This is your easyDNS #AxisOfEasy Briefing for the week of September 30th, 2024 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey Tweets, and Len the Lengend click here.

In this issue: 

• PayPal’s Quiet Data Sharing: Are You Opted In Without Knowing?
• Sniper Dz: Free Phishing Tools Behind Over 140,000 Cyber Attacks
• AI-Powered Rhadamanthys Malware Evolves into Major Threat for Cryptocurrency Holders
• Widespread Bank Of America Outage
• The New Age of Session Hijacking: Bypassing MFA with Ease
• ChatGPT’s Memory Exploit: A Dangerous Loophole Found

Elsewhere Online:

• Hacked Execs, Made Millions: UK Man Charged for Insider Trading
• Data Leak at Maui Clinic Impacts 123,000 Individuals
• US, UK, Australia Sanction Evil Corp, Indict Member for Ransomware
• Cryptocurrency Wallets at Risk: New PyPI Malware Steals Private Keys
• Iranian Hackers Target US Officials in New Campaign

   

PayPal’s Quiet Data Sharing: Are You Opted In Without Knowing?

In 2024, PayPal quietly opted users into sharing their data with third parties for personalized shopping without notifying them. Users were automatically enrolled in this feature, which shares personal information with stores for customized offers and rewards. According to PayPal’s settings, this sharing can be turned off by users in their privacy settings.

PayPal’s updated privacy statement states that starting November 27, 2024, the company will share personal details like shopping preferences, sizes, and styles unless users opt out. Ellen Datlow, a Twitter user, pointed out that users can find the setting under “Data & Privacy” in their accounts.
The new privacy policy also mentions that data shared with partners is subject to their privacy policies, not PayPal’s, raising concerns about security. Despite the automatic opt-in, PayPal has yet to notify users directly about the changes. PayPal declined to respond when asked if users would be informed before the November deadline.

This issue follows similar trends, where platforms like Udemy, LinkedIn, and Optery changed their data sharing policies without clear notification, drawing public criticism.

If you use PayPal, it’s worth checking your settings to ensure you’re in control of your data.

Read: https://www.404media.co/paypal-personalized-shopping-opt-out/

Sniper Dz: Free Phishing Tools Behind Over 140,000 Cyber Attacks

Sniper Dz, a phishing-as-a-service (PhaaS) platform, has fueled more than 140,000 cyberattacks in the past year, targeting users’ credentials. Cybercriminals use Sniper Dz to create phishing sites and trick victims into giving up personal information. These attacks have primarily hit U.S. users, and the platform offers free tools, making it appealing even to amateur hackers.

Researchers at Palo Alto Networks’ Unit 42, including Shehroze Farooqi, revealed that Sniper Dz provides phishing templates for popular platforms like Facebook, PayPal, and Netflix. “Phishers can either host these phishing pages on Sniper Dz-owned infrastructure or download phishing templates to host on their servers,” the researchers stated.

Sniper Dz uses sophisticated techniques to hide phishing sites behind legitimate proxies, making detection difficult. It also helps phishers convert templates into formats compatible with platforms like Blogger, allowing attacks to seem more legitimate. Victims’ stolen credentials are displayed on a centralized admin panel for the attackers to access.

Alarmingly, the service is easy to access on the open web, and tutorial videos on YouTube show how to set up phishing pages. Sniper Dz even maintains a Telegram channel with over 7,000 subscribers, providing ongoing support for these malicious activities.

As phishing tools become more accessible, PhaaS platforms like Sniper Dz are helping cybercriminals scale attacks rapidly, posing a growing threat to online security worldwide.

Read: https://thehackernews.com/2024/10/free-sniper-dz-phishing-tools-fuel.html

AI-Powered Rhadamanthys Malware Evolves into Major Threat for Cryptocurrency Holders

Rhadamanthys, a powerful information-stealer malware first identified in September 2022, has rolled out major AI-driven enhancements in its latest version 0.7.0, released in June 2024. Its most notable feature is AI-powered optical character recognition (OCR) dubbed “Seed Phrase Image Recognition,” allowing it to extract cryptocurrency wallet seed phrases from images. This makes it a significant threat to cryptocurrency holders. The update also includes 30 new wallet-cracking algorithms, AI-enhanced graphics, and PDF recognition capabilities, all supported by a complete rewrite of the client- and server-side frameworks for improved stability.

Offered under the malware-as-a-service (MaaS) model, Rhadamanthys is available for $250 per month or $550 for 90 days, allowing cybercriminals to steal credentials, system information, browser cookies, and cryptocurrency wallet data. Despite being banned from underground forums like Exploit and XSS, Rhadamanthys is still marketed on Telegram and Jabber. The malware’s modular design enables additional capabilities through plugins, including a keylogger, cryptocurrency clipper, and reverse proxy. Moreover, it can install Microsoft Software Installer (MSI) files to evade detection and prevent re-execution for a configurable period.

Rhadamanthys is part of a broader ecosystem of evolving information-stealers like Lumma, Meduza, and StealC. These malware families have released updates to bypass browser security and collect sensitive data. Recent phishing campaigns and malware like Amadey continue to deploy sophisticated techniques, such as leveraging AutoIt scripts or tricking users into executing malicious PowerShell commands, further underscoring the ever-evolving tactics used to compromise victims across various platforms.

Read: https://thehackernews.com/2024/10/ai-powered-rhadamanthys-stealer-targets.html

Widespread Bank Of America Outage

Bank of America had a bit of a meltdown on Wednesday, leaving customers in a panic when they logged in to find their account balances mysteriously showing zero. Naturally, the internet went wild, with reports flooding Downdetector as people freaked out about missing thousands of dollars. Some lucky souls couldn’t even log in, while others were greeted by the comforting sight of a balance-free account. But don’t worry, Bank of America promises it’s “mostly fixed.” How reassuring.

In a statement that screamed “Oops, our bad,” Bank of America acknowledged the issue without offering any clue as to what caused this financial blackout. Apparently, they’re working on it, but no word yet on when everything will be back to normal. At least one thing is certain: your debt is still there, shining in all its glory, while your savings? Well, who knows.

This is a developing story…

Read: https://www.cnn.com/2024/10/02/business/bank-of-america-outage/index.html

The New Age of Session Hijacking: Bypassing MFA with Ease

Attackers are finding new ways to bypass multi-factor authentication (MFA) using session hijacking. In 2023, Microsoft detected 147,000 token replay attacks, up 111% from the previous year. This method involves stealing session tokens, bypassing MFA and other defenses.
Unlike traditional attacks, modern session hijacking targets cloud-based apps and services. Attackers use phishing toolkits and infostealers to capture credentials and session cookies. As security expert Push Security points out, “Stealing live sessions enables attackers to bypass authentication controls like MFA.”

Detecting these attacks can be tricky. While endpoint detection tools may stop some threats, they are not foolproof. Many infostealer infections stem from personal devices, which can sync corporate credentials across accounts, increasing the risk. Push Security developed a new browser control that tracks hijacked sessions, offering a final layer of defense.

The rise of identity-based attacks highlights the evolving threat landscape, making session hijacking a critical issue for organizations.

Read: https://thehackernews.com/2024/09/session-hijacking-20-latest-way-that.html

ChatGPT’s Memory Exploit: A Dangerous Loophole Found

In early 2023, security researcher Johann Rehberger discovered a vulnerability in ChatGPT’s memory feature, which allows the AI to remember previous conversations. OpenAI released this feature in February (beta) and publicly in September. However, Rehberger found it was easily tricked into storing false memories.

By uploading a file with incorrect details, Rehberger convinced ChatGPT he was over 100 years old and lived in the Matrix. OpenAI dismissed his concerns as a “Model Safety Issue.”

Determined to showcase the risk, Rehberger escalated his efforts, creating a proof-of-concept hack. He demonstrated that not only could ChatGPT store false memories, but it could also be instructed to send data to an outside server. This caught OpenAI’s attention, prompting them to patch the exfiltration issue. However, the core memory vulnerability remains unfixed.

Rehberger expressed his concerns, stating, “A website or untrusted document can still invoke the memory tool to store arbitrary memories.” Despite the fix preventing data leaks, the potential for false memories to persist raises significant security questions.

OpenAI’s response to this ongoing issue remains uncertain. While the patch mitigates data theft, the AI’s susceptibility to memory manipulation continues to pose risks, leaving experts, including Rehberger, wondering why this problem persists.

Read:https://futurism.com/the-byte/insert-false-memory-chatgpt

Elsewhere Online:

Hacked Execs, Made Millions: UK Man Charged for Insider Trading
Read: https://arstechnica.com/security/2024/10/crook-made-millions-by-breaking-into-execs-office365-inboxes-feds-say/

Data Leak at Maui Clinic Impacts 123,000 Individuals
Read: https://therecord.media/community-clinic-maui-data-breach

US, UK, Australia Sanction Evil Corp, Indict Member for Ransomware
Read: https://www.bleepingcomputer.com/news/security/evil-corp-hit-with-new-sanctions-bitpaymer-ransomware-charges

Cryptocurrency Wallets at Risk: New PyPI Malware Steals Private Keys
Read: https://hackread.com/pypi-malware-crypto-wallet-tools-steal-private-keys/

Iranian Hackers Target US Officials in New Campaign
Read: https://www.infosecurity-magazine.com/news/uk-us-warn-iranian-spearphishing/