Feb 02 2024
Welcome to Gone Phishing, your daily cybersecurity newsletter that wonders whether the hackers will launch their own #TheApprentice on Telegram to discover young talent and mock them relentlessly ????????????
It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!
It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.
Congrats, the cybercriminals are no match… for your patch! ????????????
Check out these freshly hatched patches ????????????
Ivanti suck your blood ???? and patch your flaw ????
???? Attention Ivanti VPN Users: Urgent Security Update! ????
Ivanti’s widely used Connect Secure VPN is under attack, with Chinese state-backed hackers exploiting vulnerabilities since December. Industries globally, including aerospace, banking, and government, are impacted. ????
???? Ivanti just released a crucial patch to address these threats. They recommend a factory reset before applying the patch for enhanced protection. Act swiftly to secure your network against these targeted attacks! ????
Now, on to today’s hottest cybersecurity stories:
???????? Another day, another $100+ crypto hack. XRP this time! ????
???? USA hands Chinese hackers a stern CISA & desist ????
???? Comando Cat crypto-jack attacks target docker APIs ????
Gif by kylebridgett on Giphy
Ripple co-founder Chris Larsen revealed on Wednesday that hackers swiped approximately $112 million worth of XRP from his personal accounts. ???? Quick action was taken to freeze affected addresses, and law enforcement is now involved.
Notably, crypto researcher ZachXBT broke the news just an hour before Larsen’s disclosure. The stolen XRP funds have reportedly been laundered through platforms like Binance and Kraken, prompting ongoing investigations. ????️♂️ Both exchanges confirm awareness and cooperation in the probe.
The hacked wallet’s ownership remains uncertain, labelled as “Ripple (50),” activated by “~FundingWallet1.” Ripple insists its infrastructure is intact, but the incident marks the largest crypto theft in 2024 and the twentieth largest in history. ???????? Calls for transparency and distancing from Ripple emerge as XRP holders seek accountability.
As the crypto community grapples with this significant breach, stay tuned for updates on the investigation and potential security measures. ????????
In a House committee hearing, FBI Director Christopher Wray revealed the disruption of a China-backed hacking operation, Volt Typhoon, targeting US critical infrastructure. Wray emphasised the group’s intent to cause “real-world harm” during a future conflict, posing a significant threat to citizens and communities. ????????
CISA Director Jen Easterly highlighted vulnerabilities in US critical infrastructure, making it easy for hackers to target systems. The China-sponsored group, Volt Typhoon, known for espionage, aims to disrupt US military mobilisation during a Taiwan-related conflict. ????????????
Aligning with Microsoft’s findings, Wray announced a successful December operation against Volt Typhoon’s infrastructure, disrupting a China-controlled botnet comprising compromised US-based routers. ???????? US Attorney General Merrick Garland affirmed the commitment to dismantle cyber threats undermining American security. ????????
CISA urged device manufacturers to enhance router security, emphasising the need to eliminate vulnerabilities. Earlier warnings highlighted the significant risk posed by Chinese-manufactured drones to critical infrastructure and national security. Stay vigilant as the US continues to address cyber threats! ????️????
Get access to the info
Learn AI in 5 minutes a day. We’ll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.
A sophisticated cryptojacking campaign named “Commando Cat” is targeting exposed Docker API endpoints, posing a significant threat since the beginning of 2024. ???????? Researchers at Cado Security uncovered that the attackers use Docker as the initial access vector, deploying interdependent payloads to compromise hosts. ????????️
The Commando Cat campaign deploys a benign container generated by the Commando project, allowing the attacker to escape and run multiple payloads on the Docker host. The attack includes registering persistence, backdooring the host, exfiltrating cloud service provider credentials, and launching a cryptocurrency miner. ????????
The hackers, possibly associated with cryptojacking groups like TeamTNT, use a series of shell scripts to add an SSH key, create a rogue user, and drop additional payloads from a command-and-control (C2) server. The attack concludes with the deployment of an XMRig cryptocurrency miner. ????️♂️????
Commando Cat’s versatility as a credential stealer, stealthy backdoor, and cryptocurrency miner makes it a potent threat, emphasising the need for enhanced security measures against cryptojacking. Stay informed, stay secure! ????????
Enjoy your weekend, true believers!
????️ Extra, Extra! Read all about it! ????️
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.
Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran ‘Wealthy Primate’ might be able to help you climb that tree ???????? with his stick and banana approach ????????
Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)
Let us know what you think.
So long and thanks for reading all the phish!
???? CACTUS ransomware exploits flaws in Qlik Sense ????