Binance bro ๐Ÿ‘จ๐Ÿปโ€๐Ÿ’ผ

Sep 20 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome toย Gone Phishing, your weekly cybersecurity newsletter thatโ€™s rolling like cyber thunder โšก

Patch of the Week!ย ๐Ÿฉน

First thingโ€™s first, folks. Our weekly segment goes by many names. Patch of the Week, Tweak of the week. Okay, thatโ€™s itโ€ฆ ๐Ÿ˜ณย 

Congrats to SolarWinds, the cybercriminals are no matchโ€ฆ for your patch! ๐Ÿฉน

Check out this freshly hatched patch ๐Ÿฃ

Solar Winds this round ๐ŸฅŠ

๐Ÿšจ SolarWinds Fixes Critical Flaws in Access Rights Manager! ๐Ÿ‘จ๐Ÿปโ€๐Ÿ’ผ

SolarWinds has released updates to patch two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability, CVE-2024-28991 (CVSS 9.0), that could lead to remote code execution. ๐Ÿ”“๐Ÿ’ฅ This flaw stems from the deserialization of untrusted data, allowing authenticated users to execute arbitrary code. ๐Ÿšจ While authentication is required, it can be bypassed, making the flaw even more dangerous. โš ๏ธ

Another issue, CVE-2024-28990 (CVSS 6.3), involves a hard-coded credential that could give unauthorized access to the RabbitMQ management console.ย ๐Ÿฐ๐Ÿ”“ Both vulnerabilities have been fixed in ARM version 2024.3.1, and while there's no evidence of active exploitation, users are urged to update immediately! ๐Ÿ›ก๏ธโœจ

Stay ahead of the threatsโ€”update now! ๐Ÿš€๐Ÿ”’

Now, on to this weekโ€™s hottest cybersecurity news stories:ย 

๐Ÿšจ Binance Warns of Global Clipper Malware Threat Targeting Crypto Users! ๐Ÿ’ธ๐Ÿ’ป

๐Ÿšจ SaaS Apps: The Convenience & The Security Risk! ๐Ÿ’ผ๐Ÿ”

๐Ÿšจ Phishing Campaigns Exploit HTTP Header Refresh for Credential Theft ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ”

Binance bro ๐Ÿ‘จ๐Ÿปโ€๐Ÿ’ผ

ย ๐Ÿšจ Binance Warns of Global Clipper Malware Threat Targeting Crypto Users! ๐Ÿ’ธ๐Ÿ’ป

Binance has issued a warning about a global clipper malware threat targeting cryptocurrency users, aiming to facilitate financial fraud by hijacking clipboard data. ๐Ÿ”“๐Ÿšจ Clipper malware, also called ClipBankers, monitors a user's clipboard and replaces copied cryptocurrency wallet addresses with those controlled by attackers. This sneaky swap redirects digital assets to rogue wallets instead of the intended destination. ๐Ÿ’ผ๐Ÿ’ธ

The issue surged on August 27, 2024, causing significant financial losses, especially for users downloading unofficial apps and plugins on Android, iOS, and web platforms. ๐Ÿ“ฑ๐Ÿ’ป Binance is actively blocklisting attacker addresses and has advised affected users to check for suspicious software. ๐Ÿ”’๐Ÿ”

Binance urges users to avoid downloading software from unofficial sourcesย and ensure apps are authentic. This malware often spreads through unofficial channels, especially when users search for apps in their native languages. ๐ŸŒโš ๏ธ

Cryptocurrency scams remain widespread, with 2023 marking a record year for fraud, leading to over $5.6 billion in losses, according to the FBI. ๐Ÿ’ฐ Binance and security firms are on high alert, and users are encouraged to stay vigilant! ๐Ÿ›ก๏ธ๐Ÿ’ก

Transform the way you run your business using AI (Extended Labour day Sale)๐Ÿ’ฐ

Imagine a future where your business runs like a well-oiled machine, effortlessly growing and thriving while you focus on what truly matters.
This isn't a dreamโ€”it's the power of AI, and it's within your reach.

Join this AI Business Growth & Strategy Masterclass and discover how to revolutionize your approach to business.
In just 4 hours, youโ€™ll gain the tools, insights, and strategies to not just survive, but dominate your market.

What Youโ€™ll Experience:ย 
๐ŸŒŸ Discover AI techniques that give you a competitive edge
๐Ÿ’ก Learn how to pivot your business model for unstoppable growth
๐Ÿ’ผ Develop AI-driven strategies that turn challenges into opportunities
โฐ Free up your time and energy by automating the mundane, focusing on what you love

๐Ÿ—“๏ธ Tomorrow | โฑ๏ธ 10 AM EST

This is more than just a workshopโ€”it's a turning point.
The first 100 to register get in for FREE. Donโ€™t miss the chance to change your business trajectory forever.

Sign up here to save your seat! ๐Ÿ‘ˆ

Donโ€™t SaaS me ๐Ÿ’…๐Ÿป

๐Ÿšจ SaaS Apps: The Convenience & The Security Risk! ๐Ÿ’ผ๐Ÿ”

With just a few clicks, any SaaS app can transform into a powerhouse for collaboration, CRM, workflow management, marketing, HR, and more. ๐Ÿ“Š๐Ÿ’ป But this convenience also brings significant security risks, as these apps often serve as entry points for threat actors to breach corporate environments and steal sensitive data. ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ’ฐ

As companies rapidly adopt SaaS applications, their security measures are struggling to keep pace. The rise in attacks like account takeovers and credential leaks is proof of this gap. ๐Ÿ”“๐Ÿ‘พ On the user side, there's a pressing need for a security-first approachโ€”monitoring access risks and potential threatsโ€”but with so many apps, users, and data, this is easier said than done. ๐Ÿ˜“

The Security Gaps ๐Ÿ“‰๐Ÿ”

What leaves organizations vulnerable is a lack of clarity, context, and timely action. Security teams must sift through mountains of threat data, figure out which are relevant, assess the risk, and analyze things like user permissions and data sharingโ€”all while time ticks away! โณ This effort consumes massive resources, and many threats slip through the cracks.

Enter Threat Intelligence ๐Ÿ’ก๐Ÿ›ก๏ธย 

This is where threat intelligence steps in. It's a game-changer! ๐ŸŽฏ Threat intelligence provides actionable data about potential threats, giving security teams real-time insights they can act on before it's too late. ๐Ÿšจย 

The Numbers Don't Lie! ๐Ÿ“Šย 

Did you know that right now, 24 billion stolen credentials are floating around on the Darknet? ๐Ÿ˜ฑ According to research by ReliaQuest and Microsoft, there are 4,000 password attacks blocked every second! Without specialized threat intelligence, managing these massive numbers of threats is nearly impossible. ๐Ÿ”’๐Ÿง 

For example, in the 2024 Dropbox Sign breach, attackers exploited OAuth vulnerabilities to gain access to sensitive data like API keys and OAuth tokens. ๐Ÿšจ This highlighted the importance of proactive security measures and swift response to leaked credentials. ๐Ÿƒโ€โ™‚๏ธ๐Ÿ’ป

MFA: A Solution or Not? ๐Ÿ”

While Multi-Factor Authentication (MFA) is often touted as a solution, itโ€™s not foolproof. โŒ Recent attacks on Change Healthcare and Snowflake showed that attackers can still bypass MFA. The real issue lies in poorly configured apps and security gaps in critical business applications. This is why companies need SaaS-specific threat intelligenceโ€”to act before attackers seize control. โšก๐Ÿ‘พ

Tailored Threat Intelligence for SaaS ๐Ÿšจ

With custom SaaS threat intelligence, security teams receive real-time, contextual alerts when their specific SaaS apps are at risk. ๐ŸŽฏ๐Ÿ’ฌ For example, when GitHub suffered a security breach in 2023, stolen OAuth tokens were used to download sensitive data. Immediate actionโ€”like revoking tokensโ€”was critical to prevent further damage. ๐Ÿ” Swift response is key to minimizing potential losses.

Wing Security: Your SaaS Protector ๐Ÿ›ก๏ธ๐Ÿ’ผ

Companies like Wing Security are leading the charge in SaaS-specific threat intelligence. ๐ŸŒŸ With a combination of machine learning and expert human analysis, Wingโ€™s platform offers prioritized, timely alerts that guide users through steps like suspending users, revoking tokens, and creating tickets. ๐ŸŽŸ๏ธ๐Ÿ”ง

Wing Security's holistic SaaS security solution ensures that configurations are secure and data is protected across the entire SaaS ecosystem. ๐Ÿ”„๐Ÿ” Their platform simplifies SaaS security management, helping CISOs sleep a little better at night. ๐ŸŒ™๐Ÿ’ค

Stay secure in your SaaS ecosystemโ€”your companyโ€™s data depends on it! ๐Ÿ’ช

Seeking impartial news? Meet 1440.

Every day, 3.5 million readers turn to 1440 for their factual news. We sift through 100+ sources to bring you a complete summary of politics, global events, business, and culture, all in a brief 5-minute email. Enjoy an impartial news experience.

Join for free today!

Phishing for credentials ๐ŸŽฃ

๐Ÿšจ Phishing Campaigns Exploit HTTP Header Refresh for Credential Theft ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ”

Cybersecurity researchers have uncovered a large-scale phishing campaign leveraging refresh entries in HTTP headers to deliver spoofed email login pages, aiming to steal users' credentials. ๐Ÿ“จ๐Ÿ”“

Unlike typical phishing schemes that manipulate HTML content, these attacks abuse the HTTP response header, which directs browsers to automatically reload or refresh a web page without user interaction. This tactic adds a layer of sophistication, making the attack harder to detect. ๐Ÿšจ

How It Works โš™๏ธ

The infection chain begins with a phishing email containing a malicious link. Clicking the link redirects users to a spoofed login page, often mimicking legitimate websites. The Refresh response header carries the redirect, masking the attacker's intent and pre-filling the victims' email addresses to make the fraudulent page seem authentic. ๐Ÿ˜ฑ๐Ÿ”

These attacks were observed between May and July 2024, targeting large corporations, government agencies, and educational institutions across South Korea and the U.S. More than 2,000 malicious URLs were associated with the campaigns. ๐Ÿ’ป

Key targets: Business and economy (36%), financial services (12.9%), government (6.9%), health (5.7%), and tech (5.4%) sectors.

Attackers also use legitimate domains that offer URL shortening and tracking services, further camouflaging their activities. The tactic of redirecting to official sites makes these phishing attempts even more deceptive, increasing the success rate of credential theft. ๐Ÿ”—โš ๏ธ

BEC and Phishingโ€™s Costly Toll ๐Ÿ’ฐ

These phishing attacks are just one part of a broader trend of Business Email Compromise (BEC), which continues to be a top avenue for cybercriminals. The FBI reports that BEC scams cost U.S. and global organizations a staggering $55.49 billion between October 2013 and December 2023. Over 305,000 incidents were reported during this period. ๐Ÿ“‰๐Ÿ’ผ

BEC attacks, like these phishing campaigns, exploit human trust and familiarity, often using legitimate-looking emails and websites to deceive users into handing over sensitive information.

Evolving Phishing Tactics ๐ŸŽฏ

Cybercriminals are continuously refining their tactics. In recent scams, deepfake videos of public figures and CEOs have been used to lure victims into bogus investment schemes like Quantum AI. Attackers use social media ads and fake websites to entice users into paying fees, only to lock them out of their accounts and steal their money. ๐Ÿ“ฝ๏ธ๐Ÿ’ธ

Another emerging threat is the use of automated CAPTCHA-solving services provided by groups like Greasy Opal. Operating since 2009, Greasy Opal offers cybercriminals tools for credential stuffing, fake account creation, and browser automation. Their services, available for as little as $190 with a monthly subscription, cater to a wide array of cybercrime activities, helping threat actors bypass basic security measures like CAPTCHAs. ๐Ÿงฉ๐Ÿ”

One notorious user of these services is Storm-1152, a Vietnamese cybercrime group identified by Microsoft for selling fraudulent Microsoft accounts. These sophisticated operations reflect the growing trend of gray zone cyber businesses, where tools created for legitimate purposes are repurposed for illegal activities. ๐ŸŒ๐Ÿ‘ฅ

Protect Yourself ๐Ÿ’ก

With attackers employing increasingly clever tactics like HTTP header refresh abuse, itโ€™s more critical than ever for organizations to bolster their email security defenses, educate users on phishing awareness, and deploy advanced detection technologies that can identify and mitigate these evolving threats. Stay vigilant, and don't click suspicious links! ๐Ÿ”’

๐Ÿ—ž๏ธ Extra, Extra! Read all about it! ๐Ÿ—ž๏ธ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ๐Ÿ›ก๏ธ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday ๐Ÿ“…

  • ๐Ÿ’ตCrypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for ๐Ÿ†“

  • ๐Ÿ“ˆBitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future ๐Ÿ‘พ

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles