πŸ•΅οΈπŸ“² Espionage: What came first, the Dragon πŸ‰ or the Egg? πŸ₯šπŸ˜‚

Oct 06 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s celebrating the first Friday of #CybersecurityAwarenessMonth by… updating our virus definitions and running a full scans on all our machines πŸ€“ And so should you! Party on, Wayne 🀘 Party on, Garth πŸŽ‰πŸ˜ŽπŸ˜‚

It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!

It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.

Congrats, the cybercriminals are no match… for your patch! 🩹🩹🩹

Check out these freshly hatched patches!! 🐣🐣🐣

Paranoid Android πŸ€–

Google has released security updates for Android in October 2023, fixing 51 vulnerabilities, including two zero-day flaws that were actively exploited.

One issue, CVE-2023-4863, was exploited to deliver spyware to iPhones and was reported by Apple and the Citizen Lab group.

The second flaw, CVE-2023-4211, could allow unauthorised access to memory and may also be related to spyware attacks. Users are advised to update their devices to the 2023-10-06 security patch level to stay protected. πŸ“±πŸ›‘οΈ

Quality Commtrol 😬

Qualcomm’s recent security updates address 17 vulnerabilities, with three zero-days actively targeted πŸ›‘οΈ. While 13 issues are rated High and one is Medium, three Critical flaws were also patched 🚨. Users are urged to promptly apply updates from their device manufacturers for protection. πŸ“±πŸ’»

At long lassian! 😏

Atlassian has released critical fixes for a zero-day flaw (CVE-2023-22515) in Confluence, allowing remote attackers to create unauthorised admin accounts. The issue affects certain versions, and Atlassian suggests updating to secure versions promptly 🚨. Customers are urged to update or implement mitigations, as this vulnerability has been targeted in the past πŸ“’.

How do you like them Apples? πŸ‘€

πŸ” Apple has swiftly patched a zero-day flaw (CVE-2023-42824) in iOS and iPadOS that was actively exploited, allowing local attackers to elevate their privileges. The update, iOS 17.0.3 and iPadOS 17.0.3, is available for various devices πŸ“±πŸš€. To stay safe, users are advised to enable Lockdown Mode to reduce exposure to spyware exploits πŸ›‘οΈπŸ“²Β 

Busy week eh!!!

Now, on to today’s hottest cybersecurity stories:

-πŸ‰ DragonEgg Android spyware linked to LightSpy iOS β€˜surveillanceware’ πŸ•΅οΈ

-🐰 Looney Tunables: New Linux bugs (Bunny?) enable privilege escalationπŸ₯•

-πŸ§ˆβ›οΈ GoldDigger Android trojan targets banking apps in Asia Pacifically 🌊

Game of Phones πŸ‰πŸ₯šπŸ“±

πŸ•΅οΈπŸ“² Espionage: What came first, the Dragon πŸ‰ or the Egg? πŸ₯šπŸ˜‚

πŸ” New connections have been discovered between Android spyware DragonEgg and iOS surveillanceware LightSpy, shedding light on their shared attributes and tactics.

πŸ•΅οΈ DragonEgg, associated with the Chinese nation-state group APT41, collects sensitive data from Android devices. LightSpy, on the other hand, was previously used in targeted surveillance campaigns against Apple iPhone users.

πŸ“² Both spyware strains employ a trojanized Telegram app to deliver payloads, with LightSpy’s core module (DragonEgg) acting as an orchestrator. It manages device fingerprinting, server communication, and plugin updates.

🌐 LightSpy’s command-and-control infrastructure spans various countries, including China, Hong Kong, Taiwan, Singapore, and Russia. Intriguingly, 13 unique Chinese phone numbers were linked to the servers, raising questions about their significance.

πŸ‘₯ The links between DragonEgg and LightSpy are based on shared configuration patterns, runtime structures, plugins, and communication formats.

🀯 ThreatFabric, the Dutch mobile security firm, noted that the initial distribution method of LightSpy through a popular messenger was a clever strategy, as it inherited the app’s access permissions, including camera and storage access.

πŸ›‘οΈ This revelation underscores the sophistication of spyware tactics, emphasising the importance of mobile security and vigilance against evolving threats. Stay safe, cyber squad!

 

Clean your Mac or PC

 

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That’s where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it’s the perfect solution for keeping your Mac or PC safe and secure.

That’s mal, folks! πŸ˜‚

πŸ§πŸ”’ “Looney Tunables” Linux Vulnerability Threatens Root Privileges πŸŒπŸ”‘

πŸ§πŸ”’ A new Linux security vulnerability, named “Looney Tunables” (CVE-2023-4911), has emerged in the GNU C library’s dynamic loader, potentially allowing local privilege escalation to root level. Cybersecurity firm Qualys revealed this buffer overflow issue, introduced in an April 2021 code commit.

β€œDon’t be glibc, Matt” πŸ™ˆ

πŸ“š The GNU C library, or glibc, is a critical component in Linux systems, providing essential functions for various operations. The dynamic loader plays a pivotal role in running programs, managing shared object dependencies, and linking them at runtime.

Don’t caught out by a headshot from Linux Lewis πŸ₯ŠπŸ˜΅β€πŸ’«

🌍 Affected Linux distributions include Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13. Other distributions may also be at risk, except for Alpine Linux, which uses musl libc.

πŸ›‘οΈ Saeed Abbasi, Qualys Threat Research Unit’s product manager, warned that this vulnerability poses substantial risks to Linux systems, as it affects performance, reliability, and security. The flaw allows local attackers to execute code with elevated privileges when launching binaries with SUID permission.

🚧 Red Hat issued an advisory offering a temporary mitigation that terminates setuid programs invoked with GLIBC_TUNABLES in the environment, providing a stopgap solution to the problem.

πŸ” “Looney Tunables” joins a growing list of privilege escalation flaws in Linux, highlighting the ongoing importance of monitoring and patching Linux systems for security.

🎣 Catch of the Day!! 🌊🐟🦞

Our new segment where we pick out some cool sites we like, reply to the mail and let us know what you think.

πŸƒΒ The Motley Fool: β€œFool me once, shame on β€” shame on you. Fool me β€” you can’t get fooled again.” Good ol’ George Dubya πŸ˜‚ Let us tell who’s not fooling around though; that’s the CrΓΌe πŸ‘€ at Motley Fool. You’d be a fool (alright, enough already! πŸ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! πŸ› Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets πŸ€‘Β (LINK)


🚡 Wander: Find your happy place. Cue Happy Gilmore flashback πŸŒοΈβ›³πŸŒˆπŸ•ŠοΈ Mmmm Happy Place… πŸ˜‡ So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)


🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts βšΎπŸ‘»πŸΏ (Great movie, to be fair πŸ™ˆ). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty πŸ˜‘). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho πŸ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

Now, I ain’t saying she a GoldDigger… πŸŽΆπŸ‘€πŸ™ˆ

 

giphy.com

 

🚨 New Android Banking Trojan “GoldDigger” Targets Finance Apps πŸ“²πŸ’°

πŸ“’ A new Android banking trojan called GoldDigger has emerged, targeting over 50 financial apps in Vietnam and potentially expanding its reach to the wider APAC region and Spanish-speaking countries, according to cybersecurity firm Group-IB.

πŸ“± The trojan, first detected in August 2023 but believed to be active since June, disguises itself as a Vietnamese government portal and an energy company to gain intrusive permissions, mainly exploiting Android’s accessibility services. This allows it to interact with targeted apps, steal banking credentials, intercept SMS messages, access user actions, view account balances, capture 2FA codes, log keystrokes, and enable remote device access.

🌐 GoldDigger’s attack chains rely on fake websites mimicking Google Play Store pages and Vietnamese corporate sites, potentially spread through phishing tactics. However, the success of the campaign depends on enabling the “Install from Unknown Sources” option to install apps outside the official storefront.

πŸ”’ What sets GoldDigger apart is its use of the advanced protection mechanism Virbox Protector, making it challenging to detect and analyse, further adding to the growing list of Android banking trojans circulating in the wild.

Users are advised to exercise caution and avoid granting excessive permissions to apps πŸ›‘οΈπŸ‘€πŸ‘

πŸ—žοΈ Extra, Extra! Read all about it! πŸ—žοΈ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • πŸ’ŠΒ HealthHack:Β Tech is making it easier than ever to reach your fitness goals, from wearable devices to nutrition apps. This newsletter keeps you in the know.

  • β‚Ώ Crypto Nutshell: A well written and beautifully designed newsletter giving you the lowdown on crypto and web3, highly recommend if interested to get up to date info on the crypto/web3 market.

  • 🧠 Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles