Dec 22 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that wishes you a very Merry (and cybersecure! ๐ก๏ธ) Christmas ๐ ๐โ๏ธ
Itโs Friday, folks, which can only mean one thingโฆ Itโs time for our weekly segment!
It goes by many names. Patch of the Week, Tweak of the week. Okay, thatโs it.
Congrats, the cybercriminals are no matchโฆ for your patch! ๐ฉน๐ฉน๐ฉน
Check out these freshly hatched patches ๐ฃ๐ฃ๐ฃ
๐ Chrome Security Update Alert! ๐๐
Ho-Ho-Hold up! ๐ ๐ Google has just unwrapped a festive gift ๐ in the form of security updates for Chrome! ๐๐ก๏ธ They've patched a sneaky high-severity zero-day flaw (CVE-2023-7024) that mischievous cyber grinches exploited in the wild! ๐ฑ๐พ
Discovered by the vigilant Clรฉment Lecigne and Vlad Stolyarov of Google's Threat Analysis Group on December 19, 2023, this flaw is a heap-based buffer overflow bug in the WebRTC framework, capable of causing program crashes or even executing arbitrary code! ๐ต๏ธโโ๏ธ๐ป
๐๐ฆ๐ Not just a Chrome problem โ since WebRTC is also in Mozilla Firefox and Apple Safari, we're not sure if other browsers are on the naughty list. ๐ค๐ซ
This marks the eighth zero-day Chrome fix this year, and with a total of 26,447 vulnerabilities disclosed in 2023 (over 1,500 more than last year), it's been quite a rollercoaster! ๐ข๐
But fret not! ๐คโจ To dodge those digital snowballs, make sure your Chrome is sleighing at version 120.0.6099.129/130 (for Windows) or 120.0.6099.129 (for macOS and Linux)! โ๏ธ๐จ
And if you're cruising with Chromium buddies (Microsoft Edge, Brave, Opera, or Vivaldi), buckle up and apply the fixes ASAP! ๐ ๏ธ๐ง
Stay jolly and secure, friends! ๐๐๐
Now, on to todayโs hottest cybersecurity stories:
๐ฎ German police usurp major malware hub โKingdom Marketโ ๐ฐ
๐จโ๐ป Hackers spread Agent Tesla malware via MS Excel flaw ๐
๐ฅ๏ธ JavaScript malware hits 50k+ users at 40+ banks globally ๐ฆ
German law enforcement, along with partners from the U.S., Switzerland, Moldova, and Ukraine, have successfully shut down the notorious Kingdom Market on the dark web! ๐ถ๏ธ๐ป
Operating since March 2021 on TOR and I2P networks, Kingdom Market catered to tens of thousands of users, dealing in narcotics, malware, criminal services, and fake documents. ๐ฑ๐ผ Over 42,000 products were sold through hundreds of accounts, with 3,600 originating from Germany. ๐๐ณ
Cryptocurrency transactionsโBitcoin, Litecoin, Monero, and Zcashโgreased the wheels, with the website taking a 3% commission. ๐๐ฐ The suspects are under investigation for running a criminal trading platform and trafficking narcotics, according to the Federal Criminal Police Office (BKA). ๐๐ต๏ธโโ๏ธ
But that's not all! ๐ In the U.S., Alan Bill (aka Vend0r and KingdomOfficial), a Slovakian national, faces charges of identity theft and money laundering in connection with Kingdom Market. ๐ฌ๐ธ
This victory follows hot on the heels of a joint effort to dismantle BlackCat ransomware's dark web setup, showcasing the power of international collaboration against cybercrime! ๐๐ค Stay vigilant, internet guardians! ๐๐
The best eye and brain candy curated from all corners of the web
No news. No politics. No BS.
Just the good stuff
100% Free
Heads up, cyber squad! ๐ก๏ธ๐พ Attackers are reviving an ancient Microsoft Office vulnerability in phishing schemes to unleash the notorious Agent Tesla malware. ๐ฑ๐
Zscaler ThreatLabz reveals that hackers are using decoy Excel documents in invoice-themed messages to lure victims. Once opened, the exploit of CVE-2017-11882 (CVSS 7.8) kicks in, triggering a memory corruption vulnerability in Office's Equation Editor, allowing code execution with user privileges. ๐๐จ
Kaivalya Khursale, a security researcher, explains that the malware ride begins with an obfuscated Visual Basic Script, downloading a sneaky JPG file with a Base64-encoded DLL. The DLL is then injected into RegAsm.exe, launching the final payload. ๐จ๐ป
Agent Tesla, a .NET-based keylogger and remote access trojan, then harvests sensitive data from the compromised host and sends it to a remote server. ๐๐ต๏ธโโ๏ธ
Cyber threats evolve, and organisations must stay vigilant! Meanwhile, old flaws like Oracle WebLogic Server's CVE-2020-14883 are also resurfacing, with the 8220 Gang deploying it for cryptocurrency miners. ๐๐ฐ
Phishing attacks are on the rise ๐ฃ, targeting hospitality with sneaky emails and even Instagram users through "Copyright Infringement" scams. Stay sharp, cyber superheroes! ๐ฆธโโ๏ธ๐
Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.
Breaking news from the cyber frontier! ๐ฃ๐ A new JavaScript malware is on the prowl, aiming to snatch online banking credentials in a global campaign hitting over 40 financial institutions! ๐ฑ๐ผ
IBM Security Trusteer uncovered the malicious activity, using JavaScript web injections and infecting at least 50,000 user sessions across North America, South America, Europe, and Japan since March 2023. ๐ต๏ธโโ๏ธ๐
Security researcher Tal Langus warns that the web injection module seeks to compromise banking apps, intercept user credentials, and likely monetize the stolen banking info. The malware alters bank login pages using scripts from a threat-controlled server, with the primary target being a common page structure among various banks. ๐ฆ๐
The script dynamically adapts, querying command-and-control servers and adjusting its flow based on obtained information. If victims visit the altered bank page, the JavaScript harvests credentials and one-time passwords, concealing its true intent. ๐ค๐พ
IBM reports a sophisticated attempt to dissuade victims from logging in by inserting fake UI elements and claiming online banking services are temporarily unavailable. The malware's origin is unknown, but indicators link it to the DanaBot family. ๐๐ต๏ธโโ๏ธ
Stay vigilant, friends! Cyber threats are evolving, and these sneaky tactics are becoming more advanced. ๐๐
And donโt worry, we wonโt leave you hanging! Weโll be back in your inbox on Monday to wish you a Merry Christmas (again) and keep you safe and secure through to the new year ๐ ๐ฅ๐
๐๏ธ Extra, Extra! Read all about it! ๐๏ธ
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.
Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.
Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)
Let us know what you think.
So long and thanks for reading all the phish!
๐ต CACTUS ransomware exploits flaws in Qlik Sense ๐ป
