This is your easyDNS #AxisOfEasy Briefing for the week of August 19th 2024 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey Tweets, and Len the Lengend click here.

In this issue: 

• AoE Quick Vid: How To Easily Spot a Credit Card Scam in Your Inbox
• California’s Digital License Plates Spark Privacy Concerns
• Czech Republic Hit by New Mobile Banking Phishing Wave
• Fake Software Ads Lead to Dangerous Malware
• Toyota Data Breach Exposes Customer and Employee Information
• Cloud Security and the Shared Responsibility: How a Misconfigured AWS Load Balancer Could Expose Your Web Application

Elsewhere Online:

• Unicorn Hunters’ Cryptocurrency Faces Security Breach
• Chinese Hackers Exploit MSI Files to Target Windows
• GitHub Issues Patch for High-Severity Security Flaws
• North Korean Hackers Launch MoonPeak Attack
• hreat Actors Employ Advanced Techniques in Taiwan Attack

AoE Quick Vid: How To Easily Spot a Credit Card Scam in Your Inbox

Whether it’s for yourself, or so you can easily explain it to somebody else, here’s a video showing the telltale signs of an email scam purporting to be from your credit card company. (Time: under two minutes).

More: https://axisofeasy.com/aoe/aoe-quick-hits-how-to-easily-spot-a-credit-card-scam-in-your-email/
YT (hit “subscribe”): https://www.youtube.com/watch?v=oeTnSaZ9GVs

California’s Digital License Plates Spark Privacy Concerns

California’s plan to introduce digital license plates has sparked concerns among privacy advocates. The controversy deepened with Bill 3138, sponsored by Democrat Assemblywoman Lori Wilson, which aims to embed GPS tracking into these plates. If passed, the bill would allow real-time tracking of vehicles, raising fears about privacy and government surveillance.

The bill is supported by Reviver, a company that created the first digital license plates platform and currently holds a monopoly in California. However, Reviver’s security record is troubling, as a recent breach allowed hackers to track users in real time.

The Electronic Frontier Foundation (EFF) strongly opposes Bill 3138, warning that it “undoes the deal from 2022” when a similar tracking provision was removed to ease concerns. EFF highlights scenarios where such tracking could harm vulnerable groups, such as those seeking abortion or immigrants targeted by law enforcement.

Despite these warnings, the legislative effort to push forward with GPS-enabled digital plates continues. Privacy advocates remain concerned that this technology could lead to widespread, invasive surveillance, affecting anyone who drives in California.

Read: https://reclaimthenet.org/californias-digital-plates-plan-raises-privacy-fears

Czech Republic Hit by New Mobile Banking Phishing Wave

Cybercriminals have launched a sophisticated phishing attack targeting mobile banking users in the Czech Republic, Hungary, and Georgia. The attackers use Progressive Web Applications (PWAs) to trick victims into installing malicious apps that steal login credentials. PWAs are websites disguised as standalone apps, bypassing security protections.

The attackers distribute phishing links through various channels, including automated voice calls, social media malvertising, and SMS messages. Once a victim clicks on a link, they are redirected to a fake page resembling the official banking app or store. The page prompts users to install a new version of the app, which is actually a malicious program.

After installation, the malicious app appears on the victim’s home screen. When launched, it redirects users to a phishing login page. Victims who enter their credentials are unknowingly sending them to the attackers’ servers. The attackers have used multiple servers and even a Telegram bot to collect stolen information.

This new phishing attack is a serious threat to mobile banking users. It is important to be aware of the risks and to take steps to protect yourself. Do not click on suspicious links, and be wary of unsolicited calls and messages. If you are unsure about the legitimacy of an app, do not install it.

Read: https://www.securityweek.com/new-phishing-technique-bypasses-security-on-ios-and-android-to-steal-bank-credentials/

Fake Software Ads Lead to Dangerous Malware

Cybersecurity experts have discovered a rise in malware infections due to fake software ads, known as malvertising. These ads trick users searching for popular business software into downloading malware through a tool called FakeBat. The Mandiant Managed Defense team highlighted that this malware uses a trojanized MSIX installer to run a harmful script. This script then downloads more dangerous programs onto the user’s system.

The threat, also called EugenLoader or PaykLoader, is linked to a group tracked as UNC4536. They are known for using fake websites that mimic legitimate ones to distribute malware. According to Mandiant, “UNC4536’s modus operandi involves leveraging malvertising to distribute trojanized MSIX installers disguised as popular software like Brave, KeePass, Notion, Steam, and Zoom.”

FakeBat is particularly concerning because it acts as a gateway for other types of malware, including IcedID and Carbanak, which is associated with the FIN7 cybercrime group. Once installed, FakeBat can collect system information and send it back to its command center. In some cases, it even creates a shortcut in the StartUp folder, allowing it to persist on the victim’s device.

Read: https://thehackernews.com/2024/08/cybercriminals-exploit-popular-software.html?&web_view=true

Toyota Data Breach Exposes Customer and Employee Information

Toyota has confirmed a data breach involving around 240GB of stolen information from a third party. The automaker has reached out to those affected but has not disclosed key details, such as when the breach was discovered or how many customers were impacted.

A hacker group known as ZeroSevenGroup is reportedly responsible for the breach. They claim to have obtained sensitive data, including employee and customer information, contracts, and financial records. According to the group, they also gathered network infrastructure details using an open-source tool.

Toyota Motor North America clarified, “Our systems were not breached or compromised. The cited post appears related to a third-party entity that is misrepresented as Toyota.” The company emphasized that the issue is limited in scope and not a system-wide problem.

Toyota has assured the public that they take cybersecurity seriously and are addressing the concerns of those involved. The situation remains under investigation as Toyota works to resolve the matter and prevent future incidents.

Read: https://www.darkreading.com/cyberattacks-data-breaches/toyota-customer-employee-data-leaks-in-confirmed-data-breach

Cloud Security and the Shared Responsibility: How a Misconfigured AWS Load Balancer Could Expose Your Web Application

Amazon Web Services’ Application Load Balancer (ALB) has a potential vulnerability that could allow attackers to bypass access controls and compromise web applications, according to security firm Miggo. The issue arises not from a software bug but from customer implementation missteps, specifically in how AWS users configure authentication with ALB. During real-world research, Miggo identified more than 15,000 web applications that appear vulnerable due to misconfigurations, though AWS disputes this, claiming the true figure is a much smaller fraction of its customer base.

The exploitation method involves an attacker setting up an AWS account and ALB, forging an authentication token, and making it appear as though the target’s authentication service issued it. This allows access to the misconfigured web application. However, AWS contests the feasibility of this attack, insisting it could not be carried out as described.

In response to Miggo’s findings, AWS updated its documentation twice, recommending users add validation steps before ALB signs tokens and restrict application access to traffic solely from their own ALB using security groups. These changes shift responsibility back to customers under AWS’s Shared Responsibility Model, emphasizing that customers must properly configure their systems to maintain security. The broader implication is that cloud security remains a complex, shared responsibility, where even minor implementation errors by customers can create significant vulnerabilities, underlining the importance of meticulous configuration and adherence to best practices in cloud environments.

Read: https://www.wired.com/story/aws-application-load-balancer-implementation-compromise/

Elsewhere Online:

Unicorn Hunters’ Cryptocurrency Faces Security Breach
Read: https://www.infosecurity-magazine.com/news/unicoin-staff-locked-out-gsuite/

Chinese Hackers Exploit MSI Files to Target Windows
Read: https://www.darkreading.com/threat-intelligence/chinese-threat-actors-msi-files-bypass-windows-vt-detection

GitHub Issues Patch for High-Severity Security Flaws
Read: https://www.securityweek.com/critical-authentication-flaw-haunts-github-enterprise-server/

North Korean Hackers Launch MoonPeak Attack
Read: https://thehackernews.com/2024/08/north-korean-hackers-deploy-new.html

Threat Actors Employ Advanced Techniques in Taiwan Attack
Read: https://symantec-enterprise-blogs.security.com/threat-intelligence/taiwan-malware-dns