Oct 17 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that has cybercriminals quaking in their cyber-boots 👢😂
🚲 Decathlon Hack! 8k employees’ personal info leaked on dark web 👥
🕵️ SkyNote is an Android trojan that could be recording your calls 👀
📁 Recent WinRAR vulnerability targeted by pro-Russian hackers 👨💻
😱 A concerning data breach has resurfaced, impacting around 8,000 global employees of Decathlon, a popular sporting goods retailer. The breach, initially reported two years ago, has now seen the exposed data shared on the dark web, according to vpnMentor.
🕵️ The breach was discovered by vpnMentor’s research team in a forum post on September 7, 2023. A 61-MB database allegedly linked to Decathlon was uploaded by a forum user, containing personally identifiable information (PII) of the employees.
📦 The exposed data included sensitive information such as full names, usernames, phone numbers, email addresses, residency details, authentication tokens, and even photographs.
💼 Additionally, the breach also extended to Bluenove, a technology and consulting firm, as confirmed by Bluenove. Duplicate copies of the database were found circulating on darknet forums.
🧐 Further examination revealed that the stolen data closely matched the Decathlon employee data leak reported in 2021, validating the authenticity of the newly shared database.
🚨 Both Decathlon and Bluenove have yet to issue official statements or responses regarding the breach, leaving questions about the extent and impact of the incident unanswered.
🔒 Protect your personal data and stay vigilant in the face of data breaches! 🛡️
Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.
That’s where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:
Remove junk files and malware to free up space and improve performance
Protect your privacy by erasing sensitive data
Optimize your startup settings to speed up boot times
Manage your extensions and apps to keep your Mac or PC running smoothly
Since 2008 MacPaw is trusted by over 30 million users worldwide, and it’s the perfect solution for keeping your Mac or PC safe and secure.
🕵️♂️ SpyNote, a notorious Android banking trojan, is back in the spotlight, and it’s more invasive than ever! Spread through SMS phishing campaigns, this malware lures victims into installing it by clicking on embedded links, according to F-Secure.
🚨 Once on your device, SpyNote requests extensive permissions, including access to your call logs, camera, SMS messages, and external storage. But that’s not all. This trojan excels at hiding from plain sight on your Android home screen and the Recents screen, making it challenging to detect.
📢 F-Secure researcher Amit Tambe explained, “The SpyNote malware app can be launched via an external trigger. Upon receiving the intent, the malware app launches the main activity.”
🎤 What’s alarming is that SpyNote leverages accessibility permissions to record audio, phone calls, log keystrokes, and even capture screenshots using the MediaProjection API.
🛡️ It doesn’t end there; SpyNote employs “diehard services” to resist termination attempts, automatically restarting itself to evade detection. If users try to uninstall it via Settings, the trojan thwarts their efforts by exploiting accessibility APIs.
😰 Ultimately, victims are left with few options, and many resort to a factory reset, losing all their data in the process.
👁️ Stay cautious, and be aware of the threats that persist in the Android ecosystem! 📵
🃏 The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can’t get fooled again.” Good ol’ George Dubya 😂 Let us tell who’s not fooling around though; that’s the Crüe 👀 at Motley Fool. You’d be a fool (alright, enough already! 🙈) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! 🐛 Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets 🤑 (LINK)
🚵 Wander: Find your happy place. Cue Happy Gilmore flashback 🏌️⛳🌈🕊️ Mmmm Happy Place… 😇 So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)
🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ⚾👻🍿 (Great movie, to be fair 🙈). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty 😑). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho 😉 And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)
👾 Pro-Russian hacking groups have pounced on a recently disclosed security vulnerability in the WinRAR archiving tool, using it in a phishing campaign to steal credentials from compromised systems.
🔍 Cluster25 reported that the attack makes use of malicious archive files exploiting the vulnerability known as CVE-2023-38831, affecting WinRAR versions before 6.23.
📥 These archives contain deceptive PDF files. When clicked, they trigger a Windows Batch script, initiating PowerShell commands to open a reverse shell, granting remote access to the attacker.
💻 The attackers also employ a PowerShell script to steal data, including login credentials, from Google Chrome and Microsoft Edge browsers. The stolen information is sent via a legitimate web service webhook[.]site.
🚨 CVE-2023-38831 is a high-severity flaw in WinRAR, allowing attackers to execute code when trying to view a seemingly harmless file within a ZIP archive.
🌐 In related news, Russian APT29’s phishing operations have intensified, targeting diplomatic entities and putting a focus on Ukraine. They’ve adopted new tactics and infrastructure to hinder forensic analysis.
🛡️ Ukrainian agencies have also reported Kremlin-backed threat actors targeting law enforcement to collect information about Ukrainian investigations into war crimes committed by Russian soldiers.
🌪️ Stay vigilant in the ever-evolving landscape of cybersecurity! 🌐🛡️
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
💊 HealthHack: Tech is making it easier than ever to reach your fitness goals, from wearable devices to nutrition apps, this newsletter does the research for you, get all the latest health tech gadgets delivered to your inbox.
₿ Crypto Nutshell: A well written and beautifully designed newsletter giving you the lowdown on crypto and web3, highly recommend if interested to get up to date info on the crypto/web3 market.
🧠 Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.
Let us know what you think!
So long and thanks for reading all the phish!