Dec 22 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that wishes you a very Merry (and cybersecure! ????️) Christmas ????????☃️
It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!
It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.
Congrats, the cybercriminals are no match… for your patch! ????????????
Check out these freshly hatched patches ????????????
???? Chrome Security Update Alert! ????????
Ho-Ho-Hold up! ???????? Google has just unwrapped a festive gift ???? in the form of security updates for Chrome! ????????️ They've patched a sneaky high-severity zero-day flaw (CVE-2023-7024) that mischievous cyber grinches exploited in the wild! ????????
Discovered by the vigilant Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group on December 19, 2023, this flaw is a heap-based buffer overflow bug in the WebRTC framework, capable of causing program crashes or even executing arbitrary code! ????️♂️????
???????????? Not just a Chrome problem – since WebRTC is also in Mozilla Firefox and Apple Safari, we're not sure if other browsers are on the naughty list. ????????
This marks the eighth zero-day Chrome fix this year, and with a total of 26,447 vulnerabilities disclosed in 2023 (over 1,500 more than last year), it's been quite a rollercoaster! ????????
But fret not! ????✨ To dodge those digital snowballs, make sure your Chrome is sleighing at version 120.0.6099.129/130 (for Windows) or 120.0.6099.129 (for macOS and Linux)! ⚙️????
And if you're cruising with Chromium buddies (Microsoft Edge, Brave, Opera, or Vivaldi), buckle up and apply the fixes ASAP! ????️????
Stay jolly and secure, friends! ????????????
Now, on to today’s hottest cybersecurity stories:
???? German police usurp major malware hub ‘Kingdom Market’ ????
???????? Hackers spread Agent Tesla malware via MS Excel flaw ????
????️ JavaScript malware hits 50k+ users at 40+ banks globally ????
German law enforcement, along with partners from the U.S., Switzerland, Moldova, and Ukraine, have successfully shut down the notorious Kingdom Market on the dark web! ????️????
Operating since March 2021 on TOR and I2P networks, Kingdom Market catered to tens of thousands of users, dealing in narcotics, malware, criminal services, and fake documents. ???????? Over 42,000 products were sold through hundreds of accounts, with 3,600 originating from Germany. ????????
Cryptocurrency transactions—Bitcoin, Litecoin, Monero, and Zcash—greased the wheels, with the website taking a 3% commission. ???????? The suspects are under investigation for running a criminal trading platform and trafficking narcotics, according to the Federal Criminal Police Office (BKA). ????????️♀️
But that's not all! ???? In the U.S., Alan Bill (aka Vend0r and KingdomOfficial), a Slovakian national, faces charges of identity theft and money laundering in connection with Kingdom Market. ????????
This victory follows hot on the heels of a joint effort to dismantle BlackCat ransomware's dark web setup, showcasing the power of international collaboration against cybercrime! ???????? Stay vigilant, internet guardians! ????????
The best eye and brain candy curated from all corners of the web
No news. No politics. No BS.
Just the good stuff
100% Free
Heads up, cyber squad! ????️???? Attackers are reviving an ancient Microsoft Office vulnerability in phishing schemes to unleash the notorious Agent Tesla malware. ????????
Zscaler ThreatLabz reveals that hackers are using decoy Excel documents in invoice-themed messages to lure victims. Once opened, the exploit of CVE-2017-11882 (CVSS 7.8) kicks in, triggering a memory corruption vulnerability in Office's Equation Editor, allowing code execution with user privileges. ????????
Kaivalya Khursale, a security researcher, explains that the malware ride begins with an obfuscated Visual Basic Script, downloading a sneaky JPG file with a Base64-encoded DLL. The DLL is then injected into RegAsm.exe, launching the final payload. ????????
Agent Tesla, a .NET-based keylogger and remote access trojan, then harvests sensitive data from the compromised host and sends it to a remote server. ????????️♂️
Cyber threats evolve, and organisations must stay vigilant! Meanwhile, old flaws like Oracle WebLogic Server's CVE-2020-14883 are also resurfacing, with the 8220 Gang deploying it for cryptocurrency miners. ????????
Phishing attacks are on the rise ????, targeting hospitality with sneaky emails and even Instagram users through "Copyright Infringement" scams. Stay sharp, cyber superheroes! ????♂️????
Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.
Breaking news from the cyber frontier! ???????? A new JavaScript malware is on the prowl, aiming to snatch online banking credentials in a global campaign hitting over 40 financial institutions! ????????
IBM Security Trusteer uncovered the malicious activity, using JavaScript web injections and infecting at least 50,000 user sessions across North America, South America, Europe, and Japan since March 2023. ????️♂️????
Security researcher Tal Langus warns that the web injection module seeks to compromise banking apps, intercept user credentials, and likely monetize the stolen banking info. The malware alters bank login pages using scripts from a threat-controlled server, with the primary target being a common page structure among various banks. ????????
The script dynamically adapts, querying command-and-control servers and adjusting its flow based on obtained information. If victims visit the altered bank page, the JavaScript harvests credentials and one-time passwords, concealing its true intent. ????????
IBM reports a sophisticated attempt to dissuade victims from logging in by inserting fake UI elements and claiming online banking services are temporarily unavailable. The malware's origin is unknown, but indicators link it to the DanaBot family. ????????️♀️
Stay vigilant, friends! Cyber threats are evolving, and these sneaky tactics are becoming more advanced. ????????
And don’t worry, we won’t leave you hanging! We’ll be back in your inbox on Monday to wish you a Merry Christmas (again) and keep you safe and secure through to the new year ????????????
????️ Extra, Extra! Read all about it! ????️
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.
Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.
Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)
Let us know what you think.
So long and thanks for reading all the phish!
???? CACTUS ransomware exploits flaws in Qlik Sense ????