Jun 12 2024
Welcome to Gone Phishing, your daily cybersecurity newsletter thatβs blasting off to cyber-space πππ
Todayβs hottest cybersecurity news stories:
π Apache RocketMQ hit by Muhstik botnet π€
π SASE Threat Report: Top tips for security π
π€ AI-powered Recall recalled by Microsoft π
Security Alert! ππ‘οΈ The Muhstik botnet is exploiting a critical vulnerability in Apache RocketMQ (CVE-2023-33246) to execute remote code, targeting Linux servers and IoT devices for Distributed Denial of Service (DDoS) attacks and cryptocurrency mining.
Key Details! π§©π
Vulnerability: CVE-2023-33246, a critical flaw in Apache RocketMQ with a CVSS score of 9.8.
Targeted Systems: Linux servers and IoT devices.
Attack Vector: Remote code execution by forging RocketMQ protocol content or using the update configuration function.
Malware Capabilities! π¦ π
System Metadata Collection: Gathers information about the infected system.
Lateral Movement: Spreads to other devices over SSH.
C2 Communication: Connects to a command-and-control domain using IRC to receive further instructions.
DDoS Attacks: Utilises compromised devices to overwhelm target network resources.
Urgent Actions Required! π‘οΈβ‘
Patch Systems: Over 5,000 Apache RocketMQ instances remain vulnerable. Organisations must update to the latest version immediately.
Secure MS-SQL Servers: Apply strong passwords and change them regularly to prevent brute-force attacks.
Adopt Best Practices: Move away from using outdated PHP CGI and implement secure alternatives like Mod-PHP, FastCGI, or PHP-FPM.
Expert Insights! π§ π‘
"Muhstik is a notorious threat that exploits known vulnerabilities in web applications to propagate its malware," noted security researcher Nitzan Yaakov. "With the ability to bypass protections through minor features, this vulnerability highlights the need for robust security measures."
Ongoing Threats! πβοΈ
Crypto Mining Activity: Previous campaigns involving Muhstik have included cryptomining post-infection, leveraging the electrical power of compromised machines.
Brute-Force Attacks: The AhnLab Security Intelligence Center (ASEC) has reported that poorly secured MS-SQL servers are frequent targets for various malware types, including ransomware and remote access trojans.
Conclusion ππ
With the critical nature of CVE-2023-33246 and the active exploitation by the Muhstik botnet, it's imperative for organisations to act swiftly. Updating Apache RocketMQ to the latest version and securing MS-SQL servers are crucial steps in mitigating these risks.
Stay vigilant and protect your systems from this emerging threat! ππ‘οΈ
As cyber threats evolve, organisations need a unified approach to integrate insights from external data, inbound and outbound threats, and network activity for a complete cybersecurity posture.
Cato SASE Threat Report ππ
Cato's Cyber Threat Research Lab (Cato CTRL) has released its first SASE threat report, offering in-depth insights into enterprise and network threats using the MITRE ATT&CK framework. The report draws from extensive data sources, including:
Data from 2,200+ customers.
1.26 trillion network flows.
21.45 billion blocked attacks.
What is Cato CTRL? π΅οΈββοΈ
Cato CTRL combines top human intelligence with comprehensive network and security insights, powered by Cato's AI-enhanced, global SASE platform.
Top 8 Findings:
AI Adoption π€
AI tools like Microsoft Copilot and OpenAI ChatGPT are widely adopted.
Hacker Forum Insights π¬
Hacker forums reveal trends such as enhanced tools using LLMs and services for fake credentials and deep fakes.
Brand Spoofing π
Brands like Booking, Amazon, and eBay are being spoofed for fraud.
Lateral Movement in Networks βοΈ
Attackers exploit unsecured protocols:
62% HTTP traffic.
54% telnet traffic.
46% SMB v1/v2 traffic.
Unpatched Systems Threat π οΈ
Unpatched systems, like those vulnerable to Log4J, remain significant threats.
Industry-Specific Exploits π
Different industries face distinct threats, such as Endpoint Denial of Service and Credential Access exploitation.
Context in Threat Detection π
Contextual understanding and AI/ML algorithms are crucial for detecting suspicious activity.
Low DNSSEC Adoption π
Despite its importance, DNSSEC adoption is only 1%.
Conclusion π
For more detailed insights and to understand the broader threat landscape, read the full SASE Threat Report.
Stay informed, stay protected! π‘οΈ
Stay ahead of the curve with Presspool.ai! π Subscribe to their newsletter for the latest buzz in the information technology space, with a special focus on AI. Their slogan says it all: "Actionable marketing insights for the visionary AI executive." π€π‘ Thatβs us, alright! π€΅ How about you? Visionary AI executive, much? π
And if the newsletter gets your motor running then you can take a butchers at their cool AI marketing product too which is sure to help you make the most of our new artificial overlords and put them to work for your business π€π©βπ»π
Rest assured, the process is very straightforward.
You simply:
π Sign Up & Create Campaign
π Define your audience, budget, and message to captivate your audience.
π Launch your campaign, as Presspoolβs AI matches it with ideal newsletter audiences for optimal reach and conversions. π―
π΅οΈ Finally, you leverage real-time analytics to track performance and refine future strategies. π Elevate your marketing game and stay informed with Presspool.ai! π Simples! π¦¦
Presspool.aiΒ π°ππ€ may just have what you need to succeed. And if the product isnβt for you, the newsletter alone is a gamechanger. And we know newsletters π
Microsoft announced it will disable the controversial AI-powered Recall feature by default and make it opt-in starting June 18, 2024, in response to significant backlash from the security and privacy community.
About Recall π
What it does: Recall captures screenshots of users' screens every five seconds, creating an "explorable visual timeline" to surface relevant information.
Availability: Exclusively on Copilot+ PCs.
Controversy β οΈ
Privacy Concerns: Critics argue that Recall could expose sensitive information, such as documents and messages, making users vulnerable to malicious actors.
Negative Reactions: Security experts like WIRED's Andy Greenberg labelled Recall as "unrequested, pre-installed spyware," and Microsoft was criticised for secrecy during development.
Microsoft's Response π‘
User Control:
Users will have full control over Recall, with an option to opt out of saving screenshots.
Security Enhancements:
Biometric authentication via Windows Hello is required to enable Recall.
Encryption for the search index database.
Snapshots decrypted only upon user authentication.
Local Processing:
All Recall data is stored and processed locally on-device, not shared with external entities.
User Experience π€
Opt-in Process: Users will go through a new setup process to enable Recall.
Visual Indicators: Recall will be pinned to the taskbar with a system tray icon indicating when snapshots are being saved.
Enterprise Controls πΉοΈ
IT administrators in enterprise environments can disable Recall for managed devices, but cannot enable it.
Industry Reaction π
Positive Steps: Security researcher Kevin Beaumont praised the move to make Recall opt-in, highlighting the importance of user choice to avoid potential security issues.
Microsoft's Commitment to Security π
The decision is part of Microsoft's broader Secure Future Initiative (SFI), emphasising security above other priorities.
CEO Satya Nadella stressed the importance of prioritising security in all aspects of Microsoft's operations.
Microsoft's reversal on Recall aims to address privacy and security concerns while gathering user feedback to refine the feature. For more details, read the full announcement from Microsoft.
ποΈ Extra, Extra! Read all about it! ποΈ
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
π‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday π
π΅Β Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for π
πΒ Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πΎ
Let us know what you think.
So long and thanks for reading all the phish!