Mar 18 2024
Welcome to Gone Phishing, your daily cybersecurity newsletter that wants to see a bloodbathβ¦ For the cybercrime industry π #context #Trump #NPCs πππ
Todayβs hottest cybersecurity news stories:
π RisePro info stealer spreads via cracked software on GitHub πΎ
π§ Modern CPUs affected by newly discovered GhostRace flaw π»
π Thereβs no place like Chrome. Introducing real-time URL protection π‘οΈ
Cybersecurity researchers have uncovered a series of GitHub repositories housing cracked software, serving as a platform for the distribution of an information stealer known as RisePro. The campaign, dubbed "gitgub," consisted of 17 repositories associated with 11 different accounts.
πΎ These repositories, which have since been removed, featured a README.md file promising free cracked software. Notably, the threat actors added four green Unicode circles to the README.md file, mimicking the appearance of status indicators and lending an air of legitimacy. Each repository pointed to a download link hosted on "digitalxnetwork[.]com," containing a RAR archive file.
ποΈ This archive, requiring a password mentioned in the repository's README.md file, contained an installer file that unpacked the next-stage payloadβan executable file inflated to 699 MB to thwart analysis tools. The injected RisePro (version 1.6) malware, written in C++, is designed to gather sensitive information from infected hosts and transmit it to two Telegram channels.
π οΈ This method allows threat actors to efficiently extract victims' data. This discovery coincides with Splunk's disclosure of Snake Keylogger's tactics, highlighting the prevalence of stealer malware. Snake Keylogger employs various techniques, including FTP, SMTP, and integration with Telegram, to exfiltrate stolen data in real-time.
π€ Stealer malware like RisePro and Snake Keylogger have become increasingly common, serving as primary vectors for high-impact data breaches. Reports indicate a surge in the use of stealers, with RedLine, Vidar, and Raccoon being among the most prolific, collectively responsible for millions of compromised passwords.
π As cyber threats evolve, the prominence of information-stealing malware underscores the need for robust cybersecurity measures. Threat actors continually adapt, making stealers more accessible and easier to deploy, emphasising the importance of proactive defence strategies. π‘οΈπͺ
Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.
A new data leakage threat, GhostRace (CVE-2024-2193), has been uncovered by researchers affecting modern CPUs with speculative execution support. It's a variation of Spectre v1, combining speculative execution and race conditions.
π Common synchronisation methods using conditional branches can be bypassed, creating Speculative Race Conditions (SRCs), allowing attackers to leak data.
π¬ Discovered by IBM Research Europe and VUSec, GhostRace follows SLAM, another side-channel attack revealed in December 2023.
π‘οΈ Spectre exploits CPU optimizations, letting attackers access privileged data. Though speculative execution boosts performance, errors leave traces attackers can exploit.
π₯ GhostRace stands out as it lets unauthenticated attackers extract data via race conditions, accessing speculative code paths.
π» Mitigation steps include following existing Spectre guidance, with AMD recommending continued measures. Xen hypervisor has introduced hardening patches as a precaution.
π Stay vigilant! Any software relying on conditional branches may be vulnerable. Follow updates from security advisories for protection.
πΒ The Motley Fool: βFool me once, shame on β shame on you. Fool me β you can't get fooled again.β Good olβ George Dubya π Let us tell whoβs not fooling around though; thatβs the CrΓΌe π at Motley Fool. Youβd be a fool (alright, enough already! π) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! π Kidding aside, if you check out their website theyβve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets π€Β (LINK)
π΅Β Wander: Find your happy place. Cue Happy Gilmore flashback ποΈβ³πποΈ Mmmm Happy Placeβ¦ π So, weβve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itβs easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ποΈπΒ (LINK)
πΒ Digital Ocean: If you build it they will come. Nope, weβre not talking about a baseball field for ghosts βΎπ»πΏ (Great movie, to be fair π). This is the Digital Ocean whoβve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youβll find yourself catching the buzz even if you canβt code (guilty π). But if you can and youβre looking for somewhere to test things out or launch something new or simply enhance what youβve got, weβd recommend checking out their services foβ sho π And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! πΏΒ (LINK)
π Google has unveiled an upgraded version of Safe Browsing, ensuring instant, privacy-focused defence against potentially harmful websites.
π "Chrome's desktop and iOS versions now offer Standard protection, checking sites in real-time against Google's list of known malicious sites," stated Jonathan Li and Jasika Bawa from Google.
β οΈ Users receive warnings if a site poses a risk, with this real-time check expected to block 25% more phishing attempts.
π Previously, Chrome used local lists of unsafe sites, updated every 30-60 mins. Now, real-time checks occur to combat the rapid growth of harmful sites, with 60% of phishing domains lasting less than 10 mins.
π‘ With the new system, every website visit undergoes checks against global and local caches, with URLs obfuscated into hashed prefixes for privacy.
π Safe Browsing servers decrypt and match these prefixes, issuing warnings if a match is found.
π Crucially, Google employs an Oblivious HTTP (OHTTP) relay to ensure user privacy, preventing correlation between URL checks and browsing history.
π Your browsing activity remains private, with no single party having access to both your identity and hashed prefixes.
π» Stay protected while browsing with Google's enhanced Safe Browsing! Thanks for reading, cyber squad. Catch you on the flipside π
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
π‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday π
π΅Β Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for π
πΒ Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πΎ
Let us know what you think!
So long and thanks for reading all the phish!