.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }
Welcome to Gone Phishing, your weekly cybersecurity newsletter that wishes you a Happy New Year! 🎉🥳🎊 Unless you’re a cybercriminal, in which case GTFO 🤬
Patch of the Week! 🩹
First thing’s first, folks. Our weekly segment goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it… 😳
Congrats to Mitel MiCollab and Oracle WebLogic Server, the cybercriminals are no match… for your patch! 🩹
Check out this freshly hatched patch 🐣
The MiCollab the world’s been waiting for 🙃
🚨 New Vulnerabilities Added to CISA KEV Catalog! 📖
CISA has flagged three critical flaws in Mitel MiCollab and Oracle WebLogic Server due to active exploitation. Here's what you need to know! 🛡️💻
The Vulnerabilities
1️⃣ CVE-2024-41713 (CVSS 9.1):
Path traversal in Mitel MiCollab allowing unauthorized, unauthenticated access.
2️⃣ CVE-2024-55550 (CVSS 4.4):
Path traversal in Mitel MiCollab enabling authenticated admins to read local files.
💡 Combo Alert: These two can be chained for remote, unauthenticated access to arbitrary server files! ⚠️
3️⃣ CVE-2020-2883 (CVSS 9.8):
A severe flaw in Oracle WebLogic Server exploitable by unauthenticated attackers via IIOP or T3 protocols.
Why It Matters
Mitel MiCollab flaws were discovered during a probe into another critical bug (CVE-2024-35286, CVSS 9.8).
Oracle warned about CVE-2020-2883 in 2020, noting active exploitation reports.
Over 5,600 Mitel MiCollab instances are exposed online, with the majority in the U.S., Canada, and the U.K. 🌍
🚨 Patch Now:
Federal agencies must update by Jan 28, 2025, per Binding Operational Directive (BOD) 22-01.
Check Mitel and Oracle resources for latest patches and updates.
💡 Stay Vigilant:
-
Review your systems for potential exposure.
-
Monitor logs for signs of exploitation.
🔧 Don’t wait for a breach—act now to secure your systems! 🖥️🔒
Now, on to this week’s hottest cybersecurity news stories:
-
👾 Malspam evades SPF, DMARK security by utilising neglected domains 🌐
-
🕵🏼♂️ Researchers lift the lid on NonEulid RAT using UAC bypass, AMSI evasion 🐀
-
⚠️ 2025: Top malware threats to watch out for this coming year. Take notes 📝
SPF 50 won’t even protect you ☀️
🚨 Beware of Email Spoofs! Cybercriminals Ramp Up Malspam Attacks 📧
Cybersecurity researchers report a surge in spoofed email campaigns 🎯 targeting unsuspecting victims by faking sender addresses to appear legitimate. This tactic helps bypass security systems and trick users into engaging with malicious content.
🛠️ Old Tricks, New Domains
While email authentication protocols like DKIM, DMARC, and SPF exist to combat spoofing, attackers now exploit neglected domains without proper DNS records. These domains, though unused for years, successfully slip past modern filters.
💡 Tactics in Play:
🔹 Phishing with QR Codes: Fake emails (tax-related in Mandarin) use QR codes linked to phishing sites, stealing IDs and card details.
🔹 Brand Spoofs: Imitating Amazon, Mastercard, and SMBC to harvest credentials via fraudulent login pages.
🔹 Extortion Scams: Threats of leaked “embarrassing videos” demand Bitcoin payments 💸, with fake claims of system compromise.
📋 Other Alarming Trends:
-
Phishing Pages: Hosted on trusted platforms like Canva, Dropbox, and Google AMP.
-
SMS Phishing: Pretending to be law enforcement, targeting victims with fake fines or renewal notices.
-
Sophisticated Scams: Social engineering against Middle Eastern banking customers, exploiting leaked personal data.
🔐 How to Stay Safe:
✔️ Verify sender domains and avoid clicking on unknown links.
✔️ Update your DNS records if you manage domains.
✔️ Report suspicious emails to your email provider.
✔️ Enable 2FA for critical accounts.
⚠️ Pro Tip: Remember, no legitimate organization will ask for sensitive info via email. Stay vigilant! 🛡️
VaultCraft V2 secures $100M+ BTC from Matrixport
VaultCraft launches V2 in partnership with Safe, lands $100M+ in Bitcoin
-
Matrixport entrusts VaultCraft with $100M+ Bitcoin
-
OKX Web3 rolls out Safe Smart Vaults with $250K+ rewards
Eu wot? 💀
🚨 NonEuclid RAT: A Sophisticated Cyber Threat Unleashed 🖥️
Cybersecurity experts have uncovered NonEuclid, a cutting-edge remote access trojan (RAT) targeting Windows systems. Written in C#, this malware allows attackers to control compromised devices remotely while deploying advanced techniques to evade detection.
🕵️♂️ How It Works:
-
Stealth Tactics: Detects analysis tools like taskmgr.exe and processhacker.exe to evade security checks.
-
Sandbox Detection: Identifies virtual environments and terminates if detected.
-
Antivirus Bypass: Disables Microsoft Defender exclusions and dodges AMSI scans.
-
Persistence Mechanisms: Alters Windows Registry and schedules tasks to maintain control.
🔓 Ransomware Twist:
NonEuclid goes beyond typical RAT functions by encrypting files (e.g., .CSV, .TXT) and renaming them with the ".NonEuclid" extension. Essentially, it doubles as ransomware.
🌐 The Spread:
Promoted aggressively on underground forums, Discord, and YouTube since November 2024, the malware includes tutorials, making it attractive to cybercriminals looking for ready-made solutions.
💡 Key Features:
-
Privilege Escalation: Circumvents User Account Control (UAC) to execute commands.
-
Process Management: Uses Windows API calls to terminate analysis tools.
-
Advanced Evasion: Combines stealth and adaptability to outsmart security tools.
⚠️ Stay Safe!
-
Keep your antivirus updated 🛡️.
-
Regularly review and tighten system privileges.
-
Monitor for suspicious registry changes or scheduled tasks.
-
Educate your team about emerging threats like NonEuclid.
🛑 Remember: The rise of advanced malware like NonEuclid highlights the importance of robust cybersecurity defenses and constant vigilance. Stay ahead of the curve! 🚀
Hire Ava, the AI SDR & Get Meetings on Autopilot
Ava automates your entire outbound demand generation process, including:
-
Intent-Driven Lead Discovery
-
High Quality Emails with Waterfall Personalization
-
Follow-Up Management
Free up your sales team to focus on high-value interactions and closing deals, while Ava handles the time-consuming tasks.
Book a demo to see how Ava can 10x your outbound.
And the award for biggest cyberthreat of 2025 goes to… 🏆
🚨 Top Malware Threats to Watch Out for in 2025 💻⚠️
As cyber threats evolve, staying prepared is more important than ever. Here are 5 common malware families you should start preparing to counter today:
1️⃣ Lumma#
🔍 What It Does:
-
Steals sensitive data, including credentials and financial info.
-
Logs browsing history and targets cryptocurrency wallets.
📦 How It Spreads:
Fake CAPTCHA pages, torrents, and phishing emails.
💡 Defense Tip:
Use sandbox analysis to identify indicators of compromise (IOCs) and enhance your defenses.
2️⃣ XWorm
🔍 What It Does:
-
Offers remote control to attackers.
-
Monitors keystrokes, webcam, audio, and network activity.
📦 How It Spreads:
Delivered through phishing emails with malicious archives.
💡 Defense Tip:
Be cautious with unsolicited emails, especially those containing password-protected archives.
3️⃣ AsyncRAT
🔍 What It Does:
-
Records screens, logs keystrokes, and installs additional malware.
-
Overwhelms websites with attacks and disables security software.
📦 How It Spreads:
Disguised as pirated software or embedded in AI-generated scripts.
💡 Defense Tip:
Avoid downloading unverified software and use advanced sandbox tools for analysis.
4️⃣ Remcos
🔍 What It Does:
Markets itself as a legitimate tool but enables remote control of systems.
Steals data and exploits vulnerabilities like CVE-2017-11882.
📦 How It Spreads:
Distributed via phishing emails with malicious scripts.
💡 Defense Tip:
Regularly patch vulnerabilities and monitor for suspicious PowerShell or Command Prompt activity.
5️⃣ LockBit
🔍 What It Does:
-
Encrypts files and demands ransom for decryption.
-
Operates as part of a Ransomware-as-a-Service (RaaS) model.
📦 How It Spreads:
Targeted attacks on high-profile organizations.
💡 Defense Tip:
Ensure regular backups, implement endpoint protection, and stay informed about emerging ransomware variants like LockBit 4.0.
🛡️ Take Action:
Use tools like ANY.RUN’s Interactive Sandbox for real-time malware analysis. Proactively hunt for threats and bolster your cybersecurity defenses to face 2025 with confidence! 🚀
🗞️ Extra, Extra! Read all about it! 🗞️
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
-
🛡️ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday 📅
-
💵Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for 🆓
-
📈Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future 👾
Let us know what you think.
So long and thanks for reading all the phish!