๐ŸŒ Dark Web Bust: Kingdom Market Shutdown! ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ”’

Dec 22 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that wishes you a very Merry (and cybersecure! ๐Ÿ›ก๏ธ) Christmas ๐ŸŽ…๐ŸŽ„โ˜ƒ๏ธ

Itโ€™s Friday, folks, which can only mean one thingโ€ฆ Itโ€™s time for our weekly segment!

It goes by many names. Patch of the Week, Tweak of the week. Okay, thatโ€™s it.

Congrats, the cybercriminals are no matchโ€ฆ for your patch! ๐Ÿฉน๐Ÿฉน๐Ÿฉน

Check out these freshly hatched patches ๐Ÿฃ๐Ÿฃ๐Ÿฃ

Hackers: thereโ€™s no place like Chrome ๐Ÿ’€๐Ÿ’€๐Ÿ’€

๐ŸŒŸ Chrome Security Update Alert! ๐Ÿš€๐Ÿ”’

Ho-Ho-Hold up! ๐ŸŽ…๐ŸŽ„ Google has just unwrapped a festive gift ๐ŸŽ in the form of security updates for Chrome! ๐ŸŒ๐Ÿ›ก๏ธ They've patched a sneaky high-severity zero-day flaw (CVE-2023-7024) that mischievous cyber grinches exploited in the wild! ๐Ÿ˜ฑ๐Ÿ‘พ

Discovered by the vigilant Clรฉment Lecigne and Vlad Stolyarov of Google's Threat Analysis Group on December 19, 2023, this flaw is a heap-based buffer overflow bug in the WebRTC framework, capable of causing program crashes or even executing arbitrary code! ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ’ป

๐ŸŒ๐ŸฆŠ๐Ÿ Not just a Chrome problem โ€“ since WebRTC is also in Mozilla Firefox and Apple Safari, we're not sure if other browsers are on the naughty list. ๐Ÿค”๐Ÿšซ

This marks the eighth zero-day Chrome fix this year, and with a total of 26,447 vulnerabilities disclosed in 2023 (over 1,500 more than last year), it's been quite a rollercoaster! ๐ŸŽข๐Ÿ˜…

But fret not! ๐Ÿค—โœจ To dodge those digital snowballs, make sure your Chrome is sleighing at version 120.0.6099.129/130 (for Windows) or 120.0.6099.129 (for macOS and Linux)! โš™๏ธ๐Ÿšจ

And if you're cruising with Chromium buddies (Microsoft Edge, Brave, Opera, or Vivaldi), buckle up and apply the fixes ASAP! ๐Ÿ› ๏ธ๐Ÿ”ง

Stay jolly and secure, friends! ๐ŸŽ„๐Ÿ”๐ŸŒ

Now, on to todayโ€™s hottest cybersecurity stories:

  • ๐Ÿ‘ฎ German police usurp major malware hub โ€˜Kingdom Marketโ€™ ๐Ÿฐ

  • ๐Ÿ‘จโ€๐Ÿ’ป Hackers spread Agent Tesla malware via MS Excel flaw ๐Ÿ“Š

  • ๐Ÿ–ฅ๏ธ JavaScript malware hits 50k+ users at 40+ banks globally ๐Ÿฆ

Your reign of terror is over ๐Ÿ‘‘๐Ÿ‘Ž๐Ÿ”ฅ

๐Ÿšจ๐ŸŒ Dark Web Bust: Kingdom Market Shutdown! ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ”’

German law enforcement, along with partners from the U.S., Switzerland, Moldova, and Ukraine, have successfully shut down the notorious Kingdom Market on the dark web! ๐Ÿ•ถ๏ธ๐Ÿ’ป

Operating since March 2021 on TOR and I2P networks, Kingdom Market catered to tens of thousands of users, dealing in narcotics, malware, criminal services, and fake documents. ๐Ÿ˜ฑ๐Ÿ’ผ Over 42,000 products were sold through hundreds of accounts, with 3,600 originating from Germany. ๐Ÿ’Š๐Ÿ’ณ

Cryptocurrency transactionsโ€”Bitcoin, Litecoin, Monero, and Zcashโ€”greased the wheels, with the website taking a 3% commission. ๐ŸŒ๐Ÿ’ฐ The suspects are under investigation for running a criminal trading platform and trafficking narcotics, according to the Federal Criminal Police Office (BKA). ๐Ÿš”๐Ÿ•ต๏ธโ€โ™€๏ธ

But that's not all! ๐Ÿ‘€ In the U.S., Alan Bill (aka Vend0r and KingdomOfficial), a Slovakian national, faces charges of identity theft and money laundering in connection with Kingdom Market. ๐Ÿ˜ฌ๐Ÿ’ธ

This victory follows hot on the heels of a joint effort to dismantle BlackCat ransomware's dark web setup, showcasing the power of international collaboration against cybercrime! ๐ŸŒ๐Ÿค Stay vigilant, internet guardians! ๐Ÿ”๐ŸŒ

The best eye and brain candy curated from all corners of the web

No news. No politics. No BS.

Just the good stuff

100% Free

These hackers are really Excelling ๐Ÿ˜ฌ๐Ÿ™ˆ๐Ÿ˜

They sure know how to spread their sheet ๐Ÿ’€๐Ÿ’€๐Ÿ’€

๐Ÿšจ๐Ÿ” An Old Microsoft Office Flaw Exploited in Phishing Campaigns! ๐Ÿ“ค๐Ÿ’ป

Heads up, cyber squad! ๐Ÿ›ก๏ธ๐Ÿ‘พ Attackers are reviving an ancient Microsoft Office vulnerability in phishing schemes to unleash the notorious Agent Tesla malware. ๐Ÿ˜ฑ๐Ÿ”“

Zscaler ThreatLabz reveals that hackers are using decoy Excel documents in invoice-themed messages to lure victims. Once opened, the exploit of CVE-2017-11882 (CVSS 7.8) kicks in, triggering a memory corruption vulnerability in Office's Equation Editor, allowing code execution with user privileges. ๐Ÿ“Š๐Ÿšจ

Kaivalya Khursale, a security researcher, explains that the malware ride begins with an obfuscated Visual Basic Script, downloading a sneaky JPG file with a Base64-encoded DLL. The DLL is then injected into RegAsm.exe, launching the final payload. ๐Ÿ˜จ๐Ÿ’ป

Agent Tesla, a .NET-based keylogger and remote access trojan, then harvests sensitive data from the compromised host and sends it to a remote server. ๐Ÿ˜ˆ๐Ÿ•ต๏ธโ€โ™‚๏ธ

Cyber threats evolve, and organisations must stay vigilant! Meanwhile, old flaws like Oracle WebLogic Server's CVE-2020-14883 are also resurfacing, with the 8220 Gang deploying it for cryptocurrency miners. ๐Ÿ”„๐Ÿ’ฐ

Phishing attacks are on the rise ๐ŸŽฃ, targeting hospitality with sneaky emails and even Instagram users through "Copyright Infringement" scams. Stay sharp, cyber superheroes! ๐Ÿฆธโ€โ™‚๏ธ๐ŸŒ

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Theyโ€™re laughing all the way to the bank ๐Ÿ˜ก

๐Ÿšจ๐Ÿ’ป JavaScript Malware Targets 40+ Banks Worldwide! ๐Ÿ’ณ๐ŸŒ

Breaking news from the cyber frontier! ๐Ÿ“ฃ๐Ÿ”’ A new JavaScript malware is on the prowl, aiming to snatch online banking credentials in a global campaign hitting over 40 financial institutions! ๐Ÿ˜ฑ๐Ÿ’ผ

IBM Security Trusteer uncovered the malicious activity, using JavaScript web injections and infecting at least 50,000 user sessions across North America, South America, Europe, and Japan since March 2023. ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐ŸŒŽ

Security researcher Tal Langus warns that the web injection module seeks to compromise banking apps, intercept user credentials, and likely monetize the stolen banking info. The malware alters bank login pages using scripts from a threat-controlled server, with the primary target being a common page structure among various banks. ๐Ÿฆ๐Ÿ”

The script dynamically adapts, querying command-and-control servers and adjusting its flow based on obtained information. If victims visit the altered bank page, the JavaScript harvests credentials and one-time passwords, concealing its true intent. ๐Ÿค๐Ÿ‘พ

IBM reports a sophisticated attempt to dissuade victims from logging in by inserting fake UI elements and claiming online banking services are temporarily unavailable. The malware's origin is unknown, but indicators link it to the DanaBot family. ๐ŸŒ๐Ÿ•ต๏ธโ€โ™€๏ธ

Stay vigilant, friends! Cyber threats are evolving, and these sneaky tactics are becoming more advanced. ๐Ÿ”๐Ÿ”’

And donโ€™t worry, we wonโ€™t leave you hanging! Weโ€™ll be back in your inbox on Monday to wish you a Merry Christmas (again) and keep you safe and secure through to the new year ๐Ÿ“…๐Ÿฅ‚๐ŸŽ‰

๐Ÿ—ž๏ธ Extra, Extra! Read all about it! ๐Ÿ—ž๏ธ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter
  • ๐ŸŒต CACTUS ransomware exploits flaws in Qlik Sense ๐Ÿ’ป

Recent articles