Evilginx bypasses multi-factor authorization (MFA): Cyber Security Today for Wednesday, September 25, 2024

Share post:

A new cybersecurity tool to bypass Multi Factor Authentication, Kaspersky leaves the North American market with a surprise software installation that panics some customers, security firm ESET patches some flaws in its software, and the FTC issues scathing report on the data that big tech collects on all of us.

Welcome to Cyber Security Today. I’m your host Jim Love. 

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool, called Evilginx, is being used to bypass multi-factor authentication (MFA) in attacks targeting major email providers like Gmail, Outlook, and Yahoo.

Evilginx operates as a man-in-the-middle proxy, intercepting and manipulating traffic between users and legitimate websites. This allows attackers to steal login credentials, session cookies, and other sensitive information, even when MFA is in place.

The tool is typically used in attacker-in-the-middle (AiTM) phishing campaigns. In these attacks, cybercriminals set up fake websites mirroring legitimate ones. When users enter their login information and MFA token, Evilginx captures this data and forwards it to the real site in real-time.

What makes Evilginx particularly dangerous is its ability to capture session cookies. These cookies validate a user’s session after MFA is completed, allowing attackers to bypass the extra security step entirely.

The open-source nature of Evilginx has contributed to its popularity among cybercriminals. Some are even offering it as a service to others who lack the technical skills to configure it themselves.

One notable user of Evilginx is the Star Blizzard APT group, linked to Russia’s Federal Security Service. They’ve employed the tool in spear-phishing campaigns targeting high-profile individuals and organizations.

Cybersecurity experts warn that traditional defences, including basic MFA, may no longer be sufficient against these sophisticated phishing threat. Not surprisingly, Abnormal Securities post recommends their AI-powered solutions that can detect and block these attacks before they reach users’ inboxes. Whether that’s the ultimate solution, it is clear that this threat does present a dangerous workaround to MFA, something that many of us have come to rely on as a gold standard for online security. 

Source: Abnormal Security blog post, September 19, 2024

Cybercriminals Use Evilginx to Bypass MFA: Gmail, Outlook,… | Abnormal (abnormalsecurity.com)

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers’ computers, replacing it with UltraAV without prior notification. This action follows the U.S. government’s decision to add Kaspersky to its Entity List and ban sales of its software from September 29, 2024.

The switch, executed through an automatic software update, caught many users off guard. Some initially feared a malware infection, while others reported difficulties removing the new software. One user described the experience: “I woke up and saw this new antivirus system on my desktop and Kaspersky was gone. I was concerned that my desktop somehow had a virus.”

UltraAV, the replacement software, is owned by Pango Group, which controls multiple VPN brands. Little is known about UltraAV’s capabilities or track record in the cybersecurity market.

Kaspersky maintains this move ensures “continued protection” for U.S. customers. A company employee explained: “This update ensured that users would not experience a gap in protection upon Kaspersky’s exit from the market.”

If it was to have been a sign that Kaspesky cared about its customers and wanted them protected, it seems to have failed, and left them with a clumsy exist from the market. If it was a purchase of Kasperskies business, which frankly seems more likely, it apparently didn’t leave a great first impression. 

We have no idea who they are or what capabilities UltraAV has, and we presume that the same holds true for most of those who got the new software. It’s baffling that they would think that this most trusted relationship could be handled in this way. 

Sources include: BleepingComputer

Security software provider ESET has patched two local privilege escalation vulnerabilities affecting its security products on Windows and macOS. These flaws could potentially allow attackers to gain unauthorized system access.

ESET, Europe’s largest privately held cybersecurity company, operates in over 200 countries world wide, with a growing presence in North America. ESET’s flagship product is ESET NOD32 Antivirus, which was first released for Windows in 1998.

The first vulnerability, CVE-2024-7400, impacts ESET’s Windows products. It could enable an attacker to delete files without proper permissions during the removal of a detected file. ESET states, “The vulnerability potentially allowed an attacker with an ability to execute low-privileged code on the target system to delete arbitrary files, thus escalating their privileges.”

ESET addressed this issue in Cleaner module 1251, which was automatically distributed to customers. The flaw affects multiple ESET products, including NOD32 Antivirus, Internet Security, and Endpoint Security for Windows.

The second vulnerability, CVE-2024-6654, affects ESET’s macOS products. It could allow a logged user to perform a denial-of-service attack, potentially disabling the ESET security product and causing system slowdowns. This issue has been fixed in Cyber Security version 7.5.74.0 and Endpoint Security for macOS version 8.0.7200.0.

IT professionals should ensure all ESET products are updated to the latest versions to mitigate these vulnerabilities. ESET reports no known public exploits for either flaw at this time.

Sources include: ESET security advisories

Staggering surveillance by major tech companies.

A new FTC report called a “Look Behind the Screens”  reveals what it calls  “simply staggering” surveillance practices by major tech companies. The study examined nine leading social media and video streaming services: Amazon’s Twitch, Meta’s Facebook and Instagram, YouTube, X (formerly Twitter), Snapchat, TikTok, Discord, Reddit, and WhatsApp.=

A Look Behind the Screens: Examining the Data Practices of Social Media and Video Streaming Services | Federal Trade Commission (ftc.gov)

Companies collect extensive personal data, far more than most people think possible, including browsing history, location, and even religious beliefs  Their collection is often hidden with many use hidden pixels to track users across other websites

– Some firms couldn’t identify all collected data points or third-party data sharing

– Algorithms and AI are widely applied to user information with little oversight

The FTC strongly criticizes these practices, stating:

“Predicting, shaping, and monetizing human behavior through commercial surveillance is extremely profitable.”

The report highlights inadequate protections for children and teens, noting that many aren’t covered by existing regulations like COPPA.

FTC Chair Lina Khan emphasizes the urgency, saying:

“Our privacy cannot be the price we pay to accomplish ordinary basic daily activities.”

IT professionals should prepare for potential new legislation on data transparency and youth protection, as the FTC concludes self-regulation is insufficient.

Sources include: Malwarebytes Labs, FTC report “A Look Behind the Scenes: Examining the Data Practices of Social Media and Video Streaming Services”

That’s our show for today.

Links to the FTC study and other details can be found with the show notes at technewsday.com 

I’m your host, Jim Love. Thanks for listening. 

SUBSCRIBE NOW

Related articles

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Can Canada Get Its Mojo Back? Interview with Senator Colin Deacon

In this weekend edition of Hashtag Trending, host Jim Love delves into the challenges Canada faces as it...

Deep Seek AI Revolution: Project Synapse on Hashtag Trending for January 25, 2025

Discover how DeepSeek's groundbreaking open-source AI model, R1, is revolutionizing the Artificial Intelligence landscape and redefining global tech...

Project Stargate – 500 Billion Dollars In AI Investment. How Real Is It? Hashtag Trending for Friday, January 24, 2025

ChatGPT Outage Follows On Project Stargate Announcement, Broadcom’s VMWare Lock-In Is Still Angering Customers, And Devin, Reported As...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways