Sep 08 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that wonders how we went from highwaymen talking about ‘your money or your life’ to ransomware hackers on about ‘your money or your… computer files’. Strange times, amirite? ????
It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!!!
It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.
Congrats, the cybercriminals are no match… for your patch! ????????????
Check out these freshly hatched patches!! ????????????
Three major security flaws have been discovered in ASUS routers ???? that could potentially let hackers take control of your network devices! ????
Affected models ????
RT-AX55, RT-AX56U_V2
RT-AC86U
CVE-2023-39238: A format string vulnerability in the iperf-related modules could allow remote attackers to gain control over your device. (CVSS 9.8)
CVE-2023-39239: A similar format string issue in the general setting function can also lead to remote code execution. (CVSS 9.8)
CVE-2023-39240: The iperf-related modules have another vulnerability that could be exploited by remote attackers. (CVSS 9.8)
Attackers can trigger these problems through certain administrative API functions ????️♂️
Affected Firmware Versions ????????
3.0.0.4.386_50460, 3.0.0.4.386_50460
3.0.0.4_386_51529
Resolution ✔️
ASUS recommends updating to these firmware versions:
RT-AX55: 3.0.0.4.386_51948 or later
RT-AX56U_V2: 3.0.0.4.386_51948 or later
RT-AC86U: 3.0.0.4.386_51915 or later
???? To stay safe, apply these security updates ASAP! ASUS also suggests turning off remote administration (WAN Web Access) as a temporary workaround. ????️
???? Google Bolsters Android Security ????
???? Google has released its latest monthly security update for Android, tackling a zero-day vulnerability (CVE-2023-35674) with potential in-the-wild exploitation. This high-severity flaw involves privilege escalation in the Android Framework. ????????️
Resolution ✔️
In total, Google has resolved 14 System module flaws and two MediaProvider component issues, the latter to be delivered as a Google Play system update.
Stay safe with the latest Android security patch! ????????
Now, on to today’s hottest cybersecurity stories:
???? JUMPSEC: Ransomware attacks up 87% in the UK ????????????
????️ Atlas VPN zero-day vulnerability leaks users’ real IP address ????
???? Cyberattacks cause chaos during first week of school. Kids devastated ????
Gif by thenextstep on Giphy
☕ In the UK, ransomware attacks soared by a staggering 87% during H1 2023 compared to the second half of 2022.
???? Globally, attacks spiked by 37% over the same period.
???? July witnessed a record-breaking 436 ransomware attacks worldwide, marking a 20% increase since the Log4j incident in 2021.
????️♂️ Ransomware groups also grew by 20% compared to the previous year.
???? Profit Connection
???? Cryptocurrency profits of known threat actors appear linked to this surge in attacks.
???? Widespread exploitation of software vulnerabilities is a primary driver.
????️ Vulnerabilities in platforms like Rackspace, Zimbra, and MOVEit contribute to the problem.
???? A growing number of ransomware variants adds to the challenge.
???? Key Trends to Watch
???? Lockbit reigns as the top ransomware variant in 2023.
⚙️ Cl0p ransomware, linked to the MOVEit breach, gains significant impact.
???? Financial services, insurance, and IT sectors are prime targets globally and in the UK.
???? Organizations in these sectors face data theft and extortion attempts.
???? BlackCat (ALPHV) and Cl0P emerge as top ransomware groups in 2023 targeting UK organizations with substantial bank assets.
???? Summary
???? Ransomware attacks continue to escalate, evolving with more personal and impactful methods.
????️ Organizations must enhance their cyber extortion response strategies to stay ahead of attackers. ????
Join Discord
I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.
The group is very active and everyone in this private discord group is very chatty and helpful.
Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.
If you are interested in joining the group you can through the link below.
imgflip.com
A critical zero-day vulnerability in Atlas VPN’s Linux client can reveal a user’s real IP address by simply visiting a website! ????
???? The Issue
The flaw affects the Linux client of Atlas VPN, version 1.0.3. It allows websites to disconnect the VPN session and expose the user’s actual IP address. A PoC exploit was shared on Reddit, confirming the risk.
???? Why It Matters
This privacy breach exposes a user’s approximate location and true IP address, defeating the purpose of a VPN. CORS protections are bypassed by using form submissions, making this attack possible. Atlas VPN responded after public disclosure, promising a fix for Linux users.
???? Immediate Precautions
Users of the affected version (1.0.3) are advised to take precautions and consider alternative VPN solutions until the patch is released. Atlas VPN commits to resolving the issue promptly and enhancing security checks.
Stay secure and watch for updates from Atlas VPN! ????????
????️ Extra, Extra! Read all about it! ????️
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
✈️ ViaTravelers: Get exclusive travel tips, news, and insider deals right in your inbox.
???? Leadership in Tech: A weekly newsletter for CTOs, engineering managers and senior engineers to become better leaders.
???? Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.
Let us know what you think!
Highgate Wood School Delayed ????
In a concerning development, Highgate Wood School in London has fallen victim to a cyberattack, causing a six-day delay in the start of the new term. And boy, what fantastic weather for it! Lol, sorry. Cyberattacks = bad. The breach disrupted their systems, but the school is working diligently with cybersecurity experts to restore normalcy. ????️
???? Data Security Remains Strong
Highgate Wood School assures that data security remains intact despite the attack. The investigation gives confidence that employee and pupil data has not been compromised. The school deeply apologizes for any inconvenience and appreciates the patience and understanding of parents. ????
???? Debenham High School
Debenham High School in Suffolk faced a similar cyberattack, resulting in the loss of access to its systems. However, the school is actively working to restore functionality before the new term begins. ????
???????? Cybersecurity in Education (or lack thereof ????)
These incidents shed light on the pressing need for enhanced cybersecurity measures in educational institutions. The education sector remains vulnerable to cyber threats, emphasizing the importance of proactive protections. Experts stress the urgency of fortifying defenses to safeguard students and staff.
Catch you on Monday, cyber-squad! Peace and love ✌️ And stay in school, kids. Well, stay out until they tell you to come back. But, you know, after that. ????????
So long and thanks for reading all the phish!