This is your easyDNS #AxisOfEasy Briefing for the week of December 9th, 2024 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey and Len the Lengend click here.

In this issue: 

• Hackers Exploit Job Seekers with Advanced Banking Trojan
• US Shuts Down $100M Censorship Program Amid Legal Battles
• Massive AWS Credential Theft Exposes Cybersecurity Weaknesses
• New AI Security Flaws Expose Critical LLM Vulnerabilities
• Canada’s TikTok Crackdown: National Security Fears Collide with Election Integrity Efforts
• The Your Life! Your Terms! Show Video:  Will Canada See Central Bank Digital Currencies Soon? with Mark Jeftovic

Elsewhere Online:

• Russian Hackers Exploit Criminal Botnet to Attack Ukraine
• Multiple Critical Vulnerabilities Found and Patched in Ivanti Software
• ZLoader Malware Resurfaces with Advanced DNS Tunneling
• Krispy Kreme Cyberattack Impacts US Online Ordering
• Microsoft Azure MFA Vulnerability Exposes Millions of Accounts
  
  

Hackers Exploit Job Seekers with Advanced Banking Trojan

Cybercriminals are targeting job seekers using the AppLite Trojan, a dangerous Android malware. Delivered through fake job offer emails, it mimics HR teams from well-known companies, tricking victims into downloading malicious apps.

AppLite can steal banking credentials, intercept two-factor authentication codes, and access sensitive data, including cryptocurrency wallets. Researcher Vishnu Pratapagiri warns, “This campaign exploits the trust of job seekers through convincing phishing tactics.”

The malware uses advanced evasion methods, like obfuscation and behavior changes, to bypass detection. It also leverages command-and-control updates to adapt its attacks.

Victims are urged to avoid suspicious emails, download apps only from trusted sources, and update devices regularly. Enabling strong passwords and two-factor authentication is critical to staying safe.

Zimperium’s zLabs unveiled this threat, underscoring the growing need for heightened mobile security measures amid rising phishing attacks targeting vulnerable individuals. Stay vigilant to protect your data.

Read: https://hackread.com/hackers-job-seekers-banking-trojan-fake-job-emails/

US Shuts Down $100M Censorship Program Amid Legal Battles

The State Department plans to close its $100 million Global Engagement Center (GEC), linked to controversial “disinformation” tracking. This move follows a lawsuit by Texas Attorney General Ken Paxton and conservative media over alleged censorship and ad revenue targeting.

The GEC faced criticism after Elon Musk called it the “worst offender” for censorship, revealed in the Twitter Files. It funded groups creating blacklists to suppress accounts, sparking bipartisan concerns.

Democrats argued the GEC was vital for combating foreign propaganda. Despite this, its funding will be reallocated, leaving its lawsuit and future impact uncertain.

Read: https://www.zerohedge.com/political/state-department-scrambles-scuttle-100m-censorship-network-trump-takes-office#google_vignette

Massive AWS Credential Theft Exposes Cybersecurity Weaknesses

Cybercriminal gangs Nemesis and ShinyHunters exploited cloud vulnerabilities to steal AWS credentials and sensitive data from thousands of organizations. Using tools like Shodan, they scanned millions of IP addresses, targeting flaws in customer applications.

Researchers Noam Rotem and Ran Locar uncovered the operation when attackers left 2TB of stolen data in an unsecured AWS S3 bucket. The loot included infrastructure credentials, proprietary code, and database access information.

AWS responded swiftly, mitigating the breach and notifying affected customers. “The flaws stemmed from customer-side errors,” AWS clarified.

Experts advise companies to conduct regular web scans, roll passwords, and use firewalls to block malicious activity. Cybersecurity veteran Jim Routh emphasized the need for modern, resilient controls over traditional methods to prevent such breaches.

This incident underscores the importance of strong security practices in cloud environments as cyberattacks grow more sophisticated.

Read: https://www.darkreading.com/endpoint-security/cybercrime-gangs-steal-thousands-aws-credentials

New AI Security Flaws Expose Critical LLM Vulnerabilities

Researchers have disclosed “Flowbreaking,” a new class of attacks against large language models (LLMs) targeting AI/ML system architectures. Unlike Prompt Injection or Jailbreaking, Flowbreaking exploits logical failures between components of LLM-based applications, bypassing guardrails designed to ensure policy compliance. Two attacks exemplify this threat: “Second Thoughts” and “Stop and Roll.”

“Second Thoughts” affects Microsoft 365 Copilot and ChatGPT by triggering premature responses later retracted by moderation systems. This vulnerability stems from real-time answer streaming, where moderation lags behind generation due to architectural compromises aimed at reducing latency. Retracted responses remain exposed in HTTP streams, highlighting a key failure in response management.

“Stop and Roll” targets interactive LLM systems by halting response generation mid-stream using the stop button. This interruption disables secondary guardrails, allowing incomplete yet policy-violating answers to remain visible. Researchers successfully demonstrated this using OpenAI’s models, exposing fundamental flaws in streaming-based moderation.

The study links Flowbreaking to systemic vulnerabilities similar to early web application exploits like Cross-Site Scripting (XSS). It urges enterprises to suspend streaming until full moderation checks complete and calls on AI security experts to explore potential exploitation vectors. This work signals the start of deeper penetration testing, expanding AI/ML system security research beyond prompt-level vulnerabilities into core architectural weaknesses.

Read: https://www.knostic.ai/blog/introducing-a-new-class-of-ai-attacks-flowbreaking

Canada’s TikTok Crackdown: National Security Fears Collide with Election Integrity Efforts

TikTok, owned by China’s ByteDance, is fighting Canada’s decision to shut down its business operations while keeping the app accessible. Citing unspecified national security risks, the Canadian government took action in November, a move framed by Foreign Minister Melanie Joly as “a message to China,” though its immediate impact targets TikTok itself. The shutdown complicates TikTok’s ability to work with election regulators and civil groups, according to Steve de Eyre, TikTok Canada’s public policy director.

Previously, TikTok partnered with Elections Canada during the 2021 elections, directing users to verified information on voting. In 2022, it monitored its platform for violent content during the Freedom Convoy protests against Covid mandates. More recently, TikTok acted against foreign interference and hateful content amid clashes between Sikhs and Hindus in Brampton.

De Eyre argues that without a corporate presence in Canada, TikTok risks losing context-sensitive decision-making. This comes as Prime Minister Justin Trudeau’s government intensifies efforts to curb online misinformation, particularly ahead of federal elections. TikTok’s legal challenge underscores broader concerns over state regulation of tech platforms. The platform remains operational, though politically isolated, illustrating the delicate balance between national security claims, corporate survival, and geopolitical messaging in the evolving digital landscape.

Read: https://reclaimthenet.org/canada-tiktok-court-battle-election-misinformation-crackdown


The Your Life! Your Terms! Show Video:  Will Canada See Central Bank Digital Currencies Soon? with Mark Jeftovic

Mark Jeftovic is the publisher of the Bitcoin Capitalist newsletter, operations BombThrower.com and is the founder of one of Canada’s oldest Internet DNS technology companies, EasyDNS.com.

On this episode of The Your Life! Your Terms! Show we catch up with Mark on a variety of topics including getting his latest thoughts on Canada and the possibility of central bank digital currencies.

Elsewhere Online:

Russian Hackers Exploit Criminal Botnet to Attack Ukraine
Read: https://techcrunch.com/2024/12/11/russian-government-spies-targeted-ukraine-using-tools-developed-by-cybercriminals/

Multiple Critical Vulnerabilities Found and Patched in Ivanti Software
Read: https://thehackernews.com/2024/12/zloader-malware-returns-with-dns.html

ZLoader Malware Resurfaces with Advanced DNS Tunneling
Read: https://thehackernews.com/2024/12/zloader-malware-returns-with-dns.html

Krispy Kreme Cyberattack Impacts US Online Ordering
Read: https://hackread.com/krispy-kreme-cyber-attack-disrupted-online-order-us/

Microsoft Azure MFA Vulnerability Exposes Millions of Accounts
Read: https://www.darkreading.com/cyberattacks-data-breaches/researchers-crack-microsoft-azure-mfa-hour