Jan 11 2025
Welcome toΒ Gone Phishing, your weekly cybersecurity newsletter that wishes you a Happy New Year! ππ₯³π Unless youβre a cybercriminal, in which case GTFO π€¬
Patch of the Week!Β π©Ή
First thingβs first, folks. Our weekly segment goes by many names. Patch of the Week, Tweak of the week. Okay, thatβs itβ¦ π³Β
Congrats to Mitel MiCollab and Oracle WebLogic Server, the cybercriminals are no matchβ¦ for your patch! π©Ή
Check out this freshly hatched patch π£Β
π¨ New Vulnerabilities Added to CISA KEV Catalog! π
CISA has flagged three critical flaws in Mitel MiCollab and Oracle WebLogic Server due to active exploitation. Here's what you need to know! π‘οΈπ»
The Vulnerabilities
1οΈβ£ CVE-2024-41713 (CVSS 9.1):
Path traversal in Mitel MiCollab allowing unauthorized, unauthenticated access.
2οΈβ£ CVE-2024-55550 (CVSS 4.4):
Path traversal in Mitel MiCollab enabling authenticated admins to read local files.
π‘ Combo Alert: These two can be chained for remote, unauthenticated access to arbitrary server files! β οΈ
3οΈβ£ CVE-2020-2883 (CVSS 9.8):
A severe flaw in Oracle WebLogic Server exploitable by unauthenticated attackers via IIOP or T3 protocols.
Why It Matters
Mitel MiCollab flaws were discovered during a probe into another critical bug (CVE-2024-35286, CVSS 9.8).
Oracle warned about CVE-2020-2883 in 2020, noting active exploitation reports.
Over 5,600 Mitel MiCollab instances are exposed online, with the majority in the U.S., Canada, and the U.K. πΒ
π¨ Patch Now:
Federal agencies must update by Jan 28, 2025, per Binding Operational Directive (BOD) 22-01.
Check Mitel and Oracle resources for latest patches and updates.Β
π‘ Stay Vigilant:Β
Review your systems for potential exposure.
Monitor logs for signs of exploitation.Β
π§ Donβt wait for a breachβact now to secure your systems! π₯οΈπΒ
Now, on to this weekβs hottest cybersecurity news stories:Β
πΎ Malspam evades SPF, DMARK security by utilising neglected domains π
π΅πΌββοΈ Researchers lift the lid on NonEulid RAT using UAC bypass, AMSI evasion πΒ
β οΈ 2025: Top malware threats to watch out for this coming year. Take notes π
Cybersecurity researchers report a surge in spoofed email campaigns π― targeting unsuspecting victims by faking sender addresses to appear legitimate. This tactic helps bypass security systems and trick users into engaging with malicious content.
π οΈ Old Tricks, New Domains
While email authentication protocols like DKIM, DMARC, and SPF exist to combat spoofing, attackers now exploit neglected domains without proper DNS records. These domains, though unused for years, successfully slip past modern filters.
π‘ Tactics in Play:
πΉ Phishing with QR Codes: Fake emails (tax-related in Mandarin) use QR codes linked to phishing sites, stealing IDs and card details.
πΉ Brand Spoofs: Imitating Amazon, Mastercard, and SMBC to harvest credentials via fraudulent login pages.
πΉ Extortion Scams: Threats of leaked βembarrassing videosβ demand Bitcoin payments πΈ, with fake claims of system compromise.
π Other Alarming Trends:
Phishing Pages: Hosted on trusted platforms like Canva, Dropbox, and Google AMP.
SMS Phishing: Pretending to be law enforcement, targeting victims with fake fines or renewal notices.
Sophisticated Scams: Social engineering against Middle Eastern banking customers, exploiting leaked personal data.
π How to Stay Safe:
βοΈ Verify sender domains and avoid clicking on unknown links.
βοΈ Update your DNS records if you manage domains.
βοΈ Report suspicious emails to your email provider.
βοΈ Enable 2FA for critical accounts.
β οΈ Pro Tip: Remember, no legitimate organization will ask for sensitive info via email. Stay vigilant! π‘οΈ
VaultCraft launches V2 in partnership with Safe, lands $100M+ in Bitcoin
Matrixport entrusts VaultCraft with $100M+ Bitcoin
OKX Web3 rolls out Safe Smart Vaults with $250K+ rewards
Cybersecurity experts have uncovered NonEuclid, a cutting-edge remote access trojan (RAT) targeting Windows systems. Written in C#, this malware allows attackers to control compromised devices remotely while deploying advanced techniques to evade detection.
π΅οΈββοΈ How It Works:
Stealth Tactics: Detects analysis tools like taskmgr.exe and processhacker.exe to evade security checks.
Sandbox Detection: Identifies virtual environments and terminates if detected.
Antivirus Bypass: Disables Microsoft Defender exclusions and dodges AMSI scans.
Persistence Mechanisms: Alters Windows Registry and schedules tasks to maintain control.
π Ransomware Twist:
NonEuclid goes beyond typical RAT functions by encrypting files (e.g., .CSV, .TXT) and renaming them with the ".NonEuclid" extension. Essentially, it doubles as ransomware.
π The Spread:
Promoted aggressively on underground forums, Discord, and YouTube since November 2024, the malware includes tutorials, making it attractive to cybercriminals looking for ready-made solutions.
π‘ Key Features:
Privilege Escalation: Circumvents User Account Control (UAC) to execute commands.
Process Management: Uses Windows API calls to terminate analysis tools.
Advanced Evasion: Combines stealth and adaptability to outsmart security tools.Β
β οΈ Stay Safe!
Keep your antivirus updated π‘οΈ.
Regularly review and tighten system privileges.
Monitor for suspicious registry changes or scheduled tasks.
Educate your team about emerging threats like NonEuclid.
π Remember: The rise of advanced malware like NonEuclid highlights the importance of robust cybersecurity defenses and constant vigilance. Stay ahead of the curve! π
Ava automates your entire outbound demand generation process, including:
Intent-Driven Lead Discovery
High Quality Emails with Waterfall Personalization
Follow-Up Management
Free up your sales team to focus on high-value interactions and closing deals, while Ava handles the time-consuming tasks.
Book a demo to see how Ava can 10x your outbound.
As cyber threats evolve, staying prepared is more important than ever. Here are 5 common malware families you should start preparing to counter today:
1οΈβ£ Lumma#
π What It Does:
Steals sensitive data, including credentials and financial info.
Logs browsing history and targets cryptocurrency wallets.Β
π¦ How It Spreads:
Fake CAPTCHA pages, torrents, and phishing emails.Β
π‘ Defense Tip:
Use sandbox analysis to identify indicators of compromise (IOCs) and enhance your defenses.
2οΈβ£ XWorm
π What It Does:
Offers remote control to attackers.
Monitors keystrokes, webcam, audio, and network activity.
π¦ How It Spreads:
Delivered through phishing emails with malicious archives.
π‘ Defense Tip:
Be cautious with unsolicited emails, especially those containing password-protected archives.
3οΈβ£ AsyncRAT
π What It Does:
Records screens, logs keystrokes, and installs additional malware.
Overwhelms websites with attacks and disables security software.
π¦ How It Spreads:
Disguised as pirated software or embedded in AI-generated scripts.
π‘ Defense Tip:
Avoid downloading unverified software and use advanced sandbox tools for analysis.
4οΈβ£ Remcos
π What It Does:
Markets itself as a legitimate tool but enables remote control of systems.
Steals data and exploits vulnerabilities like CVE-2017-11882.
π¦ How It Spreads:
Distributed via phishing emails with malicious scripts.
π‘ Defense Tip:
Regularly patch vulnerabilities and monitor for suspicious PowerShell or Command Prompt activity.
5οΈβ£ LockBit
π What It Does:
Encrypts files and demands ransom for decryption.
Operates as part of a Ransomware-as-a-Service (RaaS) model.
π¦ How It Spreads:
Targeted attacks on high-profile organizations.
π‘ Defense Tip:
Ensure regular backups, implement endpoint protection, and stay informed about emerging ransomware variants like LockBit 4.0.
π‘οΈ Take Action:
Use tools like ANY.RUNβs Interactive Sandbox for real-time malware analysis. Proactively hunt for threats and bolster your cybersecurity defenses to face 2025 with confidence! π
ποΈ Extra, Extra! Read all about it! ποΈ
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
π‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday π
π΅Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for π
πBitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πΎ
Let us know what you think.
So long and thanks for reading all the phish!