🚨 Cyberattack on Seattle airport

Aug 31 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s trying its damndest not to laugh about the Mbapp-hack… However, Manchester is RED and Tottenham are s*** 🙊🙈🙉 JK

Patch of the Week! 🩹

First thing’s first, folks. Our weekly segment goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it… 😳 

Congrats to Windows, the cybercriminals are no match… for your (soon to be released 🙈) patch! 🩹

Check out this freshly hatched patch 🐣

First thing’s first, folks. Our weekly segment goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it… 😳

Congrats to Apache, the cybercriminals are no match… for your patch! 🩹

Check out this freshly hatched patch 🐣

Apached 🙃

🚨 Critical Apache OFBiz Flaw Actively Exploited! 🚁

CISA has added a critical vulnerability (CVE-2024-38856) in the Apache OFBiz ERP system to its Known Exploited Vulnerabilities (KEV) catalogue due to active exploitation in the wild! 🛡️ This flaw, with a CVSS score of 9.8, allows remote code execution through a Groovy payload by unauthenticated attackers. 🖥️💥

The vulnerability, initially described as a patch bypass for CVE-2024-36104, exposes critical endpoints via crafted requests, leading to remote code execution. 🔓⚠️ Proof-of-concept exploits are already available, signalling significant attacker interest in these flaws. 🚨

CISA previously flagged another Apache OFBiz flaw (CVE-2024-32113) linked to Mirai botnet attacks. Organisations are urged to update to version 18.12.15 to stay protected! 🔒 FCEB agencies must apply the updates by September 17, 2024. Don’t delay—secure your systems now! 🚀🔧✨

Now, on to this week’s hottest cybersecurity news stories: 

  • ✈️ Cyberattack on Seattle airport’s website causes mass delays ⌛

  • ⚽ Mbapp-hack own goal promotes $460M crypto scam on X 💸

  • 📱 NGate Android malware NFC data to clone contactless cards 💳

Hackers are sleepless in Seattle ✈️

🚨✈️ Tech Trouble Hits Seattle Airport! 🖥️

Major Delays at SeaTac Seattle-Tacoma International Airport, America’s 11th-busiest, faced severe delays over the weekend due to a suspected cyberattack that disrupted several computer systems. 🛫❌

🕵️‍♂️ Possible Cyberattack?

On Saturday, the Port of Seattle reported system outages hinting at a potential cyber intrusion. Critical systems were isolated, and efforts to restore full service are ongoing. No timeline for resolution has been given yet. ⏳🔧

📉 Flight Delays Galore

The disruption caused chaos for travellers, with 53% of departing flights and 46% of arrivals delayed on Saturday. The trouble continued into Sunday, with delays affecting 36% of outgoing and 30% of incoming flights. Travellers were advised to arrive earlier than usual as phone and baggage-check systems struggled to function. ⌛🛄

💻 Website Woes

Though flights began returning to schedule by Monday morning, the airport's website remained down. Authorities have not provided an estimate for when full services will be restored. 📵🌐

🛡️ Stay Prepared!

If you’re flying through SeaTac, plan for extra time and stay updated on the latest flight information as recovery efforts continue. Safe travels! 🚀🛫

Work With Daymond? For FREE →

BREAKING NEWS: 5 days of FREE value from Russell Brunson, Daymond John, and 20+ other elite entrepreneurs!

We’re hosting a virtual 5-day challenge called, Your First Funnel Challenge!

In the challenge, we’ll walk you through step-by-step on how to launch your business idea into the world with a funnel!

⏰ But hurry! Seats are filling up fast and this is a closed-door event.

Save your seat

Mhacké 💀

🚨⚽️ Mbappé X Account Hack Costs Traders Millions! 💸🔒

High-Profile Hack and Scam Alert Soccer star Kylian Mbappé's X account was hacked on August 29, leading to chaos both online and in the crypto market. Alongside a series of bizarre posts slamming Lionel Messi and insulting Tottenham, the hacker promoted a fake cryptocurrency token named $MBAPPE, falsely promising to “double” any tokens sent to a specific address. 🤑📉

💥 Bizarre Posts Spark Confusion

Hackers used Mbappé's account to post strange messages, including insults towards Lionel Messi, claims about joining Manchester United on a free transfer in 2028, and derogatory comments about Tottenham. These posts were quickly deleted, but not before causing a stir among fans and followers. 🤯🚫

💰 Huge Crypto Losses

The scam caused the market cap of the fraudulent MBAPPE token to skyrocket to $460 million, before crashing to less than $100,000. One trader lost over $1 million in Solana tokens in just an hour after buying into the scam, highlighting the dangers of celebrity-related crypto schemes. 😱❌

🕵️‍♂️ Onchain Insights

Onchain intelligence firm Lookonchain reported that a trader spent 7,156 Solana ($1.03M) on the fake token, which is now worth only $9.2K. This event adds to a growing list of celebrity-related crypto scams, including the collapse of TrumpCoin earlier this year. 📉⚠️

🚨 Warnings Issued

Crypto.com and other major crypto firms have warned traders not to fall for the fake Mbappé token, emphasising the importance of caution in the volatile crypto market. 🛡️🚫

📈 Not Everyone Lost

While many suffered significant losses, some savvy traders made quick profits. One trader turned $28 into $124,000 by cashing out just before the token’s price collapse. It’s a reminder of the high risks—and occasional rewards—in the world of crypto scams. 💸💥

🔑 Stay Safe!

Always double-check endorsements and be wary of “too good to be true” offers, especially on social media. Protect your investments, and listen to the latest updates on "It's All Kicking Off!" with new episodes every Monday and Thursday. 🌐🔒

Hopefully updates will soon Ngate the issue 👀

🚨📱 New Android Malware Steals Your Payment Info! 💳💥

Meet NGate(or don’t! 💀): A New Threat Cybersecurity researchers have uncovered NGate, a dangerous Android malware that steals contactless payment data from victims’ credit and debit cards and relays it to an attacker’s device for fraudulent activities. The malware, tracked by Slovak cybersecurity firm ESET, targets financial institutions in Czechia and has been linked to three banks in the region. 🚨💳📉

🛠️ How NGate Works

NGate operates through malicious apps installed on Android devices, which relay NFC data from victims' payment cards to an attacker-controlled device that can then emulate the original card and withdraw money from ATMs. The malware abuses a legitimate tool called NFCGate, initially developed for security research by students at TU Darmstadt in 2015. 📲🚨

🔍 Attack Tactics

The attack relies heavily on social engineering, using SMS phishing and fake domains that mimic legitimate banking sites or apps. Victims are tricked into installing malicious progressive web apps (PWAs) or WebAPKs, which then prompt them to enter sensitive information like their banking ID, date of birth, and PIN code. The app even instructs users to enable NFC and scan their card to capture the payment data. 📧⚠️

📞 Phishing and Fake Calls

After installation, the attackers further exploit victims by posing as bank employees in phone calls, claiming their accounts have been compromised. They instruct victims to change their PIN and validate their banking card through NGate, again sent via SMS links. These apps were not found on the Google Play Store, and Google confirmed that its Play Protect system guards against known versions of NGate. ☎️🔒

🚔 Crackdown and Arrests

Six NGate apps were identified between November 2023 and March 2024. The campaign likely ceased after Czech authorities arrested a 22-year-old linked to ATM fund thefts. Despite the arrest, the sophisticated techniques of NGate highlight the evolving threats in mobile banking fraud. 🚨👮‍♂️

🌐 NGate's Infrastructure

The malware uses two servers: one for phishing to collect sensitive information and initiate NFC relay attacks, and another for redirecting NFC traffic to the attacker’s device. This operation shows the complexity and organised nature of NGate’s fraud tactics. 🖥️📡

⚠️ Stay Alert!

This discovery comes alongside another new threat: a variant of the Copybara banking trojan that uses voice phishing (vishing) to steal bank credentials. Both NGate and Copybara exploit Android’s accessibility services to exert control over infected devices, demonstrating the need for vigilance when installing apps and sharing sensitive information. 🛡️📱

Stay informed, and always verify the legitimacy of apps before installation! 🚫📲

🗞️ Extra, Extra! Read all about it! 🗞️

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • 🛡️ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday 📅

  • 💵Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for 🆓

  • 📈Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future 👾

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles