Boeing Faces Cybersecurity Incident. Ransomware gang claims data theft ๐ŸŒ

Nov 03 2023

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that looks forward to the day when cybercrime is no longer in the newsโ€ฆ like the war in Ukraine. Except for the right reasons, not just because something bigger happened and people stopped caring ๐Ÿ˜”

Itโ€™s Friday, folks, which can only mean one thingโ€ฆ Itโ€™s time for our weekly segment!

It goes by many names. Patch of the Week, Tweak of the week. Okay, thatโ€™s it.

Congrats, the cybercriminals are no matchโ€ฆ for your patch! ๐Ÿฉน๐Ÿฉน๐Ÿฉน

Check out these freshly hatched patches!! ๐Ÿฃ๐Ÿฃ๐Ÿฃ

At long Lassian: Atlassian patches Confluence data wiping bug

Atlassian has issued a warning about a severe security flaw, CVE-2023-22518, affecting Confluence Data Center and Confluence Server. A public exploit is now available, posing a significant risk to unpatched instances exposed on the internet. ๐ŸŒ๐Ÿ˜ฑ

๐Ÿ”’ Severity and Impact:

This improper authorisation vulnerability rates 9.1/10 in severity and can be exploited for data destruction attacks on affected servers. However, it cannot be used for data theft. Confluence Cloud sites accessed via are unaffected. ๐Ÿ”๐Ÿ’พ

๐Ÿ‘ฉโ€๐Ÿ’ป Action Required:

Admins must act immediately to protect their instances. Update to patched versions, including Confluence Data Center and Server versions 7.19.16, 8.3.4, 8.4.4, 8.5.3, and 8.6.1.

If immediate patching is not possible, apply mitigation measures like backups and blocking internet access to unpatched servers. These are temporary solutions; patching is essential. ๐Ÿš€

Now, on to todayโ€™s hottest cybersecurity stories:

  • โœˆ๏ธ Cybercrime is really taking off. Boeing suffers ransomware attack ๐Ÿ’ฐ

  • ๐Ÿ–ฅ๏ธ 34 Windows drivers are vulnerable to FULL DEVICE TAKEOVER ๐Ÿ‘จโ€๐Ÿ’ป

  • ๐Ÿฑ HelloKitty ransomware group is exploiting Apache ActiveMQ flaws ๐Ÿš

Itโ€™s a flying shame ๐Ÿ˜ฌ but we reckon the hackers are just winging it ๐Ÿ’€๐Ÿ’€๐Ÿ’€

๐Ÿš€ Boeing Faces Cybersecurity Incident. Ransomware gang claims data theft ๐ŸŒ

Aerospace giant Boeing is grappling with a "cyber incident" shortly after being linked to the LockBit ransomware gang's leak site. ๐Ÿ˜ฑ

๐Ÿ”’ Boeing Confirms Attack:

Boeing spokesperson Jim Proulx verified that the attack targeted "parts and distribution business" elements. Importantly, flight safety remains unaffected. Boeing is actively investigating the incident, collaborating with law enforcement and regulatory authorities, and notifying customers and suppliers. โœˆ๏ธ๐Ÿ”

๐Ÿ” LockBit's Involvement:

The Russia-linked LockBit gang claimed responsibility for the cyberattack on Boeing. ๐Ÿ‡ท๐Ÿ‡บ Recent U.S. government reports show LockBit's widespread impact, targeting over 1,800 systems worldwide since late 2019. ๐Ÿ˜ฎ

๐Ÿ’ป Ransom Threats:

LockBit threatened to publish stolen data if Boeing didn't meet their ransom demand by November 2. Although the listing was removed, whether Boeing paid or not remains undisclosed. The U.S. government sanctions paying ransoms to such groups, as with Evil Corp, believed to be affiliated with LockBit. ๐Ÿšซ๐Ÿ’ฐ

๐Ÿ“ˆ Uncertain Details:

LockBit claimed not to have contacted Boeing, while Boeing remains mum about the compromise and data exfiltration. However, they confirm being affected by a cybersecurity incident involving data exfiltration. ๐Ÿค๐Ÿ”“

๐Ÿ›ซ Past Incidents:

Boeing's subsidiary Jeppesen faced a cyber incident last year, leading to disruptions in flight planning. โœˆ๏ธ๐Ÿ› ๏ธ

Stay tuned for more updates on this developing situation! ๐Ÿ“ฐ๐Ÿšจ

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That's where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it's the perfect solution for keeping your Mac or PC safe and secure.

Hackers are opportunists. Donโ€™t give them a Window ๐Ÿ‘€๐Ÿ™ˆ

๐Ÿšจ Critical Windows Driver Vulnerabilities Discovered ๐Ÿ›ก๏ธ

A recent cybersecurity research by VMware Carbon Black has uncovered 34 vulnerable Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) drivers. ๐Ÿ˜ฑ

๐Ÿ‘พ Potential Device Takeover:

These vulnerabilities can be exploited by non-privileged threat actors to gain full control over devices and execute arbitrary code on the underlying systems. This means they could erase/alter firmware and elevate operating system privileges. ๐Ÿ˜จ๐Ÿ’ป

๐Ÿ” Expanding Previous Research:

This study builds upon earlier research efforts like ScrewedDrivers and POPKORN, which used symbolic execution to identify these risky drivers. It specifically focuses on drivers with firmware access through port I/O and memory-mapped I/O.

๐Ÿ”’ Vulnerable Driver Examples:

Some of the vulnerable drivers include:

  • AODDriver.sys

  • ComputerZ.sys

  • dellbios.sys, and more. ๐Ÿ˜ฌ

๐Ÿ›ก๏ธ Security Implications:

Of the 34 drivers, six provide kernel memory access that can be exploited to elevate privilege and bypass security measures. Twelve drivers could undermine security mechanisms like KASLR. Seven drivers, including Intel's stdcdrv64.sys, can erase firmware, rendering the system unbootable. ๐Ÿ˜ต

๐Ÿ”‘ Elevated Threat with WDF Drivers:

VMware also identified WDF drivers like WDTKernel.sys and H2OFFT64.sys that, while not vulnerable in terms of access control, can be easily weaponized by privileged threat actors, enabling BYOVD (Bring Your Own Vulnerable Driver) attacks. ๐Ÿคฏ

FYI, in BYOVD attacks, threat actors abuse vulnerabilities in legitimate, signed drivers, on which security products rely, to achieve successful kernel-mode exploitation and disable defence solutions.

๐ŸŒ Wider Security Concerns:

These vulnerabilities can be leveraged by malicious actors to evade detection and gain elevated privileges, posing significant cybersecurity threats.

Stay vigilant, and ensure your systems are up to date with security patches! ๐Ÿ›ก๏ธ๐Ÿ’ป๐ŸŒ

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

Our new segment where we pick out some cool sites we like, reply to the mail and let us know what you think.

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)

๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)

๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

This Kitty finds flaws ๐Ÿ˜ผ Instead of โ€˜got clawsโ€™ ๐Ÿ˜Ž๐Ÿ‘

๐Ÿ”’ Apache ActiveMQ Vulnerability Exploited by Ransomware Gang ๐Ÿšซ

Cybersecurity experts have issued a warning about a critical security flaw in Apache ActiveMQ, an open-source message broker service. This vulnerability, identified as CVE-2023-46604, allows hackers to execute remote code, and it has a severity rating of 10.0 (the maximum). ๐Ÿ˜จ

๐Ÿ’ก What Happened:

Hackers have been exploiting this flaw to deploy ransomware on targeted systems. The ransomware family responsible is HelloKitty, whose source code was leaked in October. ๐Ÿฆ 

๐Ÿ”‘ Affected Versions:

The vulnerability impacts various versions of Apache ActiveMQ, including 5.18.0 before 5.18.3, 5.17.0 before 5.17.6, and others. It's essential to check if your system is vulnerable.

๐Ÿ›ก๏ธ Protect Yourself:

To stay safe, update your ActiveMQ to the fixed versions released in the past month. The flaw has been actively exploited, and there's a proof-of-concept exploit code available. ๐Ÿš€

๐Ÿ—บ๏ธ Global Reach:

This issue affects thousands of internet-accessible ActiveMQ instances worldwide, with a significant number in China, the U.S., Germany, South Korea, and India. ๐ŸŒ

๐Ÿ•ต๏ธโ€โ™‚๏ธ What to Do:

If you're using Apache ActiveMQ, act swiftly. Update to the patched versions and scan your network for any signs of compromise. Your security is paramount! ๐Ÿ”’๐Ÿ’ป

Thatโ€™s all for this week, folks. Stay safe, cyber squad ๐Ÿค–

๐Ÿ—ž๏ธ Extra, Extra! Read all about it! ๐Ÿ—ž๏ธ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles