Sep 20 2024
Welcome toย Gone Phishing, your weekly cybersecurity newsletter thatโs rolling like cyber thunder โก
Patch of the Week!ย ๐ฉน
First thingโs first, folks. Our weekly segment goes by many names. Patch of the Week, Tweak of the week. Okay, thatโs itโฆ ๐ณย
Congrats to SolarWinds, the cybercriminals are no matchโฆ for your patch! ๐ฉน
Check out this freshly hatched patch ๐ฃ
๐จ SolarWinds Fixes Critical Flaws in Access Rights Manager! ๐จ๐ปโ๐ผ
SolarWinds has released updates to patch two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability, CVE-2024-28991 (CVSS 9.0), that could lead to remote code execution. ๐๐ฅ This flaw stems from the deserialization of untrusted data, allowing authenticated users to execute arbitrary code. ๐จ While authentication is required, it can be bypassed, making the flaw even more dangerous. โ ๏ธ
Another issue, CVE-2024-28990 (CVSS 6.3), involves a hard-coded credential that could give unauthorized access to the RabbitMQ management console.ย ๐ฐ๐ Both vulnerabilities have been fixed in ARM version 2024.3.1, and while there's no evidence of active exploitation, users are urged to update immediately! ๐ก๏ธโจ
Stay ahead of the threatsโupdate now! ๐๐
Now, on to this weekโs hottest cybersecurity news stories:ย
๐จ Binance Warns of Global Clipper Malware Threat Targeting Crypto Users! ๐ธ๐ป
๐จ SaaS Apps: The Convenience & The Security Risk! ๐ผ๐
๐จ Phishing Campaigns Exploit HTTP Header Refresh for Credential Theft ๐ต๏ธโโ๏ธ๐
Binance has issued a warning about a global clipper malware threat targeting cryptocurrency users, aiming to facilitate financial fraud by hijacking clipboard data. ๐๐จ Clipper malware, also called ClipBankers, monitors a user's clipboard and replaces copied cryptocurrency wallet addresses with those controlled by attackers. This sneaky swap redirects digital assets to rogue wallets instead of the intended destination. ๐ผ๐ธ
The issue surged on August 27, 2024, causing significant financial losses, especially for users downloading unofficial apps and plugins on Android, iOS, and web platforms. ๐ฑ๐ป Binance is actively blocklisting attacker addresses and has advised affected users to check for suspicious software. ๐๐
Binance urges users to avoid downloading software from unofficial sourcesย and ensure apps are authentic. This malware often spreads through unofficial channels, especially when users search for apps in their native languages. ๐โ ๏ธ
Cryptocurrency scams remain widespread, with 2023 marking a record year for fraud, leading to over $5.6 billion in losses, according to the FBI. ๐ฐ Binance and security firms are on high alert, and users are encouraged to stay vigilant! ๐ก๏ธ๐ก
Imagine a future where your business runs like a well-oiled machine, effortlessly growing and thriving while you focus on what truly matters.
This isn't a dreamโit's the power of AI, and it's within your reach.
Join this AI Business Growth & Strategy Masterclass and discover how to revolutionize your approach to business.
In just 4 hours, youโll gain the tools, insights, and strategies to not just survive, but dominate your market.
What Youโll Experience:ย
๐ Discover AI techniques that give you a competitive edge
๐ก Learn how to pivot your business model for unstoppable growth
๐ผ Develop AI-driven strategies that turn challenges into opportunities
โฐ Free up your time and energy by automating the mundane, focusing on what you love
๐๏ธ Tomorrow | โฑ๏ธ 10 AM EST
This is more than just a workshopโit's a turning point.
The first 100 to register get in for FREE. Donโt miss the chance to change your business trajectory forever.
Sign up here to save your seat! ๐
With just a few clicks, any SaaS app can transform into a powerhouse for collaboration, CRM, workflow management, marketing, HR, and more. ๐๐ป But this convenience also brings significant security risks, as these apps often serve as entry points for threat actors to breach corporate environments and steal sensitive data. ๐ต๏ธโโ๏ธ๐ฐ
As companies rapidly adopt SaaS applications, their security measures are struggling to keep pace. The rise in attacks like account takeovers and credential leaks is proof of this gap. ๐๐พ On the user side, there's a pressing need for a security-first approachโmonitoring access risks and potential threatsโbut with so many apps, users, and data, this is easier said than done. ๐
The Security Gaps ๐๐
What leaves organizations vulnerable is a lack of clarity, context, and timely action. Security teams must sift through mountains of threat data, figure out which are relevant, assess the risk, and analyze things like user permissions and data sharingโall while time ticks away! โณ This effort consumes massive resources, and many threats slip through the cracks.
Enter Threat Intelligence ๐ก๐ก๏ธย
This is where threat intelligence steps in. It's a game-changer! ๐ฏ Threat intelligence provides actionable data about potential threats, giving security teams real-time insights they can act on before it's too late. ๐จย
The Numbers Don't Lie! ๐ย
Did you know that right now, 24 billion stolen credentials are floating around on the Darknet? ๐ฑ According to research by ReliaQuest and Microsoft, there are 4,000 password attacks blocked every second! Without specialized threat intelligence, managing these massive numbers of threats is nearly impossible. ๐๐ง
For example, in the 2024 Dropbox Sign breach, attackers exploited OAuth vulnerabilities to gain access to sensitive data like API keys and OAuth tokens. ๐จ This highlighted the importance of proactive security measures and swift response to leaked credentials. ๐โโ๏ธ๐ป
MFA: A Solution or Not? ๐
While Multi-Factor Authentication (MFA) is often touted as a solution, itโs not foolproof. โ Recent attacks on Change Healthcare and Snowflake showed that attackers can still bypass MFA. The real issue lies in poorly configured apps and security gaps in critical business applications. This is why companies need SaaS-specific threat intelligenceโto act before attackers seize control. โก๐พ
Tailored Threat Intelligence for SaaS ๐จ
With custom SaaS threat intelligence, security teams receive real-time, contextual alerts when their specific SaaS apps are at risk. ๐ฏ๐ฌ For example, when GitHub suffered a security breach in 2023, stolen OAuth tokens were used to download sensitive data. Immediate actionโlike revoking tokensโwas critical to prevent further damage. ๐ Swift response is key to minimizing potential losses.
Wing Security: Your SaaS Protector ๐ก๏ธ๐ผ
Companies like Wing Security are leading the charge in SaaS-specific threat intelligence. ๐ With a combination of machine learning and expert human analysis, Wingโs platform offers prioritized, timely alerts that guide users through steps like suspending users, revoking tokens, and creating tickets. ๐๏ธ๐ง
Wing Security's holistic SaaS security solution ensures that configurations are secure and data is protected across the entire SaaS ecosystem. ๐๐ Their platform simplifies SaaS security management, helping CISOs sleep a little better at night. ๐๐ค
Stay secure in your SaaS ecosystemโyour companyโs data depends on it! ๐ช
Every day, 3.5 million readers turn to 1440 for their factual news. We sift through 100+ sources to bring you a complete summary of politics, global events, business, and culture, all in a brief 5-minute email. Enjoy an impartial news experience.
Cybersecurity researchers have uncovered a large-scale phishing campaign leveraging refresh entries in HTTP headers to deliver spoofed email login pages, aiming to steal users' credentials. ๐จ๐
Unlike typical phishing schemes that manipulate HTML content, these attacks abuse the HTTP response header, which directs browsers to automatically reload or refresh a web page without user interaction. This tactic adds a layer of sophistication, making the attack harder to detect. ๐จ
How It Works โ๏ธ
The infection chain begins with a phishing email containing a malicious link. Clicking the link redirects users to a spoofed login page, often mimicking legitimate websites. The Refresh response header carries the redirect, masking the attacker's intent and pre-filling the victims' email addresses to make the fraudulent page seem authentic. ๐ฑ๐
These attacks were observed between May and July 2024, targeting large corporations, government agencies, and educational institutions across South Korea and the U.S. More than 2,000 malicious URLs were associated with the campaigns. ๐ป
Key targets: Business and economy (36%), financial services (12.9%), government (6.9%), health (5.7%), and tech (5.4%) sectors.
Attackers also use legitimate domains that offer URL shortening and tracking services, further camouflaging their activities. The tactic of redirecting to official sites makes these phishing attempts even more deceptive, increasing the success rate of credential theft. ๐โ ๏ธ
BEC and Phishingโs Costly Toll ๐ฐ
These phishing attacks are just one part of a broader trend of Business Email Compromise (BEC), which continues to be a top avenue for cybercriminals. The FBI reports that BEC scams cost U.S. and global organizations a staggering $55.49 billion between October 2013 and December 2023. Over 305,000 incidents were reported during this period. ๐๐ผ
BEC attacks, like these phishing campaigns, exploit human trust and familiarity, often using legitimate-looking emails and websites to deceive users into handing over sensitive information.
Evolving Phishing Tactics ๐ฏ
Cybercriminals are continuously refining their tactics. In recent scams, deepfake videos of public figures and CEOs have been used to lure victims into bogus investment schemes like Quantum AI. Attackers use social media ads and fake websites to entice users into paying fees, only to lock them out of their accounts and steal their money. ๐ฝ๏ธ๐ธ
Another emerging threat is the use of automated CAPTCHA-solving services provided by groups like Greasy Opal. Operating since 2009, Greasy Opal offers cybercriminals tools for credential stuffing, fake account creation, and browser automation. Their services, available for as little as $190 with a monthly subscription, cater to a wide array of cybercrime activities, helping threat actors bypass basic security measures like CAPTCHAs. ๐งฉ๐
One notorious user of these services is Storm-1152, a Vietnamese cybercrime group identified by Microsoft for selling fraudulent Microsoft accounts. These sophisticated operations reflect the growing trend of gray zone cyber businesses, where tools created for legitimate purposes are repurposed for illegal activities. ๐๐ฅ
Protect Yourself ๐ก
With attackers employing increasingly clever tactics like HTTP header refresh abuse, itโs more critical than ever for organizations to bolster their email security defenses, educate users on phishing awareness, and deploy advanced detection technologies that can identify and mitigate these evolving threats. Stay vigilant, and don't click suspicious links! ๐
๐๏ธ Extra, Extra! Read all about it! ๐๏ธ
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
๐ก๏ธ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday ๐
๐ตCrypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for ๐
๐Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future ๐พ
Let us know what you think.
So long and thanks for reading all the phish!