Give me your clothes, boots, and credit card details 🤖

Nov 15 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that wishes all of you a Happy Halloween!! And don’t forget to keep an eye on your Zombie Processes, Ghost Protocols, and Attack Vectors 🎃👻🍬🦇💀🧡

Patch of the Week! 🩹

First thing’s first, folks. Our weekly segment goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it… 😳 

Congrats to Citrix, the cybercriminals are no match… for your patch! 🩹

Check out this freshly hatched patch 🐣

Call it a Cit-fix 👨‍🔧

🚨 Patch Alert! Citrix Virtual Apps & Desktop RCE Vulnerability Resolved

Citrix has patched critical vulnerabilities in its Session Recording component for Citrix Virtual Apps & Desktop, previously exploitable for unauthenticated remote code execution (RCE). ⚙️🚀

Rooted in a Microsoft Message Queuing (MSMQ) instance with insecure permissions and use of BinaryFormatter for data deserialization, this flaw could allow attackers to gain RCE access. However, successful exploitation required an attacker to be an authenticated user in the same Windows Active Directory domain as the session server and on the same intranet.

The flaws are addressed in Citrix versions 2407, 1912 LTSR CU9, 2203 LTSR CU5, and 2402 LTSR CU1 with hotfixes available. 🔒 Microsoft has also cautioned against using BinaryFormatter due to deserialization risks, underscoring best practices to prevent RCE and information disclosure attacks. ✨

Now, on to this week’s hottest cybersecurity news stories: 

  • 👮 FBI: hackers impersonate police to steal info from tech giants 🌐

  • 🍁 Canadians announce arrest of hacker behind Snowflake hack ❄️

  • 👨🏻‍💻 Hackers use Excel to spread(sheet 😏) Remcos RAT Malware 👾

Give me your clothes, boots, and credit card details 🤖

🚨 FBI Alert: Hackers Exploiting "Emergency" Data Requests 💾

The FBI has warned that cybercriminals are using hacked government and police email accounts to submit fake emergency data requests to U.S. tech companies, tricking them into sharing private user info like 📧 emails, 📱 phone numbers, and usernames.

How it Works ⚠️

Using compromised accounts, hackers pose as law enforcement in urgent situations (like claims of human trafficking or life-threatening danger) to bypass standard legal checks and get user data fast. Some major companies targeted include Apple, Meta, Google, Snap, and Discord.

What’s Happening 🔍

Fraudulent requests began around 2021 but surged in 2023-24. Data obtained in these schemes has been misused for doxing, harassment, and financial fraud. These attacks were notably carried out by Recursion Team and Lapsus$, known for hacking large companies.

FBI’s Recommendations 🛡️

The FBI advises agencies to tighten security with strong passwords and multi-factor authentication. Tech companies should be extra cautious with emergency data requests to ensure the safety of user data.

🔒 Keep your info secure and stay vigilant!

5 Steps to a Robust Unstructured Data Strategy

The typical company houses about 24.8 million sensitive files.

Our Solving The Unstructured Data Challenge eBook can show you:

– 5 steps to build a robust unstructured data protection strategy
– How to protect petabytes of data without disrupting performance

Hacker caught in a blizzard of his own making ❄️

🚨 Arrest Made in Snowflake Hacks! 🚔

Canadian authorities have arrested Alexander “Connor” Moucka, believed to be the hacker behind the breach affecting up to 165 Snowflake customers. The arrest took place on October 30, based on a U.S. provisional warrant. Moucka is set to appear in court Tuesday. ⚖️

Details on the Breach 🔍

The hacks targeted major companies like AT&T, Live Nation, and Advance Auto Parts, where stolen login credentials were used to access accounts lacking multi-factor authentication. Hackers allegedly threatened to sell stolen data on criminal forums unless a $20 million ransom was paid. Millions of individuals’ personal data was compromised, including texts, call data, and other personal information.

U.S. Involvement & Next Steps 🦅

Canadian authorities have confirmed the arrest but declined further details due to confidential extradition processes. Both the FBI and U.S. Justice Department declined to comment, as the investigation is ongoing.

Stay tuned as the legal process unfolds and more details emerge! 🔒

Learn AI in 5 Minutes a Day

AI Tool Report is one of the fastest-growing and most respected newsletters in the world, with over 550,000 readers from companies like OpenAI, Nvidia, Meta, Microsoft, and more.

Our research team spends hundreds of hours a week summarizing the latest news, and finding you the best opportunities to save time and earn more using AI.

Sign up with 1-Click

When it comes to spreading malware, they’re beginning to Excel 😬

🚨 New Phishing Campaign Spreads Fileless Remcos RAT Malware! ⚠️

Cybersecurity researchers have identified a new phishing attack delivering a fileless variant of Remcos RAT malware, commonly used for remote access and control. This malware enables attackers to collect sensitive data and remotely manipulate infected systems. 📉

How It Works 📨

  1. Attackers start with a phishing email disguised as a purchase order to lure victims into opening a malicious Excel attachment. 📄

  2. The Excel document exploits a known Office vulnerability (CVE-2017-0199), loading a hidden script that downloads more malware from a remote server. 📥

  3. This multi-layered attack involves JavaScript, VBScript, and PowerShell to dodge detection. The ultimate payload is Remcos RAT, which runs directly in memory without creating files on disk, making it harder to detect. 🛡️

What Remcos RAT Can Do 🔎

Remcos RAT has powerful capabilities, allowing attackers to:

  • Access system metadata and harvest files 📁

  • Monitor processes and execute commands 💻

  • Control the camera and microphone 📷🎙️

  •  Capture screen recordings and clipboard data 📸📋

  •  Disable mouse and keyboard input ⛔

New Phishing Tactics 🌐

Alongside this Remcos campaign, attackers are also using DocuSign API abuse to send fake invoices that mimic well-known brands, as well as a tactic called ZIP file concatenation to distribute malware undetected by security tools. Attackers concatenate multiple ZIP files into one, exploiting differences in how programs unpack ZIP files to bypass security software. 🔐

The discovery underscores the evolving techniques in phishing and malware as threat actors continue to find new ways to evade detection and target users globally. 🚨 Stay cautious, double-check email attachments, and verify senders! 📧🔒

🗞️ Extra, Extra! Read all about it! 🗞️

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • 🛡️ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday 📅

  • 💵Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for 🆓

  • 📈Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future 👾

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles