Feb 14 2025
Welcome to Gone Phishing, your weekly cybersecurity newsletter that’s the Trump and Elon to cybercrime’s #USAID 👀🍿☕
Patch of the Week! 🩹
First thing’s first, folks. Our weekly segment goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it… 😳
Congrats to Cisco, the cybercriminals are no match… for your patch! 🩹
Check out this freshly hatched patch 🐣
🚨 Cisco ISE Critical Flaws – Patch Now! 🔧
Cisco has released updates for Identity Services Engine (ISE) to fix two critical security flaws that could allow remote attackers to execute commands and elevate privileges. 🚨
⚡ Key Vulnerabilities:
1️⃣ CVE-2025-20124 (CVSS 9.9) – Insecure Java Deserialization
Authenticated attackers can send crafted serialized objects to execute arbitrary commands as root.
2️⃣ CVE-2025-20125 (CVSS 9.1) – Authorization Bypass
Attackers with read-only credentials can access sensitive data, change configurations, and restart nodes.
🔧 No Workarounds – Immediate Action Required!
✅ Update Cisco ISE to patched versions:
3.1 → Update to 3.1P10
3.2 → Update to 3.2P7
3.3 → Update to 3.3P4
3.4 is NOT vulnerable
🔍 No known exploits yet, but staying updated is key to security! 🛡️
Now, on to this week’s hottest cybersecurity news stories:
🐀 ValleyRAT malware distributed via fake Google Chrome sites 🎭
💸 Ransomware takings down 34.92% in 2024 compared to 2023 🥳
🐈 SparkCat malware’s got its claws on crypto wallet recovery phrases 👛Major hackdown 👀 on cybercrime forums 💬
🎭 ValleyRAT Hidden in Bogus Installers! Cybercriminals are using fake Google Chrome websites to trick users into downloading malware! 🎭💀 The attack delivers ValleyRAT, a dangerous remote access trojan (RAT) targeting Chinese-speaking users. 🇨🇳👀
🔍 Who’s Behind It?
The Silver Fox hacking group has been targeting finance, accounting, & sales professionals 📊💰—people with access to sensitive data!
🦠 How the Attack Works
1️⃣ User searches for Chrome 🔎
2️⃣ Fake site appears 📢
3️⃣ ZIP archive downloads 📁
4️⃣ "Setup.exe" runs ValleyRAT 💻🐀
The installer checks for admin privileges before downloading more malicious payloads, including a hijacked Douyin (Chinese TikTok) executable. 🎬📂
🛠️ What Can ValleyRAT Do?
🔹 Steal sensitive data 📊
🔹 Log keystrokes ⌨️
🔹 Monitor screens 📸
🔹 Download & execute more malware
🏴☠️ Tied to Bigger Attacks!
⚠️ The same fake Chrome tactic has been used to spread Gh0st RAT in the past.
⚠️ Attackers exploit DLL hijacking to sneak malware into trusted apps.
⚠️ Drive-by downloads push these fake installers onto unsuspecting users.
🔐 Stay Safe!
✅ Only download Chrome from Google’s official site 🌍
✅ Avoid unknown ZIP/exe files 🚫
✅ Keep security software updated 🔄🛡️
Hackers are using trusted software as bait—don’t fall for it! 🚫🎣
Welcome to Morning Brew—the free newsletter designed to keep you in the know on the business news impacting your career, company, and life—in a way you didn’t know you needed.
Note: this isn’t traditional business news. Morning Brew’s approach cuts through the noise and bore of classic business media, opting for short writeups, witty jokes, and above all—presenting the facts.
Save time, actually enjoy business news, and join over 4 million professionals reading daily.
📉 Less Money, More Attacks! Cybercriminals raked in $813.5M from ransomware in 2024, a drop from $1.25B in 2023. But the number of attacks hit 5,263, a 15% increase YoY! 📈💻
🔎 What’s Changing?
🔹 More victims, fewer payments—Companies are refusing to pay! ❌💸
🔹 Big gangs collapsed (LockBit, BlackCat), leading to smaller groups & lower ransoms 🎭
🔹 Average ransom jumped to $553,959 💰 but median fell 45% to $110,890 📉
🚀 Who’s Behind It?
Top ransomware variants in 2024:
🦠 Akira & Fog (22% combined)
🦠 RansomHub, Medusa, BlackSuit, BianLian, Black Basta 👀
🦠 Newcomers: HellCat, Cloak, NotLockBit, Windows Locker 🆕
⚠️ HellCat uses psychological tactics to humiliate & pressure victims into paying!
🌎 Who’s Most at Risk?
🏭 Industrials were hit hardest (27% of attacks) 🏢
🌍 North America faced 55% of all incidents
🔐 How Are Hackers Getting In?
🚪 VPN vulnerabilities = main entry point 🔓
💰 Akira & Fog use identical money laundering techniques—likely connected!
🛡️ Protect Yourself!
✅ Secure your VPNs & update systems 🔄
✅ Backup critical data 💾
✅ Report & resist ransom demands 🚫
Ransomware is evolving—stay ahead before you're the next target! 🚨
Be the smartest person in the room by reading 1440! Dive into 1440, where 4 million Americans find their daily, fact-based news fix. We navigate through 100+ sources to deliver a comprehensive roundup from every corner of the internet – politics, global events, business, and culture, all in a quick, 5-minute newsletter. It's completely free and devoid of bias or political influence, ensuring you get the facts straight. Subscribe to 1440 today.
🔥 Malicious Apps on Apple & Google Stores! Cybercriminals behind SparkCat have deployed fake AI, food delivery, and Web3 apps to steal crypto wallet recovery phrases from victims' photos! 📸💸
✅ Targets both iOS & Android
✅ Uses Optical Character Recognition (OCR) to scan images
✅ Over 242,000 downloads on Google Play! 😱
🕵️♂️ How It Works
⚠️ OCR scans images in your gallery for wallet seed phrases
⚠️ Stolen data sent to a command-and-control (C2) server
⚠️ Uses Rust-based communication for stealth (rare in mobile malware!)
🛑 No obvious malicious signs—Permissions seem harmless at first!
🌍 Who’s Affected?
🔹 Primarily targets users in Europe & Asia
🔹 Likely the work of Chinese-speaking threat actors
🔐 How to Stay Safe
✅ Avoid unknown AI/Web3 apps
✅ Check developer authenticity & reviews 🔎
✅ Revoke unnecessary photo access 📵
✅ Use hardware wallets for crypto security 🔒
⚠️ Even official app stores aren’t 100% safe—always double-check before downloading! 🚨
🗞️ Extra, Extra! Read all about it! 🗞️
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
🛡️ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday 📅
💵Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for 🆓
📈Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future 👾
Let us know what you think.
So long and thanks for reading all the phish!
