News for September 21, 2022

Spellcheck Password Transmission
by Artie Kaye

Microsoft Edge and Google Chrome have advanced spell check features that can be used.  Chrome’s is a toggle in the settings, and Edge is an addon one can install.  These functions communicate the data you type in to servers at the respective companies to aid in spell checking.  

Cybersecurity firm otto-js discovered that this data includes fields such as username and passwords.  Their testing of popular websites across many industries found that 93% of them sent username data, and 73% sent password when “show password” was active.  To mitigate data being sent this way, the instructions are below.

Chrome:  Use this link and turn off enhanced spell check.  chrome://settings/?search=Enhanced+Spell+Check

Edge:  Disable or uninstall Microsoft Editor: Spelling & Grammar Checker.

This will prevent this particular bug from transmitting your username, email address, or password from login fields to Google or Microsoft.

LinkedIn Smart Link Abused by Hackers
by Artie Kaye

A phishing campaign was discovered in Slovakia using the Smart Link feature in LinkedIn’s premium accounts.  The function is designed to send multiple links or documents to a user for legitimate purposes through the platform.  Malicious actors have leveraged this utility to funnel people towards a portal impersonating the government mail service.  This is where they harvest payment data, asking for a package pickup fee.  LinkedIn has stated they are looking into this issue.

This is another reminder that attacks are evolving.  Phishing remains one of the most popular methods of scamming users, because it is successful.  Legitimate looking links in email from trusted domains are not as trustworthy as they once were.  Always double check the validity of emails sent to you.  If an email asks you to login, be wary.  If you’re prompted for financial information at any point, be wary.  Keep your information safe.

Ransomware Builder Released Online
by Artie Kaye

The builder for the next release of Lockbit ransomware was uploaded to Github.  There are claims of the ransomware group being hacked, and claims of internal strife.  This can be seen as a double edged sword, as other bad actors can use the software to run ransomware campaigns, and it can allow information security professionals to analyze the way it works.  One good takeaway is that it hurts one of the bigger ransomware groups active right now.