Oct 24 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that uncovering more back doors to cyber crime than the FTX had to Alameda 🙈
Today’s hottest cybersecurity news stories:
👨💼 Roll up, roll up. FB and Insta’s police portals for sale! 👀
🤦♂️ I can’t Copacabana! Beware of international Brazilian bankware 🏦
🥩 Philly MAL and cheese! Data breach disclosed after five months 📅
Sup cyber squad? We've got some concerning news about Facebook and Instagram's Police Portal. Cybersecurity guru Alon Gal, the co-founder & CTO of Hudson Rock, has discovered a threat actor selling access to this portal used by law enforcement agencies 🕵️♂️.
🔐 What's the Deal?
This sketchy character is offering access for $700, and it seems they can sell it to more than one interested party. 😱
🤔 How Did This Happen?
Gal suspects that Meta (the company behind Facebook and Instagram) was either tricked into granting access through social engineering, or the threat actor got their hands on a legit law enforcement account's credentials. 🕵️♀️
🔒 What's at Risk?
The potential risks are pretty scary. Access to this portal could lead to unauthorised data requests, harassment, doxxing, fake law enforcement actions, and even identity theft! 😨
🕵️♂️ What Can They Do?
The threat actor can use the portal to make various requests:
Subpoena: Get all the data Meta has on a user, like IP addresses, phone numbers, and more.
Emergency Data Request: Used in life-threatening situations.
Post Removal/Account Suspension: Take down posts or suspend accounts for law violations.
This is a serious privacy and security concern for all of us! Stay vigilant, friends. 😰🔒
Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.
That's where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:
Remove junk files and malware to free up space and improve performance
Protect your privacy by erasing sensitive data
Optimize your startup settings to speed up boot times
Manage your extensions and apps to keep your Mac or PC running smoothly
Since 2008 MacPaw is trusted by over 30 million users worldwide, and it's the perfect solution for keeping your Mac or PC safe and secure.
The Grandoreiro malware, usually focused on Brazil and Mexico, now targets victims in Spain.
Threat actors have increased their activity in Spain, raising concern.
The Brazilian cyber threat landscape has grown complex and diverse, with a surge in online users.
Brazilian banking malware, including Grandoreiro, continues to evolve with new capabilities.
Recent campaigns show Grandoreiro now targets banks in both Spain and Mexico simultaneously.
TA2725, a persistent threat actor, is behind these activities, expanding beyond Brazil and Mexico.
Threat actors are using popular cloud hosting providers for their malicious activities.
Grandoreiro malware, previously confined to Brazil and Mexico, has expanded its reach to Spain. Researchers have noticed a surge in threat actors targeting Spain, with a focus on Portuguese and Spanish speakers in Brazil, Mexico, and other parts of the Americas. Brazil's online population growth has made it a prime target for information theft and malware attacks, especially in the online banking sector.
🦠 Brazilian Banking Malware:
Grandoreiro, a descendant of Delphi-based malware, can steal data through keyloggers, screen-grabbers, and bank login overlays. Recent campaigns have revealed it's delivered via email links with various lures, infecting victims with malicious behaviour and connecting to command and control servers.
🌐 Expanding Threat:
Recent developments indicate that Grandoreiro's bank credential stealing overlays now affect banks in both Spain and Mexico simultaneously. Threat actors have broadened their targets, moving beyond the Americas.
TA2725, a known threat actor, uses Brazilian banking malware and phishing to target organisations mainly in Brazil and Mexico. They've expanded their operations to include consumer credentials and payment information for services like Netflix and Amazon.
With the ever-evolving malware landscape and the globalisation of the supply chain, organisations worldwide face an increasing threat from threat actors targeting regions with shared languages. Vigilance and robust cybersecurity measures are crucial in this changing digital landscape. Stay safe! 🛡️🌐
🃏 The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya 😂 Let us tell who’s not fooling around though; that’s the Crüe 👀 at Motley Fool. You’d be a fool (alright, enough already! 🙈) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! 🐛 Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets 🤑 (LINK)
🚵 Wander: Find your happy place. Cue Happy Gilmore flashback 🏌️⛳🌈🕊️ Mmmm Happy Place… 😇 So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)
🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ⚾👻🍿 (Great movie, to be fair 🙈). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty 😑). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho 😉 And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)
The City of Philadelphia is currently investigating a data breach that occurred in May. Attackers "may have gained access" to City email accounts containing personal and protected health information. 😨
🔍 The Investigation:
City officials detected suspicious activity in their email system on May 24. However, the investigation revealed that threat actors may have continued accessing these compromised accounts for at least two more months. On August 22, 2023, it was discovered that these email accounts contained protected health information.
📋 Data Exposed:
The breach exposed a mix of personal and sensitive information, including names, addresses, dates of birth, social security numbers, medical data, and limited financial info. 😟
🔐 What's Next?
An ongoing manual review will determine the extent of the data exposure. The City plans to confirm the identities of affected individuals and provide written notifications.
🛡️ Protect Yourself:
If you're possibly affected, stay vigilant against financial fraud and identity theft. Monitor your credit reports and account statements closely. Report any suspicious activity to your insurance company, healthcare provider, or bank.
🤔 Questions Remain:
City officials have not disclosed how the breach occurred or why it took five months to report. More details are expected in the future.
⚠️ Past Incidents:
This isn't the first time. The City's Department of Behavioral Health and Intellectual Disability Services had a HIPAA breach in 2020 due to a phishing attack. Email accounts were accessed between March and November that year. 😔
Stay informed, stay safe, and keep an eye out for updates on this incident! 🛡️
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.
Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.
Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)
Let us know what you think!
So long and thanks for reading all the phish!