Weekly Axis Of Easy #249
Last Week’s Quote was “No man’s life, liberty, or property are safe while the World Economic Forum is meeting at Davos.” … was by Mark Jeftovic and Karen McMillan is our winner!
This Week’s Quote: “Laws are like sausages, it is better not to see them being made.” … by???
THE RULES: No searching up the answer, must be posted to the blog – the place to post the answer is at the bottom of the post, in the comments section.
The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.
- FBI issues Warning About Donations for Ukrainian Charities
- YODA: Malicious WordPress Plugins Installed in Over 24,000 Sites
- Unreasonably Suspicious: The Reason Ottawa Wants to Check Your Phone at The Border
- Home Delivery Scams Are Becoming More Professional-Looking
- The Malware ChromeLoader Attacks Browsers with ISO Files
- Hackers scam City of Portland of $1.4 million using compromised email accounts
- Bosnia and Herzegovina continues to strengthen its security agencies’ capacity to combat cybercrime
- Europol has taken down the FluBot mobile spyware
- FDA issues guidance regarding medical device cybersecurity
- Apple’s new web search engine rumor resurfaces
FBI issues Warning About Donations for Ukrainian Charities
The Federal Bureau of Investigation (FBI) issued a warning about scammers claiming to be collecting donations to help Ukrainian refugees and war victims.
“Criminal actors are taking advantage of the crisis in Ukraine by posing as Ukrainian entities needing humanitarian aid or developing fundraising efforts, including monetary and cryptocurrency donations.”
Unfortunately, the scams slowly escalate with crooks impersonating the Ukrainian Government, the Ukraine Crisis Relief Fund, the Act for Peace, and UNICEF. So, The FBI shares some tips on how to protect yourself.
Verify the information about entities purporting to solicit aid for causes linked to the crisis in Ukraine. Keep in mind that the Ukrainian Government and other private organizations have official donation methods, so the convenient thing to do is to use this channel to make your donations. Be careful not to send money to unknown individuals or organizations asking for financial assistance. Instead, verify charities on the Internal Revenue Service’s website (https://www.irs.gov) to see if the charity is registered.
It is recommended that victims of these scams file a report with the FBI’s Internet Crime Complaint Center at www.ic3.gov.
YODA: Malicious WordPress Plugins Installed in Over 24,000 Sites
As many as 47,337 malicious plugins have been uncovered on 24,931 unique websites… along with a new Tool called YODA.
After an eight-year study conducted by a group of researchers from the Georgia Institute of Technology found that YODA can detect rogue WordPress plugins and track down their origin. The large-scale research entailed analyzing WordPress plugins installed in 410,122 individual web servers dating back to 2012, finding that plugins that cost $834,000 were infected post-deployment by threat actors.
YODA can be integrated into a website or server hosting provider. The framework can identify a plugin’s provenance and ownership and detect hidden and malware-rigged add-ons.
“The number of malicious plugins on websites has steadily increased over the years, and malicious activity peaked in March 2020. Shockingly, 94% of the malicious plugins installed over those eight years are still active today.”
Unreasonably Suspicious: The Reason Ottawa Wants to Check Your Phone at The Border
The Trudeau government is considering allowing a border guard to access the contents of your digital devices. The S-7 bill has raised many questions, mainly because it was introduced in the Senate rather than the Commons. The proposal has also created suspects because it seems to have been made out of thin air.
According to the Canadian Civil Liberties Association, “reasonable general concern” is more of a “sniff test” than a standard and will not safeguard the digital privacy of the millions of immigrants who cross Canada’s border each year.
The bill introduces a new standard: “reasonable general concern,” unlike “reasonable suspicion” or “reasonable grounds to believe,” it sounds made up and probably never existed before. Even more troubling, “reasonable general concern” ignores a 2017 recommendation from the House of Commons standing committee on access to information, privacy, and ethics that the threshold is “reasonable grounds to suspect.”
Digital devices hold all communications and payment information, medical information, images, intimate photographs, and sensitive browser histories. The court ruled that checking this “biographical core of personal information” violates the constitutional right to be secure against unreasonable search or seizure.
In an interview, David Fraser, a privacy lawyer with McInnes Cooper in Halifax, said: “What was at issue, in this case, is that we are now walking around with devices in our pockets that have a huge amount of sensitive personal information. So the question is: under what circumstances can a government agent go trolling through it without a warrant?“
Home Delivery Scams Are Becoming More Professional-Looking
The scammers falsely apologize to you for not delivering your latest package: this home delivery scam has been around for years. Still, during the Covid-19 pandemic and the rise of these delivery services, these scams have become steadily more professional-looking.
On this occasion, the scammers were targeting a UK-based delivery company called Evri, which was recently rebranded from the German company “Hermes,” meaning that UK customers may still be getting used to the new website design the new domain name. “Officially, the company’s web presence is at evri.com, so these crooks have grabbed a domain of the form evri-xxxxxxx.com to make things seem believable.” When this article was written, the server was hosted by a company based in Moscow, Russia.
The URL used in the scam gave Naked Security HTTP 404 errors (page not found) when accessed through a standard browser, but when accessed via a mobile browser – something you would do if the link was directly sent to your mobile phone – the site sprang to life. The threat actors have inserted a realistic Evri logo, and the front page looks authentic. They even have the text “The new Hermes” to “remind” visitors about the brand’s change; there are no obvious visual or spelling errors to warn you off except the “redelivery charge” that the scammers use to ask clients for payment information.
Clients must carefully check all URLs. Learn what server names to expect from their vendors, and make sure you use those; you’ll never be taken by surprise by fake links as long as you never use in-message links! Saving a few seconds using these quick-to-click links can become a hefty price to pay if you fall into one of these scams.
The Malware ChromeLoader Attacks Browsers with ISO Files
The malware known as ChromeLoader is becoming more sophisticated, is spreading rapidly, and becoming a significant threat to business users. This hijacker uses PowerShell to inject itself into the browser: PowerShell is an automation and configuration management framework.
Talon Cyber Security’s CTO and co-founder, Ohad Bobrov, tells Dark Reading: “The browser is the front door to the Internet, and therefore the user’s first line of defense, when they access Software as a Service (SaaS) applications […] Attackers have identified the browser as an opportunity to steal remote information from SaaS.“
The malware uses malicious optimal disc images (ISO) files, which are commonly found in pirated software and games. Advisors from MalwarebytesLabs and Red Canary say that ChromeLoader is extremely fierce because it combines the abuse of PowerShell and the use of ISO files. Bobrov says it is essential to trust the data you download and where you download it to prevent exposure to malicious ISO files.
“Do not launch ISO files that are not from trusted sources, and never run files inside ISO without verifying their safety,” he advises.
Hackers scam City of Portland of $1.4 million using compromised email accounts
Bosnia and Herzegovina continues to strengthen its security agencies’ capacity to combat cybercrime
Europol has taken down the FluBot mobile spyware
FDA issues guidance regarding medical device cybersecurity
Apple’s new web search engine rumor resurfaces
Previously on #AxisOfEasy
If you missed the previous issues, they can be read online here:
- May 30th, 2022: A Crypto Hack Is More Than A Niche Issue; It Impacts Society As A Whole
- May 23rd, 2022: Cybergang Threatens To Topple Costa Rica’s Government With A Ransomware Attack
- May 16th, 2022: DEA Law Enforcement Data Breach Under Investigation
- May 9th, 2022: Citizens Should Be Told Government Tracks Their Movements, Says Canada’s Ethics Committee
- May 2nd, 2022: Goldbackdoor Malware Is Used Against Journalists By Nation-State Hackers