Sep 08 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that wonders how we went from highwaymen talking about βyour money or your lifeβ to ransomware hackers on about βyour money or yourβ¦ computer filesβ. Strange times, amirite? π
Itβs Friday, folks, which can only mean one thingβ¦ Itβs time for our weekly segment!!!
It goes by many names. Patch of the Week, Tweak of the week. Okay, thatβs it.
Congrats, the cybercriminals are no matchβ¦ for your patch! π©Ήπ©Ήπ©Ή
Check out these freshly hatched patches!! π£π£π£
Three major security flaws have been discovered in ASUS routers πΆ that could potentially let hackers take control of your network devices! π±
Affected models π‘
RT-AX55, RT-AX56U_V2
RT-AC86U
CVE-2023-39238:Β A format string vulnerability in the iperf-related modules could allow remote attackers to gain control over your device. (CVSS 9.8)
CVE-2023-39239: A similar format string issue in the general setting function can also lead to remote code execution. (CVSS 9.8)
CVE-2023-39240:Β The iperf-related modules have another vulnerability that could be exploited by remote attackers. (CVSS 9.8)
Attackers can trigger these problems through certain administrative API functions π΅οΈββοΈ
Affected Firmware Versions π¨βπ»
3.0.0.4.386_50460, 3.0.0.4.386_50460
3.0.0.4_386_51529
Resolution βοΈ
ASUS recommends updating to these firmware versions:
RT-AX55: 3.0.0.4.386_51948 or later
RT-AX56U_V2: 3.0.0.4.386_51948 or later
RT-AC86U: 3.0.0.4.386_51915 or later
π To stay safe, apply these security updates ASAP! ASUS also suggests turning off remote administration (WAN Web Access) as a temporary workaround. π‘οΈ
π’ Google Bolsters Android Security π’
π Google has released its latest monthly security update for Android, tackling a zero-day vulnerability (CVE-2023-35674) with potential in-the-wild exploitation. This high-severity flaw involves privilege escalation in the Android Framework. π±π‘οΈ
Resolution βοΈ
In total, Google has resolved 14 System module flaws and two MediaProvider component issues, the latter to be delivered as a Google Play system update.
Stay safe with the latest Android security patch! πͺπΎ
Now, on to todayβs hottest cybersecurity stories:
π JUMPSEC: Ransomware attacks up 87% in the UK π³π²π
πΊοΈ Atlas VPN zero-day vulnerability leaks users' real IP address π
π« Cyberattacks cause chaos during first week of school. Kids devastated π
Gif by thenextstep on Giphy
β In the UK, ransomware attacks soared by a staggering 87% during H1 2023 compared to the second half of 2022.
π Globally, attacks spiked by 37% over the same period.
π July witnessed a record-breaking 436 ransomware attacks worldwide, marking a 20% increase since the Log4j incident in 2021.
π΅οΈββοΈ Ransomware groups also grew by 20% compared to the previous year.
π° Profit Connection
πΈ Cryptocurrency profits of known threat actors appear linked to this surge in attacks.
π’ Widespread exploitation of software vulnerabilities is a primary driver.
π‘οΈ Vulnerabilities in platforms like Rackspace, Zimbra, and MOVEit contribute to the problem.
π¦ A growing number of ransomware variants adds to the challenge.
π Key Trends to Watch
π Lockbit reigns as the top ransomware variant in 2023.
βοΈ Cl0p ransomware, linked to the MOVEit breach, gains significant impact.
π¦ Financial services, insurance, and IT sectors are prime targets globally and in the UK.
πΌ Organizations in these sectors face data theft and extortion attempts.
π₯ BlackCat (ALPHV) and Cl0P emerge as top ransomware groups in 2023 targeting UK organizations with substantial bank assets.
π¨ Summary
π Ransomware attacks continue to escalate, evolving with more personal and impactful methods.
π‘οΈ Organizations must enhance their cyber extortion response strategies to stay ahead of attackers. πͺ
I came across ZZZ money club during the crypto market bull run when everyoneβs a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.
The group is very active and everyone in this private discord group is very chatty and helpful.
Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.
If you are interested in joining the group you can through the link below.
A critical zero-day vulnerability in Atlas VPN's Linux client can reveal a user's real IP address by simply visiting a website! π±
π The Issue
The flaw affects the Linux client of Atlas VPN, version 1.0.3. It allows websites to disconnect the VPN session and expose the user's actual IP address. A PoC exploit was shared on Reddit, confirming the risk.
π‘ Why It Matters
This privacy breach exposes a user's approximate location and true IP address, defeating the purpose of a VPN. CORS protections are bypassed by using form submissions, making this attack possible. Atlas VPN responded after public disclosure, promising a fix for Linux users.
π Immediate Precautions
Users of the affected version (1.0.3) are advised to take precautions and consider alternative VPN solutions until the patch is released. Atlas VPN commits to resolving the issue promptly and enhancing security checks.
Stay secure and watch for updates from Atlas VPN! ππ
ποΈ Extra, Extra! Read all about it! ποΈ
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
βοΈ ViaTravelers: Get exclusive travel tips, news, and insider deals right in your inbox.
πΒ Leadership in Tech: A weekly newsletter for CTOs, engineering managers and senior engineers to become better leaders.
π§ Β Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.
Let us know what you think!
Highgate Wood School Delayed π
In a concerning development, Highgate Wood School in London has fallen victim to a cyberattack, causing a six-day delay in the start of the new term. And boy, what fantastic weather for it! Lol, sorry. Cyberattacks = bad. The breach disrupted their systems, but the school is working diligently with cybersecurity experts to restore normalcy. π οΈ
π Data Security Remains Strong
Highgate Wood School assures that data security remains intact despite the attack. The investigation gives confidence that employee and pupil data has not been compromised. The school deeply apologizes for any inconvenience and appreciates the patience and understanding of parents. π€
π Debenham High School
Debenham High School in Suffolk faced a similar cyberattack, resulting in the loss of access to its systems. However, the school is actively working to restore functionality before the new term begins. πͺ
ππ Cybersecurity in Education (or lack thereof π¬)
These incidents shed light on the pressing need for enhanced cybersecurity measures in educational institutions. The education sector remains vulnerable to cyber threats, emphasizing the importance of proactive protections. Experts stress the urgency of fortifying defenses to safeguard students and staff.
Catch you on Monday, cyber-squad! Peace and love βοΈ And stay in school, kids. Well, stay out until they tell you to come back. But, you know, after that. π€π
So long and thanks for reading all the phish!