Sep 11 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that runs circles around cybercriminals like Daniel Khalife with the Met police ???? Probs be serving Khalife in jail now, mind ????????
Today’s hottest cybersecurity news stories:
???? Pegasus spyware on iPhones: Apple resolves by patching zero-day flaws ????
???? Mac attack! Atomic Stealer (AMOS) is doing the rounds via malvertising ????????
???? Microsoft IIS Servers been reppin’ since 1995 but Lazarus is taking aim ????
‘Sup, Apple fans? ???? Big news on the security front: Apple just dropped emergency updates for iOS, iPadOS, macOS, and watchOS to tackle two sneaky zero-day vulnerabilities. ????????
Here's the scoop on the issues:
???? CVE-2023-41061: A glitch in Wallet could let bad actors execute code when handling dodgy attachments. ????⚠️
???? CVE-2023-41064: A buffer overflow problem in Image I/O might lead to code execution when processing sketchy images. ????️????
Citizen Lab at the University of Toronto's Munk School discovered one of these flaws, while Apple found the other with a little "assistance" from Citizen Lab. Teamwork makes the dream work, right? ????????
The updates are ready for these devices and systems:
???? iOS 16.6.1 and iPadOS 16.6.1
???? macOS Ventura 13.5.2
⌚ watchOS 9.6.2
Now this is a BLAST from the PASS ????
But there's more to the story! Citizen Lab uncovered that these twin flaws are part of a zero-click iMessage exploit chain called BLASTPASS, used to sneak Pegasus spyware onto fully-patched iPhones. ????????
Yep, it's that serious. The exploit could compromise even the latest iOS version without any user interaction, thanks to PassKit attachments with malicious images. ????????
Apple's BlastDoor sandbox framework was bypassed in this attack, making it even more concerning. ????????
Citizen Lab highlighted that these exploits are often used against civil society organisations, and this discovery came from analysing a device linked to a D.C.-based organisation with global reach. ????????️
With 13 zero-day bug fixes already this year, Apple's not taking chances. Stay updated, and remember, cybersecurity matters now more than ever! ????????
I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.
The group is very active and everyone in this private discord group is very chatty and helpful.
Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.
If you are interested in joining the group you can through the link below.
Gif by The_Animal_Crackers_Movie on Giphy
Hold on tight, Mac users! ???? A fresh malvertising campaign is back, spreading an updated macOS stealer called Atomic Stealer (AMOS), showing it's actively maintained by its creator. ????????
Atomic Stealer, a $1,000-per-month off-the-shelf Golang malware, first surfaced in April 2023. Since then, it's evolved with more info-gathering tricks, targeting gamers and crypto enthusiasts. ????️????
So, how's it spreading? Malvertising via Google Ads is the culprit. You're searching for software, legit or cracked, and you stumble upon fake ads that lead to rogue installer sites. ????????
In the latest twist, a fake TradingView site offers downloads for Windows, macOS, and Linux. The Windows and Linux links drop NetSupport RAT. But for macOS, it's a new Atomic Stealer version hiding in a sneaky ad-hoc signed app. It asks for your password, then goes on a data-harvesting spree. ????️♂️????
Atomic Stealer is a menace—it targets Chrome, Firefox, crypto-related browser extensions, and even Coinomi wallets. The goal? Sneak past Gatekeeper and send your data to the attacker's server. ????????
Mac attacks are on the rise, and Atomic Stealer is sneaky, boasting evasion skills. ????️♂️???? And DarkGate, a cousin of Atomic Stealer, is using the same tricks. ????????️ The floodgates have well and truly been opened, folks ????
Stay safe out there, Mac fans! Keep your guard up against these crafty threats. ????????
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
✈️ ViaTravelers: Get exclusive travel tips, news, and insider deals right in your inbox.
???? Leadership in Tech: A weekly newsletter for CTOs, engineering managers and senior engineers to become better leaders.
???? Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.
Let us know what you think!
???? We've got some important news to share about Microsoft Internet Information Services (IIS) and the rising threats it's facing. ????
What's Microsoft IIS?
Microsoft IIS is a web server software designed for Windows Server, used to host websites and files online. It's a less known hero but runs 5.4% of websites, including big names like Accenture and Mastercard. ????????
????️ IIS Through the Years: A Brief History ????️
Did you know that IIS made its debut alongside Windows NT 3.51 in 1995? ???? Since then, it's come a long way, evolving to keep pace with the ever-changing internet landscape. ????✨
Not only is it a web server handling HTTP and HTTPS requests, but Microsoft IIS also boasts an FTP server for swift file transfers and an SMTP server for email services. ????????
IIS isn't just a veteran; it's a continually evolving powerhouse!
Lazarus Strikes! ????
Now enter Lazarus, the notorious North Korean cyber group which this newsletter has unfortunately had the displeasure of having to cover numerous times. Well, you guessed it, they're now actively targeting vulnerable Microsoft IIS servers. ????????
Don't Forget WannaCry! ????
Remember WannaCry? That was Lazarus too! In 2017, they unleashed the infamous WannaCry ransomware, locking up computers worldwide until a kill switch was found. ????????
The $100 Million Heist! ????
And if you thought WannaCry was big, they stole $100 million in virtual currency in June 2022! ???????? Damn, son. Take a day off, will ya?
How Do They Attack?
Lazarus sneaks in through unpatched servers. In one case, they used DLL side-loading, a fancy term for exploiting how IIS loads libraries. They then injected malware, creating a backdoor to their control. ????????
In another attack, they exploited a vulnerable program, INISAFE CrossWeb EX, to deliver malware via Microsoft IIS servers. ????
????️ Top Tips:
Keep everything updated. Patch management is key. ????
Use a comprehensive patch management tool to avoid missing updates.
Limit service account privileges to the minimum needed. ????
Monitor network logs for strange activity. ????
Harden endpoints with advanced detection tools. ????️
Verify patches after applying.
Continuously test web app security. ????️♂️
Stay safe out there! ???????????? Because you know it won’t be long before Lazarus rises from the dead once more ???????? Or let’s be honest, they never really went away. Until next time, folks ????
So long and thanks for reading all the phish!