Aug 09 2024
Welcome toΒ Gone Phishing, your daily cybersecurity newsletter that doesnβt want aΒ White riot, I wanna riot, White riot, A riot of our ownΒ πππ #UKriots πππΒ
Patch of the Week!Β π©Ή
First thingβs first, folks. Our weekly segment goes by many names. Patch of the Week, Tweak of the week. Okay, thatβs itβ¦ π³Β
Congrats to Windows, the cybercriminals are no matchβ¦ for your patch! π©Ή
Check out this freshly hatched patch π£
π¨ Windows Downgrade Attack Vulnerabilities Exposed π
Microsoft is urgently working on security updates to address two critical vulnerabilities that could allow downgrade attacks on Windows systems. These flaws, CVE-2024-38202 (CVSS 7.3) and CVE-2024-21302 (CVSS 6.7), were discovered by SafeBreach Labs' Alon Leviev and presented at Black Hat USA 2024 and DEF CON 32β.
β οΈ Windows Update Stack at Risk β οΈ
CVE-2024-38202 could enable attackers with basic user privileges to bypass security features like Virtualization Based Security (VBS) by tricking administrators into performing a system restore, potentially reintroducing previously mitigated vulnerabilities.
FYI, this is a warning to be wary of attacks and get updating as soon as possible.Β Little premature for the prestigious title of Patch of the Week, but it was slim pickings and we have faith in our brothers in cyber-arms at Microsoft (despite recent events πππ).
Now, on to this weekβs hottest cybersecurity news stories:Β
πΎ Dial-up! 18 year old browser flaw is affecting MacOS and Linux devices π»
π£ Phishing scam uses Google Drawings and WhatsApp shortened links π
π€΅π» Write you a cheque? BlackSuit ransomware demands $500M, FBI warns π°
A dangerous new vulnerability, "0.0.0.0 Day," has been discovered in all major web browsers. This flaw could let hackers use malicious websites to break into local networks and access sensitive info. π΅οΈββοΈπ»
π What's the Danger?
The problem comes from how browsers handle certain network requests, especially with the IP address 0.0.0.0. Hackers can use this to sneak into local services, leading to possible remote code execution. π¨π«
π» Whoβs Affected?
This impacts Google Chrome, Mozilla Firefox, and Apple Safari on macOS and Linux. Windows users are safe for now, thanks to a block on this IP address. π‘οΈβ¨
π¨ How Hackers Exploit It
By using public websites with domains like ".com," attackers can communicate with services on your local network via 0.0.0.0, bypassing important security measures like Private Network Access (PNA). ππ
π οΈ What's Being Done?
Web browsers are expected to block 0.0.0.0 access entirely by April 2024, preventing public websites from abusing this flaw. π οΈπ«
π‘οΈ Stay Safe!
This vulnerability shows the need for better security across all browsers. Be cautious online until the fix is in place! ππ
The stock market can be a rewarding opportunity to grow your wealth, but who has the time??
Full time jobs, kids, other commitmentsβ¦with a packed schedule, nearly 150,000 people turn to Bullseye Trades to get free trade alerts sent directly to their phone.
World renowned trader, Jeff Bishop, dials in on his top trades, detailing his thoughts and game plan.
Instantly sent directly to your phone and email. Your access is just a click away!
Cybersecurity experts have uncovered a crafty phishing campaign that uses Google Drawings and WhatsApp links to trick users and steal sensitive information. π±π
π How It Works
Hackers start by sending a phishing email that looks like an Amazon account verification link. But instead of leading to Amazon, it directs you to a graphic hosted on Google Drawings. This helps the scam avoid detection by security systems. π΅οΈββοΈβοΈ
π¨ Why Google Drawings?
Google Drawings lets the attackers hide malicious links in a graphic. Users may not notice these links, especially if they're worried about their Amazon account being compromised. πΌοΈπ
π Shortened Links for Deception
If you click the fake Amazon link, youβre taken to a fake login page. To hide the scam, the hackers use two URL shorteners via WhatsApp and qrco[.]de, making it harder for security tools to spot the fraud. ππ«
π¨ Whatβs at Stake?
This bogus Amazon page is designed to steal your login details, personal info, and credit card numbers. Once they get your data, you're redirected to the real Amazon site, and the phishing page becomes inaccessible from your IP address. ππ³
π‘ Extra Risks
Researchers also found a flaw in Microsoft 365βs anti-phishing tools, which attackers can exploit to hide security warnings in phishing emails. Microsoft is aware but hasn't fixed it yet. π₯οΈβ
π‘οΈ Stay Vigilant!
Always double-check links, especially in urgent emails. Donβt get phished! π‘οΈπ
The BlackSuit ransomware strain has demanded a staggering $500 million in ransoms, with one case alone reaching $60 million, according to the latest advisory from CISA and the FBI. π€π»
π΅οΈββοΈ How BlackSuit Operates
BlackSuit is an evolution of the Royal ransomware, and itβs not playing around. It often starts with phishing emails, then disarms antivirus software and steals sensitive data before locking down systems with encryption. Other common attack methods include exploiting Remote Desktop Protocol (RDP) and vulnerable apps, often with access bought from initial access brokers (IABs). π‘οΈπ
π οΈ Tools of the Trade
BlackSuit actors use legitimate remote management software and tools like SystemBC and GootLoader (which really gets our Goot! π) to maintain control over victim networks. Theyβve been spotted using SharpShares, SoftPerfect NetWorx, Mimikatz, and PowerTool to dig deep into networks and kill system processes. βοΈπ§
π High-Pressure Tactics
Victims have reported receiving threatening calls and emails from BlackSuit actors, a tactic used to increase the pressure to pay up. Some ransomware gangs even threaten secondary victims or expose embarrassing information to coerce payments. π±π±
π‘ Emerging Threats#
As if BlackSuit wasnβt enough, new ransomware families like Lynx, OceanSpy, and Zola are on the rise. Groups like Hunters International are using advanced malware like SharpRhino to launch attacks, continuing the trend of evolving and increasingly aggressive ransomware threats. πΎβοΈ
π¨ Stay Alert!
Organisations must be vigilant, as ransomware tactics continue to evolve, becoming more aggressive and sophisticated. ππ‘οΈΒ
Thatβs all for this week, folks! Stay safe, cyber squad π‘οΈ
ποΈ Extra, Extra! Read all about it! ποΈ
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
π‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday π
π΅Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for π
πBitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πΎ
Let us know what you think.
So long and thanks for reading all the phish!