Weekly Axis Of Easy #229
Last Week’s Quote was “You cannot escape from a prison if you don’t know you’re in one.”
was by Vernon Howard. A couple of guesses… but no winner for a 3rd week!
This Week’s Quote: “Never do anything against conscience even if the state demands it.”…by???
THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.
The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.
Attention! We are now hiring in two roles, one in Dev and the other in support.
Check out the job descriptions here:
In this issue:
- FBI: Hackers impersonated Amazon to deploy ransomware
- Open-source libraries ‘colors’ and ‘faker’ were corrupted by Dev
- Germany doesn’t rule out closing Telegram – interior minister
- Bitcoin Magazine official channel banned from YouTube
- Teen Hacker claim to have hacked third-party Software for Teslas
- Update: New Apple Update fixes doorLock bug
- 500M Avira Antivirus Users get Avira Crypto software
- New malware “SysJoker” designed to run across Window, Mac and Linux
- Iranian Hackers behind attempt to exploit Log4j vulnerability
- Critical bug in Office fix but Microsoft delays macOS security updates’
FBI: Hackers impersonated Amazon to deploy ransomware
In a recent alert, the Federal Bureau of Investigation (FBI) warned the US defense industry that “FIN7” –a financially motivated cybercriminal group– had been targeting companies with packages containing malicious USB devices to deploy ransomware.
According to the FBI, the threat actors used United States Postal Service (USPS) and United Parcel Service (UPS) to mail the packages containing the contaminated USB device, targeting transportation and insurance industries since August 2021 and defense firms since November 2021.
Operators from the cybercriminal group are said to have been impersonating Amazon and the US Department of Health & Human Services (HHS) to trick the targets into opening the packages and connecting the USB drives to their systems. It isn’t the first time FIN7 uses this method though, two years ago operators impersonated Best Buy and mailed similar packages containing malicious flash drives to hotels and restaurants.
Open-source libraries ‘colors’ and ‘faker’ were corrupted by Dev
‘Colors’ and ‘Faker’ users were left stunned after their applications began displaying gibberish data and breaking when using these libraries. Most assume that the NPM libraries had been compromised, but that wasn’t the case.
Apparently, Marak Squires –the developer behind the two popular packages– had intentionally sabotaged the libraries. Squires intentionally introduced an infinite loop, impacting the applications relying on NPM libraries’ ‘colors’ and ‘faker.’ The gibberish message printed by the apps included the text ‘LIBERTY LIBERTY LIBERTY’ followed by a sequence of non-ASCII characters. The infinite loop is said to keep running indefinitely on the console for those applications that use ‘colors.’
According to the developer, his reason behind this issue is retaliation against the big corporations that benefit and rely on cost-free software but do not give back to the community. Marak’s move attracted mixed responses, with some people praising his actions while others are alarmed by them.
Germany doesn’t rule out closing Telegram – interior minister
On Wednesday, Germany’s interior minister, Nancy Faeser announced that the European country could still shut down Telegram if the app continued to violate German law.
“We cannot rule this out,” she told Die Zeit weekly. “A shutdown would be grave and clearly a last resort. All other options must be exhausted first.“
The messenger service is popular with far right groups and people who oppose pandemic-related restrictions. In her remarks, the minister added that Germany was discussing with its partners how to regulate Telegram.
Bitcoin Magazine official channel banned from YouTube
On Tuesday, Youtube made the surprising move to ban Bitcoin Magazine’s official channel during a live stream about Bitcoin-related news. The popular platform defended its decision saying that “content that encourages illegal activities or encourages users to violate YouTube’s guidelines is not allowed on YouTube.”
Bitcoin Magazine’s channel was back online an hour after the media company filed an appeal but it is still unclear why YouTube chose to take such actions. The livestream was informing viewers about recent Bitcoin-related news, including Cash App integrating the Lightning Network and the latest updates on bitcoin mining in Kazakhstan.
Teen Hacker claim to have hacked third-party Software for Teslas
On Monday, 19-year-old independent security researcher David Colombo claimed to have hacked two dozen Tesla vehicles worldwide and was able to remotely run commands to control the cars. In his tweets, Colombo said that he had discovered a software flaw that allowed him to “disable Sentry Mode, open the doors/windows and even start Keyless Driving.”
Apparently, Colombo had “full remote control of over 20 Teslas in 10 countries and there seems to be no way to find the owners and report it to them.” No further details about the software vulnerability were revealed but the teenager said he was preparing to release a report on the issue.
Since then, Colombo has stated that Tesla’s Security team was investigating the vulnerability and would get back to him with updates as soon as they had it.
Update: New Apple Update fixes doorLock bug
500M Avira Antivirus Users get Avira Crypto software
New malware “SysJoker” designed to run across Window, Mac and Linux
Iranian Hackers behind attempt to exploit Log4j vulnerability
Critical bug in Office fix but Microsoft delays macOS security updates https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-critical-office-bug-delays-macos-security-updates/?&web_view=true
Previously on #AxisOfEasy
If you missed the previous issues, they can be read online here:
- January 10th, 2022: NY AG Notifies Threat Actors Stole 1.1 Million Customer Accounts From 17 Well-Known Firms
- January 3rd, 2022: LastPass VP Claims No Passwords Were Compromised In The Recent Breach Scare
- December 29th,2021:During Lockdowns, Canadian Officials Tracked 33 Million Mobile Phones
- December 20th, 2021: Threat Actors Exploit The Second Log4j Vulnerability As A Third Flaw Is Discovered
- December 13th, 2021: CIA Director’s Statement About Cryptocurrency Sparks Media Frenzy