Welcome to Gone Phishing, your daily cybersecurity newsletter that doesn’t want a White riot, I wanna riot, White riot, A riot of our own 💀💀💀 #UKriots 😭😭😭 

Patch of the Week! 🩹

First thing’s first, folks. Our weekly segment goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it… 😳 

Congrats to Windows, the cybercriminals are no match… for your patch! 🩹

Check out this freshly hatched patch 🐣

Close that bloody Window 👀🙈😂

🚨 Windows Downgrade Attack Vulnerabilities Exposed 🔓

Microsoft is urgently working on security updates to address two critical vulnerabilities that could allow downgrade attacks on Windows systems. These flaws, CVE-2024-38202 (CVSS 7.3) and CVE-2024-21302 (CVSS 6.7), were discovered by SafeBreach Labs' Alon Leviev and presented at Black Hat USA 2024 and DEF CON 32​.

⚠️ Windows Update Stack at Risk ⚠️

CVE-2024-38202 could enable attackers with basic user privileges to bypass security features like Virtualization Based Security (VBS) by tricking administrators into performing a system restore, potentially reintroducing previously mitigated vulnerabilities.

FYI, this is a warning to be wary of attacks and get updating as soon as possible. Little premature for the prestigious title of Patch of the Week, but it was slim pickings and we have faith in our brothers in cyber-arms at Microsoft (despite recent events 👀🙈😂).

Now, on to this week’s hottest cybersecurity news stories: 

• 💾 Dial-up! 18 year old browser flaw is affecting MacOS and Linux devices 💻

• 🎣 Phishing scam uses Google Drawings and WhatsApp shortened links 🔗

• 🤵🏻 Write you a cheque? BlackSuit ransomware demands $500M, FBI warns 💰

This browser flaw is so old it can legally drink 🍺👀😁

🚨🌐 "0.0.0.0 Day" Puts Your Browser at Risk! 🌐

A dangerous new vulnerability, "0.0.0.0 Day," has been discovered in all major web browsers. This flaw could let hackers use malicious websites to break into local networks and access sensitive info. 🕵️‍♂️💻

🔍 What's the Danger?

The problem comes from how browsers handle certain network requests, especially with the IP address 0.0.0.0. Hackers can use this to sneak into local services, leading to possible remote code execution. 😨🚫

💻 Who’s Affected?

This impacts Google Chrome, Mozilla Firefox, and Apple Safari on macOS and Linux. Windows users are safe for now, thanks to a block on this IP address. 🛡️✨

🚨 How Hackers Exploit It

By using public websites with domains like ".com," attackers can communicate with services on your local network via 0.0.0.0, bypassing important security measures like Private Network Access (PNA). 🌐🔓

🛠️ What's Being Done?

Web browsers are expected to block 0.0.0.0 access entirely by April 2024, preventing public websites from abusing this flaw. 🛠️🚫

🛡️ Stay Safe!

This vulnerability shows the need for better security across all browsers. Be cautious online until the fix is in place! 🌐👀

These daily stock trade alerts shouldn’t be free!

The stock market can be a rewarding opportunity to grow your wealth, but who has the time??

Full time jobs, kids, other commitments…with a packed schedule, nearly 150,000 people turn to Bullseye Trades to get free trade alerts sent directly to their phone.

World renowned trader, Jeff Bishop, dials in on his top trades, detailing his thoughts and game plan.

Instantly sent directly to your phone and email. Your access is just a click away!

Subscribe for Free

WhatsApp with Google Drawings? 💀

🚨🎣 Sneaky Phishing Scam Uses Google and WhatsApp! 🌐📲

Cybersecurity experts have uncovered a crafty phishing campaign that uses Google Drawings and WhatsApp links to trick users and steal sensitive information. 😱🔒

🔍 How It Works

Hackers start by sending a phishing email that looks like an Amazon account verification link. But instead of leading to Amazon, it directs you to a graphic hosted on Google Drawings. This helps the scam avoid detection by security systems. 🕵️‍♂️✉️

🎨 Why Google Drawings?

Google Drawings lets the attackers hide malicious links in a graphic. Users may not notice these links, especially if they're worried about their Amazon account being compromised. 🖼️🔗

🔗 Shortened Links for Deception

If you click the fake Amazon link, you’re taken to a fake login page. To hide the scam, the hackers use two URL shorteners via WhatsApp and qrco[.]de, making it harder for security tools to spot the fraud. 📉🚫

🚨 What’s at Stake?

This bogus Amazon page is designed to steal your login details, personal info, and credit card numbers. Once they get your data, you're redirected to the real Amazon site, and the phishing page becomes inaccessible from your IP address. 🛑💳

💡 Extra Risks

Researchers also found a flaw in Microsoft 365’s anti-phishing tools, which attackers can exploit to hide security warnings in phishing emails. Microsoft is aware but hasn't fixed it yet. 🖥️❗

🛡️ Stay Vigilant!

Always double-check links, especially in urgent emails. Don’t get phished! 🛡️👀

Nod your head, the BlackSuit’s coming 🎶

🚨🖥️ BlackSuit Ransomware: $500 Million and Rising! 🛑💰

The BlackSuit ransomware strain has demanded a staggering $500 million in ransoms, with one case alone reaching $60 million, according to the latest advisory from CISA and the FBI. 🤑💻

🕵️‍♂️ How BlackSuit Operates

BlackSuit is an evolution of the Royal ransomware, and it’s not playing around. It often starts with phishing emails, then disarms antivirus software and steals sensitive data before locking down systems with encryption. Other common attack methods include exploiting Remote Desktop Protocol (RDP) and vulnerable apps, often with access bought from initial access brokers (IABs). 🛡️🔐

🛠️ Tools of the Trade

BlackSuit actors use legitimate remote management software and tools like SystemBC and GootLoader (which really gets our Goot! 😂) to maintain control over victim networks. They’ve been spotted using SharpShares, SoftPerfect NetWorx, Mimikatz, and PowerTool to dig deep into networks and kill system processes. ⚙️🔧

📞 High-Pressure Tactics

Victims have reported receiving threatening calls and emails from BlackSuit actors, a tactic used to increase the pressure to pay up. Some ransomware gangs even threaten secondary victims or expose embarrassing information to coerce payments. 📱😱

💡 Emerging Threats#

As if BlackSuit wasn’t enough, new ransomware families like Lynx, OceanSpy, and Zola are on the rise. Groups like Hunters International are using advanced malware like SharpRhino to launch attacks, continuing the trend of evolving and increasingly aggressive ransomware threats. 🐾⚔️

🚨 Stay Alert!

Organisations must be vigilant, as ransomware tactics continue to evolve, becoming more aggressive and sophisticated. 🌐🛡️ 

That’s all for this week, folks! Stay safe, cyber squad 🛡️

🗞️ Extra, Extra! Read all about it! 🗞️

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

• 🛡️ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday 📅

• 💵Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for 🆓

• 📈Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future 👾

Let us know what you think.

So long and thanks for reading all the phish!