Sep 20 2024
Welcome to Gone Phishing, your weekly cybersecurity newsletter that’s rolling like cyber thunder ⚡
Patch of the Week! 🩹
First thing’s first, folks. Our weekly segment goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it… 😳
Congrats to SolarWinds, the cybercriminals are no match… for your patch! 🩹
Check out this freshly hatched patch 🐣
🚨 SolarWinds Fixes Critical Flaws in Access Rights Manager! 👨🏻💼
SolarWinds has released updates to patch two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability, CVE-2024-28991 (CVSS 9.0), that could lead to remote code execution. 🔓💥 This flaw stems from the deserialization of untrusted data, allowing authenticated users to execute arbitrary code. 🚨 While authentication is required, it can be bypassed, making the flaw even more dangerous. ⚠️
Another issue, CVE-2024-28990 (CVSS 6.3), involves a hard-coded credential that could give unauthorized access to the RabbitMQ management console. 🐰🔓 Both vulnerabilities have been fixed in ARM version 2024.3.1, and while there's no evidence of active exploitation, users are urged to update immediately! 🛡️✨
Stay ahead of the threats—update now! 🚀🔒
Now, on to this week’s hottest cybersecurity news stories:
🚨 Binance Warns of Global Clipper Malware Threat Targeting Crypto Users! 💸💻
🚨 SaaS Apps: The Convenience & The Security Risk! 💼🔐
🚨 Phishing Campaigns Exploit HTTP Header Refresh for Credential Theft 🕵️♂️🔐
Binance has issued a warning about a global clipper malware threat targeting cryptocurrency users, aiming to facilitate financial fraud by hijacking clipboard data. 🔓🚨 Clipper malware, also called ClipBankers, monitors a user's clipboard and replaces copied cryptocurrency wallet addresses with those controlled by attackers. This sneaky swap redirects digital assets to rogue wallets instead of the intended destination. 💼💸
The issue surged on August 27, 2024, causing significant financial losses, especially for users downloading unofficial apps and plugins on Android, iOS, and web platforms. 📱💻 Binance is actively blocklisting attacker addresses and has advised affected users to check for suspicious software. 🔒🔍
Binance urges users to avoid downloading software from unofficial sources and ensure apps are authentic. This malware often spreads through unofficial channels, especially when users search for apps in their native languages. 🌐⚠️
Cryptocurrency scams remain widespread, with 2023 marking a record year for fraud, leading to over $5.6 billion in losses, according to the FBI. 💰 Binance and security firms are on high alert, and users are encouraged to stay vigilant! 🛡️💡
Imagine a future where your business runs like a well-oiled machine, effortlessly growing and thriving while you focus on what truly matters.
This isn't a dream—it's the power of AI, and it's within your reach.
Join this AI Business Growth & Strategy Masterclass and discover how to revolutionize your approach to business.
In just 4 hours, you’ll gain the tools, insights, and strategies to not just survive, but dominate your market.
What You’ll Experience:
🌟 Discover AI techniques that give you a competitive edge
💡 Learn how to pivot your business model for unstoppable growth
💼 Develop AI-driven strategies that turn challenges into opportunities
⏰ Free up your time and energy by automating the mundane, focusing on what you love
🗓️ Tomorrow | ⏱️ 10 AM EST
This is more than just a workshop—it's a turning point.
The first 100 to register get in for FREE. Don’t miss the chance to change your business trajectory forever.
Sign up here to save your seat! 👈
With just a few clicks, any SaaS app can transform into a powerhouse for collaboration, CRM, workflow management, marketing, HR, and more. 📊💻 But this convenience also brings significant security risks, as these apps often serve as entry points for threat actors to breach corporate environments and steal sensitive data. 🕵️♂️💰
As companies rapidly adopt SaaS applications, their security measures are struggling to keep pace. The rise in attacks like account takeovers and credential leaks is proof of this gap. 🔓👾 On the user side, there's a pressing need for a security-first approach—monitoring access risks and potential threats—but with so many apps, users, and data, this is easier said than done. 😓
The Security Gaps 📉🔍
What leaves organizations vulnerable is a lack of clarity, context, and timely action. Security teams must sift through mountains of threat data, figure out which are relevant, assess the risk, and analyze things like user permissions and data sharing—all while time ticks away! ⏳ This effort consumes massive resources, and many threats slip through the cracks.
Enter Threat Intelligence 💡🛡️
This is where threat intelligence steps in. It's a game-changer! 🎯 Threat intelligence provides actionable data about potential threats, giving security teams real-time insights they can act on before it's too late. 🚨
The Numbers Don't Lie! 📊
Did you know that right now, 24 billion stolen credentials are floating around on the Darknet? 😱 According to research by ReliaQuest and Microsoft, there are 4,000 password attacks blocked every second! Without specialized threat intelligence, managing these massive numbers of threats is nearly impossible. 🔒🧠
For example, in the 2024 Dropbox Sign breach, attackers exploited OAuth vulnerabilities to gain access to sensitive data like API keys and OAuth tokens. 🚨 This highlighted the importance of proactive security measures and swift response to leaked credentials. 🏃♂️💻
MFA: A Solution or Not? 🔐
While Multi-Factor Authentication (MFA) is often touted as a solution, it’s not foolproof. ❌ Recent attacks on Change Healthcare and Snowflake showed that attackers can still bypass MFA. The real issue lies in poorly configured apps and security gaps in critical business applications. This is why companies need SaaS-specific threat intelligence—to act before attackers seize control. ⚡👾
Tailored Threat Intelligence for SaaS 🚨
With custom SaaS threat intelligence, security teams receive real-time, contextual alerts when their specific SaaS apps are at risk. 🎯💬 For example, when GitHub suffered a security breach in 2023, stolen OAuth tokens were used to download sensitive data. Immediate action—like revoking tokens—was critical to prevent further damage. 🔐 Swift response is key to minimizing potential losses.
Wing Security: Your SaaS Protector 🛡️💼
Companies like Wing Security are leading the charge in SaaS-specific threat intelligence. 🌟 With a combination of machine learning and expert human analysis, Wing’s platform offers prioritized, timely alerts that guide users through steps like suspending users, revoking tokens, and creating tickets. 🎟️🔧
Wing Security's holistic SaaS security solution ensures that configurations are secure and data is protected across the entire SaaS ecosystem. 🔄🔐 Their platform simplifies SaaS security management, helping CISOs sleep a little better at night. 🌙💤
Stay secure in your SaaS ecosystem—your company’s data depends on it! 💪
Every day, 3.5 million readers turn to 1440 for their factual news. We sift through 100+ sources to bring you a complete summary of politics, global events, business, and culture, all in a brief 5-minute email. Enjoy an impartial news experience.
Cybersecurity researchers have uncovered a large-scale phishing campaign leveraging refresh entries in HTTP headers to deliver spoofed email login pages, aiming to steal users' credentials. 📨🔓
Unlike typical phishing schemes that manipulate HTML content, these attacks abuse the HTTP response header, which directs browsers to automatically reload or refresh a web page without user interaction. This tactic adds a layer of sophistication, making the attack harder to detect. 🚨
How It Works ⚙️
The infection chain begins with a phishing email containing a malicious link. Clicking the link redirects users to a spoofed login page, often mimicking legitimate websites. The Refresh response header carries the redirect, masking the attacker's intent and pre-filling the victims' email addresses to make the fraudulent page seem authentic. 😱🔐
These attacks were observed between May and July 2024, targeting large corporations, government agencies, and educational institutions across South Korea and the U.S. More than 2,000 malicious URLs were associated with the campaigns. 💻
Key targets: Business and economy (36%), financial services (12.9%), government (6.9%), health (5.7%), and tech (5.4%) sectors.
Attackers also use legitimate domains that offer URL shortening and tracking services, further camouflaging their activities. The tactic of redirecting to official sites makes these phishing attempts even more deceptive, increasing the success rate of credential theft. 🔗⚠️
BEC and Phishing’s Costly Toll 💰
These phishing attacks are just one part of a broader trend of Business Email Compromise (BEC), which continues to be a top avenue for cybercriminals. The FBI reports that BEC scams cost U.S. and global organizations a staggering $55.49 billion between October 2013 and December 2023. Over 305,000 incidents were reported during this period. 📉💼
BEC attacks, like these phishing campaigns, exploit human trust and familiarity, often using legitimate-looking emails and websites to deceive users into handing over sensitive information.
Evolving Phishing Tactics 🎯
Cybercriminals are continuously refining their tactics. In recent scams, deepfake videos of public figures and CEOs have been used to lure victims into bogus investment schemes like Quantum AI. Attackers use social media ads and fake websites to entice users into paying fees, only to lock them out of their accounts and steal their money. 📽️💸
Another emerging threat is the use of automated CAPTCHA-solving services provided by groups like Greasy Opal. Operating since 2009, Greasy Opal offers cybercriminals tools for credential stuffing, fake account creation, and browser automation. Their services, available for as little as $190 with a monthly subscription, cater to a wide array of cybercrime activities, helping threat actors bypass basic security measures like CAPTCHAs. 🧩🔍
One notorious user of these services is Storm-1152, a Vietnamese cybercrime group identified by Microsoft for selling fraudulent Microsoft accounts. These sophisticated operations reflect the growing trend of gray zone cyber businesses, where tools created for legitimate purposes are repurposed for illegal activities. 🌐👥
Protect Yourself 💡
With attackers employing increasingly clever tactics like HTTP header refresh abuse, it’s more critical than ever for organizations to bolster their email security defenses, educate users on phishing awareness, and deploy advanced detection technologies that can identify and mitigate these evolving threats. Stay vigilant, and don't click suspicious links! 🔒
🗞️ Extra, Extra! Read all about it! 🗞️
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
🛡️ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday 📅
💵Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for 🆓
📈Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future 👾
Let us know what you think.
So long and thanks for reading all the phish!
