May 13 2024
Welcome to Gone Phishing, your daily cybersecurity newsletter that always brings the tackle π£
Todayβs hottest cybersecurity news stories:
π Google Ads hide FIN7βs NetSupport RAT π
β οΈ Update Google Chrome to patch new flaw π©Ή
π± Android apps masquerade as Instagram, WhatsApp π
The Menace Strikes Again! π₯π The notorious FIN7 strikes with ruthless precision, deploying devious Google ads to ensnare unsuspecting victims in a web of cyber deceit. Spoofing reputable brands, these ads serve as Trojan horses, concealing a sinister payload poised to wreak havoc. ππ₯
Brand Impersonation Unveiled! ππ₯
With cunning finesse, FIN7 impersonates esteemed brands like AnyDesk, WinSCP, and Google Meet, leading users down a treacherous path of deception. Behind the veil of legitimacy lurks a malicious plot, orchestrated to infiltrate and compromise with ruthless efficiency. π΅οΈββοΈπ
The Malware Arsenal Unleashed! βοΈπ‘οΈ
Armed with a formidable arsenal of custom malware, including DICELOADER and NetSupport RAT, FIN7 strikes fear into the heart of cybersecurity. Leveraging spear-phishing and malvertising tactics, the threat actor orchestrates a relentless assault, sparing no expense in its pursuit of chaos. π£π
A Call to Vigilance! π£π‘οΈ
In the face of this escalating threat, vigilance is paramount. Organisations must remain steadfast in fortifying their defences against FIN7's insidious incursions. Through proactive measures and unwavering diligence, we can stem the tide of cyber tyranny and safeguard our digital frontier. π‘οΈπ»
Stay Alert, Stay Secure! π¨π
Together, let us stand united against the scourge of cybercrime, resolute in our determination to protect what matters most. With steadfast resolve and collective vigilance, we can thwart FIN7's malicious designs and emerge stronger, fortified against the perils of the digital realm. πͺπ
Emergency Security Update Released! π‘οΈπ Google sounds the alarm as a zero-day flaw in Chrome wreaks havoc in the wild! Tracked as CVE-2024-4671, this high-severity vulnerability spells danger, posing a serious risk of exploitation by cyber adversaries. π΅οΈββοΈπ
Use-After-Free Vulnerability Unveiled! π«π₯
A sinister case of use-after-free in the Visuals component lies at the heart of this security debacle. Unleashed by an anonymous researcher, this flaw leaves Chrome users vulnerable to a spectrum of threats, from system crashes to arbitrary code execution. π±π£
Real-World Exploitation Confirmed! ππ
Google confirms the chilling reality: CVE-2024-4671 is no mere theoretical concernβit's actively being exploited in the wild. The specifics of these attacks remain shrouded in mystery, underscoring the urgency of swift action to mitigate the threat. π¨π
A Call to Action! π’π‘οΈ
Heed Google's call to arms: Update to Chrome version 124.0.6367.201/.202 for Windows and macOS, or version 124.0.6367.201 for Linux without delay. By fortifying your browser defences, you thwart the ambitions of cyber malefactors and safeguard your digital realm. πͺπ
Vigilance Across the Board! ππ
Chromium-based browser users, including Microsoft Edge, Brave, Opera, and Vivaldi, must remain vigilant. Stay abreast of security updates and apply patches promptly to fortify your defences against emerging threats. Together, we can stem the tide of cyber adversity and emerge stronger. π‘οΈπ
This tiny company has all but cemented itself in the future list of bitcoin mining giants.
An industry shakeup of environmental regulations could spell catastrophe for others, while this company begins to soar.
The underlying factors?
Cheap production and carbon neutral mining.
But thatβs just the start of it.
Urgent Warning Issued by SonicWall Capture Labs! π‘οΈπ Beware! Malicious Android apps are on the prowl, disguised as trusted brands like Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter), seeking to pilfer your credentials and compromise your device's security. π±π
Deceptive Tactics Unveiled! π΅οΈββοΈπ
These nefarious apps employ famous Android app icons to deceive unsuspecting users into installing them on their devices, perpetrating a sinister scheme of data theft and malware deployment. ππ₯
Sinister Capabilities Unleashed! π£π²
Granting permissions to accessibility services and the device administrator API grants the rogue app unfettered control over your device, paving the way for a slew of malicious activities, including accessing sensitive data, sending SMS messages, and even toggling the camera flashlightβall without your knowledge or consent. π«π
Phishing URLs Pose Grave Threat! π£π
Beware of phishing URLs masquerading as login pages of renowned services like Facebook, GitHub, LinkedIn, Netflix, PayPal, and more! Stay vigilant and avoid falling victim to these crafty ploys designed to lure you into surrendering your credentials unwittingly. π¨π
Rising Tide of Android Malware! ππ²
This alarming development follows a slew of Android malware campaigns, including social engineering tactics via WhatsApp and smishing messages aimed at stealing banking data. Exercise caution and fortify your defences against the evolving threat landscape. πͺπ
Stay Protected, Stay Vigilant! π‘οΈπ
Remain vigilant and ensure your devices are shielded from malicious apps. Keep your software up to date and exercise caution while downloading apps or clicking on suspicious links. By staying informed and proactive, we can thwart the advances of cyber adversaries and safeguard our digital lives. ππ
ποΈ Extra, Extra! Read all about it! ποΈ
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
π‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday π
π΅Β Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for π
πΒ Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πΎ
Let us know what you think.
So long and thanks for reading all the phish!