Jan 16 2024
Welcome to Gone Phishing, your daily cybersecurity newsletter that’s on X wondering if the #Plusnet (minus internet? ????) issues are due to an unreported cyberattack or just good, old-fashioned incompetence ???? #WatchThisSpace ????
Today’s hottest cybersecurity news stories:
????️ Bosch thermostats, Rexroth nutrunners w/ high-severity flaws ????
???? UPDATE! Russia may not be behind Denmark cyberattacks ????
⚠️ MyFlaw lets hackers run anything on your computer via Opera ????
???? Multiple security flaws found in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners could expose systems to potential code execution! ????
???? Discovered by Bitdefender, a Romanian cybersecurity firm, the Bosch BCC100 thermostat flaw (CVE-2023-49722, CVSS 8.3) allows unauthorised access via an open port 8899, enabling attackers to manipulate device firmware. Bosch has fixed this in firmware v4.13.33 by closing the port.
???? Meanwhile, Rexroth NXA015S-36V-B faces over two dozen vulnerabilities, posing risks of disrupting operations, compromising safety, and even ransomware attacks. Nozomi Networks warns that an attacker could compromise product safety or demand ransom by disabling the torque wrench.
???? Action Required: Bosch plans to release patches by end-January 2024. Until then, users are urged to limit network accessibility and review login accounts. ????️
???? This follows Pentagrid's discovery of vulnerabilities in Lantronix EDS-MD IoT gateways, emphasising the growing importance of IoT device security.
Stay vigilant, and update your devices promptly! ????????️
Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.
???? Recent findings reveal surprising twists in the cyber attacks on Denmark's energy sector last year, challenging initial suspicions of involvement by the Russia-linked Sandworm hacking group (which we covered in November – 2nd story down). ????️♂️
???? Attack Overview:
22 Danish energy organisations targeted in two waves.
Wave 1 exploited the Zyxel firewall flaw (CVE-2023-28771).
Wave 2 involved Mirai botnet variants via an unknown access vector.
Noteworthy: May 24 attack communicated with IPs linked to the dismantled Cyclops Blink botnet.
???? Key Findings:
The two waves were unrelated.
Unlikely the work of a state-sponsored group.
Second wave part of a broader mass exploitation against unpatched Zyxel firewalls.
Attack campaign named "Clearing the Fog of War"
???? Timeline Insights:
Attacks started as early as Feb 16, using known flaws in Zyxel devices (CVE-2020-9054, CVE-2022-30525).
Continued until Oct 2023, targeting entities across Europe and the U.S.
???? Security Implications:
Ongoing exploitation (CVE-2023-27881) indicates a broader threat beyond Danish critical infrastructure.
Targets include exposed devices, particularly Zyxel firewalls safeguarding critical infrastructure organisations.
????️ Recommended Actions:
Stay vigilant and update systems promptly.
Enhanced cybersecurity measures may be required. ????????
???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)
???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)
???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ⚾???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)
Cybersecurity researchers have exposed a critical security flaw in the Opera web browser for Microsoft Windows and Apple macOS, posing a potential threat to user data and system integrity.
The vulnerability, codenamed "MyFlaw" by Guardio Labs, utilises the "My Flow" feature, designed for syncing messages and files between mobile and desktop devices.
???? Key Details:
Exploitation could lead to the execution of any file on the underlying operating system.
My Flow feature, facilitated by a controlled browser extension, bypasses the browser's sandbox and process.
Vulnerability impacts both Opera and Opera GX browsers.
Responsible disclosure on November 17, 2023, and addressed through updates on November 22, 2023.
???? Attack Vector Analysis:
My Flow's chat-like interface allows file exchanges with a web interface.
The flaw lies in the extension "Opera Touch Background" and its manifest file permissions.
Domains (*.flow.opera.com, .flow.op-test.net) controlled by the browser vendor expose messaging API.
???? Complexity Unveiled:
Guardio Labs unearthed a forgotten, vulnerable version of My Flow on "web.flow.opera.com."
Lack of content security policy and an insecure script tag create a code injection risk.
Exploitation involves a specially crafted extension masquerading as a mobile device.
???? Mitigation and Response:
Opera swiftly addressed the issue and implemented fixes on the server side.
The company emphasises the importance of ongoing efforts to enhance browser security.
???? Opera's Response:
Opera expresses gratitude to Guardio Labs for uncovering the vulnerability.
Assures users that corrective measures have been taken to prevent future occurrences.
Acknowledges the need for internal design changes and improvements in Chromium's infrastructure.
????️ Stay Secure:
Users are urged to update their Opera browsers to the latest version promptly.
Browser-based attacks underscore the evolving threat landscape, emphasising the need for continuous vigilance. ????????
That’s all for today, folks! ???? Stay safe and don’t let the bedbugs byte ????
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.
Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran 'Wealthy Primate' might be able to help you climb that tree ???????? with his stick and banana approach ????????
Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)
Let us know what you think!
So long and thanks for reading all the phish!