Jan 26 2024
Welcome to Gone Phishing, your daily cybersecurity newsletter that’s more worried about a Cyber War than another Civil War ???????????????? #USelection
It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!
It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.
Congrats, the cybercriminals are no match… for your patch! ????????????
Check out these freshly hatched patches ????????????
Apple’s iOSOS ????????????
???? Apple Releases Patch for Zero-Day in iPhones, Macs: Update Now! ????
Apple just dropped crucial security updates for iOS, iPadOS, macOS, tvOS, and Safari browser, fixing a sneaky zero-day bug (CVE-2024-23222) in WebKit ????️. This flaw could let bad actors execute random code by tricking you with sketchy web content.
Apple says they've beefed up checks to squash the issue ????️. They're mum on details but warn of potential exploitation. Update now for iPhone, iPad, Mac, Apple TV, and Safari on macOS Ventura and Monterey ????????????. This is Apple's first zero-day patch of 2024, after handling 20 last year ????.
Also, they backported fixes for older devices ????. Meanwhile, Chinese authorities reportedly used known Apple AirDrop vulnerabilities to track down content senders ????. Stay secure, peeps! ????✨
Now, on to today’s hottest cybersecurity stories:
???? 26 billion records leaked. Dropbox, LinkedIn, X named ????
⚠️ Beware of fake CherryTree malware dubbed CherryLoader ????
???? Tech giant HP hacked by Russians suspected of DNC breach ????️
A mind-boggling 26 billion leaked data records, dubbed the "mother of all breaches" (MOAB), have been unearthed in a 12-terabyte database by researchers from Security Discovery and CyberNews.
The proverbial treasure trove includes info from Tencent, Weibo, Twitter, Dropbox, LinkedIn, Adobe, Canva, and Telegram users, along with records from U.S. and other government entities ????????. Luckily, it seems to be recycled data from past breaches, but concerns linger as it contains usernames and passwords, raising the risk of credential stuffing attacks ????????.
???? What You Need to Do
Cybersecurity advisor Jake Moore warns of potential dangers and urges victims to update passwords, be vigilant against phishing emails, and enable two-factor authentication ????️????.
LinkedIn, Dropbox, and Twitter were contacted for statements, with ongoing inquiries and responses trickling in. Meanwhile, experts emphasise the importance of staying alert for phishing attempts leveraging the MOAB breach ????????.
???? Expert Insights
Cybersecurity consultants stress the significance of taking action, changing passwords, and enabling two-factor authentication. Richard Bird, CSO of Traceable AI, highlights the urgent need for better data protection measures in the absence of national privacy laws ????????.
???? Check Your Exposure
Use the free checker tool at CyberNews or Have I Been Pwned to discover if your email address is tied to this massive data dump ????????. Stay vigilant, stay secure! ????✨
Unveiling a new threat landscape, Arctic Wolf Labs reveals the CherryLoader malware—slyly camouflaged as CherryTree ????. This Go-based loader, detected in recent intrusions, deploys a dual threat of privilege escalation tools, PrintSpoofer or JuicyPotatoNG, for persistent follow-on exploitation. ????
???? Deceptive Disguise
CherryLoader cunningly adopts the icon and name of CherryTree, duping victims into unwittingly installing the malicious payload. What sets CherryLoader apart is its modular design, allowing threat actors to switch exploits seamlessly without code recompilation. A cybersecurity chameleon! ????
????️ Parts Unknown
While the loader's distribution remains shrouded, analysed attack chains expose a RAR archive hosted on IP address 141.11.187[.]70, housing the deceptive payload. CherryLoader flexes its cyber muscles by decrypting files, executing processes, and swapping in different exploits like JuicyPotatoNG effortlessly. Stay alert for evolving threats! ????????️
???? Defensive Measures
Arctic Wolf Labs advises constant vigilance. Secure your systems by updating defences, monitoring for unusual activity, and staying informed against the ever-changing cyber threat landscape. ????????
Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.
Suspected Russian state-sponsored hackers infiltrated Hewlett Packard Enterprise (HPE), exfiltrating mailbox data since May 2023. APT29, known as BlueBravo, Cozy Bear, and more, linked to Russia's SVR, executed the intrusion, reminiscent of their role in the 2016 DNC hack and the 2020 SolarWinds compromise.
????️ APT29's Tactics
The threat actors targeted HPE's cybersecurity, go-to-market, business segments, and more. This disclosure follows Microsoft's similar encounter with APT29 in November 2023, indicating a persistent and evolving cyber threat landscape.
⏰ Six Months Undetected
HPE uncovered the breach on December 12, 2023, revealing that the hackers roamed freely within their network for over six months, underscoring the sophistication of the attack.
???? Connection to Prior APT29 Event
The breach is likely linked to a prior APT29 incident in May 2023, involving unauthorised access to and exfiltration of SharePoint files. HPE emphasises no material impact on its operations to date.
????️ All’s well that ends okay
While HPE reassures stakeholders of no significant operational impact, they stress ongoing vigilance. The scale of the attack and specifics on accessed email data remain undisclosed.
Christ, Friday again already! Where does the time go, eh? Stay safe, cyber squad and remember, if in doubt: blame Russia! ???? JK, enjoy the weekend, folks! ????
Stay informed, stay secure! ????✨
????️ Extra, Extra! Read all about it! ????️
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.
Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran 'Wealthy Primate' might be able to help you climb that tree ???????? with his stick and banana approach ????????
Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)
Let us know what you think.
So long and thanks for reading all the phish!
???? CACTUS ransomware exploits flaws in Qlik Sense ????