๐ŸŒต CACTUS ransomware exploits flaws in Qlik Sense ๐Ÿ’ป

Dec 01 2023

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter thatโ€™s got that Friday feeling ๐ŸŽ‰

Itโ€™s Friday, folks, which can only mean one thingโ€ฆ Itโ€™s time for our weekly segment!ย 

It goes by many names. Patch of the Week, Tweak of the week. Okay, thatโ€™s it.ย 

Congrats, the cybercriminals are no matchโ€ฆ for your patch! ๐Ÿฉน๐Ÿฉน๐Ÿฉนย 

Check out these freshly hatched patches ๐Ÿฃ๐Ÿฃ๐Ÿฃ

๐Ÿšจ Important Security Update from Google! ๐Ÿšจ

Google has just released a crucial security update for its Chrome browser, fixing seven vulnerabilities, including a high-severity zero-day bug (CVE-2023-6345) in the Skia graphics library. Discovered by Benoรฎt Sevens and Clรฉment Lecigne of Google's Threat Analysis Group, this exploit is actively being used in the wild. ๐Ÿ˜ฑ

The update addresses a total of seven zero-days in Chrome this year, covering issues like type confusion, integer overflow, and heap buffer overflow. Users are strongly advised to upgrade to Chrome version 119.0.6045.199/.200 (for Windows) and 119.0.6045.199 (for macOS and Linux) ASAP to stay protected.

Chromium-based browser users (Microsoft Edge, Brave, Opera, Vivaldi) should also apply fixes when available. Stay safe online! ๐Ÿ”’๐ŸŒ

Now, on to todayโ€™s hottest cybersecurity stories:

  • ๐ŸŒต CACTUS ransomware exploits flaws in Qlik Sense ๐Ÿ’ป

  • ๐Ÿš Korea criminals Lazurus hit $3 billion in crypto hacks ๐Ÿ’ฐ

  • ๐Ÿ“ง Introducing Googleโ€™s new RETVec, tackling phishing ๐ŸŽฃ

Bunch of pricks ๐ŸŒต๐Ÿ’€๐Ÿ˜‚

๐Ÿšจ Ransomware Alert: CACTUS Exploits Qlik Sense Flaws! ๐ŸŒ

ย The campaign leverages three disclosed flaws in Qlik Sense over the past three months, including a high-severity HTTP Request Tunneling vulnerability (CVE-2023-41265), a path traversal bug (CVE-2023-41266), and an unauthenticated remote code execution issue (CVE-2023-48365). Notably, CVE-2023-48365 stems from an incomplete patch for CVE-2023-41265.

๐ŸŒ Attack Tactics

In these attacks, cybercriminals exploit Qlik Sense Scheduler to establish persistence, deploying tools like ManageEngine UEMS and AnyDesk. The attackers go further by uninstalling Sophos software, changing admin passwords, and creating RDP tunnels.

๐Ÿ›ก๏ธ Culmination in Ransomware

The attacks culminate in the deployment of CACTUS ransomware, with rclone used for data exfiltration.

๐ŸŒ Evolving Ransomware Landscape

This revelation aligns with the evolving ransomware landscape, showcasing increased sophistication and collaboration among threat actors. Despite global efforts, ransomware-as-a-service (RaaS) remains lucrative.

๐Ÿ’ผ Black Basta's Illicit Gains

The notorious Black Basta group, linked to Conti and QakBot, has reportedly garnered over $107 million in Bitcoin ransom payments. These proceeds were laundered through a Russian cryptocurrency exchange, Garantex.

๐Ÿ” Stay Vigilant!

Regularly update systems, apply patches, and employ robust cybersecurity measures. Together, let's combat the ever-evolving threats! ๐ŸŒ๐Ÿ’ป๐Ÿ”’

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That's where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it's the perfect solution for keeping your Mac or PC safe and secure.

Theyโ€™ve made a Korea out of it ๐Ÿ˜ฌ

๐ŸŒ North Korean Hackers Target Cryptocurrency for Revenue Generation! ๐Ÿšจ

Cybersecurity firm Recorded Future reveals an alarming trend as threat actors from the Democratic People's Republic of Korea (DPRK) increasingly focus on the cryptocurrency sector for revenue since 2017, sidestepping imposed sanctions. ๐Ÿ‡ฐ๐Ÿ‡ต

๐Ÿ›‘ Despite heavy restrictions on movement, DPRK's ruling elite and skilled computer science professionals leverage privileged access to conduct cyber attacks on the cryptocurrency industry. The U.S. Treasury Department recently sanctioned Sinbad, a virtual currency mixer used by the North Korea-linked Lazarus Group to launder proceeds.

๐Ÿ’ธ Estimated to have stolen $3 billion in crypto assets over six years, with $1.7 billion in 2022 alone, these funds directly finance the nation's weapons programs. Notably, $1.1 billion was stolen through DeFi protocol hacks, making North Korea a significant force in the DeFi hacking trend.

๐Ÿ”’ The U.S. DHS warns of Lazarus Group exploiting DeFi protocols, emphasising the challenges in attributing stolen cryptocurrency transitions. DPRK hackers excel at social engineering, targeting cryptocurrency exchange employees, conducting phishing tactics, airdrop scams, rug pulls, and utilising mixing services to conceal financial trails.

๐Ÿ” Without stronger regulations and cybersecurity measures, North Korea is likely to persist in targeting the cryptocurrency industry for additional revenue, warns Recorded Future. Stay vigilant and ensure robust cybersecurity for the evolving threat landscape! ๐ŸŒ๐Ÿ’ป๐Ÿ”’

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

Our new segment where we pick out some cool sites we like, reply to the mail and let us know what you think.

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)

๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)

๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Google phishing for compliments again ๐Ÿ˜

๐Ÿ” Google Unveils RETVec: Boosting Gmail's Defense Against Harmful Content! ๐ŸŒ

Google introduces RETVec (Resilient and Efficient Text Vectorizer), a multilingual text vectorizer designed to enhance the detection of spam and malicious emails in Gmail. ๐Ÿ“ง

๐Ÿ›ก๏ธ Resilient Defense Against Manipulations

RETVec is uniquely trained to withstand character-level manipulations, including insertion, deletion, typos, homoglyphs, LEET substitution, and more. The model utilises a novel character encoder that efficiently encodes all UTF-8 characters and words.

๐ŸŒ Multilingual and Robust

Working across 100+ languages, RETVec aims to fortify server-side and on-device text classifiers, offering resilience against adversarial text manipulations employed by threat actors to bypass traditional defences.

๐Ÿ”  Vectorization in NLP

Vectorization, a method in natural language processing (NLP), maps words or phrases to numerical representations for analysis. RETVec's novel architecture supports all languages and UTF-8 characters without preprocessing, making it ideal for various applications.

๐Ÿš€ Performance Boost in Gmail

Integrated into Gmail, RETVec significantly improved spam detection by 38%, reduced false positives by 19.4%, and lowered Tensor Processing Unit (TPU) usage by 83%. Its compact representation enhances inference speed, reducing computational costs and latency.

๐Ÿ’ป Ideal for On-Device and Large-Scale Deployments

Due to its efficiency, RETVec proves ideal for on-device, web, and large-scale text classification deployments, aligning with Google's commitment to enhancing cybersecurity defences. Stay protected from evolving threats with the latest advancements! ๐Ÿ”’๐ŸŒ๐Ÿ“ง๐Ÿ”

Enjoy your weekends, folks! ๐Ÿฅ‚

๐Ÿ—ž๏ธ Extra, Extra! Read all about it! ๐Ÿ—ž๏ธ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter
  • ๐ŸŒต CACTUS ransomware exploits flaws in Qlik Sense ๐Ÿ’ป

Recent articles