign against end-to-end encryption on social platforms, arguing that it hinders investigations.

Catherine De Bolle, Europol’s Executive Director, has been vocal about the need for access to encrypted communications to protect public safety. She stated, “Tech companies have a social responsibility to develop a safer environment where law enforcement and justice can do their work.”

Europol’s stance contrasts with tech companies’ efforts to enhance user security through encryption. This breach demonstrates the critical need for strong encryption to safeguard sensitive data, even as law enforcement agencies push for less secure digital environments.

Read: https://reclaimthenet.org/europols-embarrassing-data-breach-exposes-flaws-in-its-anti-encryption-stance

Breach Forums Defies FBI Seizure with Dark Web Comeback

Infamous cybercrime forum Breach Forums is set to return to the dark web this week, despite a recent FBI crackdown. The forum, which was seized by the FBI on May 15, 2024, following the arrest of two administrators, is preparing to relaunch with a new Onion domain. The timeline for its clearnet domain revival remains uncertain.

ShinyHunters, a hacker and administrator of Breach Forums, confirmed to Hackread.com that the new Onion domain is ready and will be launched soon. “The onion is ready, it’s not public yet, but it will probably be launched this week,” ShinyHunters stated.

ShinyHunters also hinted that access to the clearnet domain was regained from the FBI using undisclosed methods. This development has raised many questions about the forum’s future and the role of law enforcement agencies.

Despite the FBI’s acknowledgment of the seizure and calls for victims to come forward, no official statements have been issued. The situation illustrates the ongoing challenges and complexities in the world of cybercrime, highlighting the resilience of such forums even in the face of law enforcement efforts.

Read: https://www.hackread.com/breach-forums-plan-dark-web-return-fbi-crackdown/

Open Source Security Foundation Launches Siren Mailing List to Fight Cyber Threats

The Open Source Security Foundation (OpenSSF) introduces the Siren mailing list, aiming to share threat intelligence concerning open source projects. This initiative follows growing concerns about cybersecurity in the wake of incidents like Log4j, XZUtils, and OpenJS. Siren will facilitate public discussions and dissemination of indicators of compromise (IOCs) and threat tactics and procedures (TTPs).

OpenSSF General Manager Omkhar Arasaratnam highlights the need for a centralized platform for distributing threat information within the open source community. Existing channels like oss-security lack efficiency in sharing exploits widely. Siren will focus on operational impact and response, providing real-time updates on emerging threats.

Christopher Robinson and Bennett Pursell emphasize the importance of open source software, powering up to 90% of modern software. Siren aims to foster a culture of shared responsibility and collective defense among developers, maintainers, and security enthusiasts. OpenSSF encourages participation and sharing of the mailing list within the open source community to strengthen cybersecurity defenses.

Read:https://therecord.media/openssf-siren-open-source-threat-intelligence-mailing-list


Lawyer Finds Library Reading Habits Reflected in Mobile Ads, Raising Privacy Fears

In April 2024, attorney Christine Dudley noticed ads on her Android tablet related to audiobooks she had checked out from the San Francisco Public Library, raising privacy concerns. Dudley, who listened to these books on her iPhone, suspected her data was being tracked and shared.

Historically, American libraries have prioritized reader privacy. Dorothea Salo, an academic librarian at the University of Wisconsin-Madison, explained that the American Library Association codified privacy protection in 1939 to ensure users felt safe from surveillance.

With the digitization of libraries, privacy became more complex. Dudley used multiple audiobook services, including OverDrive’s Libby app and Baker & Taylor’s Boundless app. She suspects data tracking occurred via her IP address, as she used different accounts on her devices.

OverDrive’s David Burleigh denied selling user data for any purpose. However, privacy policies from both OverDrive and SFPL mentioned data use for personalized services and remarketing. Security researcher Zach Edwards found the Libby app free of third-party services.

SFPL’s website contained ad trackers and third-party cookies, but SFPL’s Jaime Wong assured that no specific user information was shared. This situation highlights the difficulty in understanding data usage and ensuring privacy protection in the digital age. “Patron privacy and security are of the highest priority to us,” Wong emphasized.

Read: https://www.theregister.com/2024/05/18/mystery_of_the_targeted_mobile_ads/

Mail Forwarding Problems: What to do When They Arise

Starting Friday May 17th, easyDNS customers who were email forwarding to their Rogers mailboxes started reported slowdowns and missing emails.

It looks like the problem is with email forwarding to Yahoo which is who Rogers has outsourced their email infrastructure to.

We’ve been working on it – as reported via our status update here – but we also put out a more general overview on how to work around issues with email forwarding. There are several different approaches, including: changing where your forwarding destination is, forwarding to multiple destinations or the nuclear option – taking forwarding out of the equation and just host your email with your domain name – at least for your important addresses, you can still forward the rest.

Read more here: https://easydns.com/blog/2024/05/21/email-forwarding-slowdowns-what-you-can-do-when-it-happens/

Elsewhere Online:

GitHub Enterprise Server Flaw: Major Security Risk Fixed
Read: https://thehackernews.com/2024/05/critical-github-enterprise-server-flaw.html

Cloud Service Vulnerability Exposed
Read: https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323

Russia’s Copycat Campaign Exposed: Social Media Tricks
Read: https://www.infosecurity-magazine.com/news/russias-doppelganger-campaign/

Unpatched QNAP QTS Flaws Open Door for Remote Attacks
Read: https://www.bleepingcomputer.com/news/security/qnap-qts-zero-day-in-share-feature-gets-public-rce-exploit/

Uncovering Security Flaws in NextGen Mirth Connect and Their Fixes
Read: https://www.horizon3.ai/attack-research/attack-blogs/writeup-for-cve-2023-43208-nextgen-mirth-connect-pre-auth-rce/

Previously on #AxisOfEasy