EA Origin patched flaw that put accounts at risk
Cybersecurity researchers identified a “chain of vulnerabilities” that could put user accounts of the Electronic Arts Origin platform at risk, and the gaming company was quick to generate a fix for the flaw, reported ZDNet. Tens of millions of gamers have Origin accounts with which they access popular games such as Apex Legends, Battlefield, FIFA, Madden, and more. It’s unknown if bad actors made any use of the flaw before it was patched, but possible exploits included hijacking a player’s session and accessing their account. Using the player’s payment information, bad actors could have fraudulently purchased in-game items and currency.
Experts discovered the problem when they found a gap in the Origin platform’s cloud environment. They saw that it was possible to insert a subdomain in that gap. Through various tactics, including a phishing attack, they could then redirect users to the subdomain and gain direct access to accounts. Electronic Arts Senior Director Adrian Stone commented that as soon as the company was alerted to the vulnerability, “we engaged our product security response process to remediate the reported issues.”
This week’s stat
73 percent of federal agencies are unable to tell when large amounts of data are removed from their networks, according to a new audit released by the U.S. Senate.
‘Free Bitcoin’ scams running on YouTube
A series of videos currently running on YouTube claim to be hack scripts, giveaways, and games that give out free Bitcoins, but they are really scams to trick users into downloading the njRAT password stealer, reported Bleeping Computer. The malware is a remote-access Trojan, which means that once it infects a user’s machine, it communicates with a command-and-control server that may instruct it to steal passwords, log keystrokes, and retrieve other information.
The broken phrase “FREEBITCO IN” appears in the scam videos’ titles or descriptions. A bitlink in each video’s description takes users to a landing page that prompts them to download a script purported to generate free Bitcoins. Instead of making the users rich, the script actually infects the machine with njRAT.
This week’s quote
“Mostly, I want to focus on being a dad.” – Avast CEO Vince Steckler, who is retiring after a decade in which he took the company from 40 employees to more than 1,500.
Florida ransomware payments continue
Just a week after the small Florida city of Riviera Beach paid ransomware attackers $600,000 to retrieve their data, another small Florida community has been hit by ransomware and has decided to pay the attackers half a million dollars. The Gainesville Sun reported that Lake City – population just over 12,000 – found its municipal servers locked up with ransomware on June 10. A few days later, the ransom note arrived, demanding 42 bitcoins ($490,000). Lake City leaders made the decision to pay the ransom, and in return they received a decryption key. The key restored some email servers, but not all. It did not unlock everything, and authorities are investigating the case. The ransom money is reportedly covered by insurance.
“The only reason ransomware exists is because victims pay,” said Avast Evangelist Luis Corrons. “That money would be much better spent enforcing the computers’ security and finding out how the attack happened in the first place. Otherwise, sooner rather than later, it will happen again.”
FIDO Alliance launches 2 new missions
The FIDO Alliance, the industry association focused on password-related security, has announced two new initiatives that could improve security that touches consumers every day.
The projects are the Identity Verification and Binding Working Group (IDWG) and the IoT Technical Working Group (IoTTWG). The mission of the IDWG is “to strengthen identity verification assurance to support better and more secure account recovery,” according to the FIDO website. The IDWG will focus on the development of passwordless verification such as “biometric ‘selfie’ matching and government-issued identity document authentication.”
This week’s ‘must-read’ on The Avast Blog
A U.S. Senate subcommittee has released a new bipartisan report that documents the glaring failures of eight federal agencies to address major cybersecurity vulnerabilities. Read the top 10 fails.
Learn more about products that protect your digital life at avast.com. And get all the latest news on today’s cyberthreats and how to beat them at blog.avast.com. Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.