Dec 14 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that hates cybercriminals as much as #AlexJones hates โthe globalistsโ ๐๐๐ Heโs back ๐
Todayโs hottest cybersecurity news stories:
๐ฑ Android users: Googleโs got your back w/ โclang sanitisersโ ๐งผ
๐จโ๐ป Ukraine is struck by a cybercriminals: hackers target Kyivstar ๐ก
๐ Chinese hackers drown US infrastructure with โTyphoonโ attack ๐
In a recent update, Google shines a spotlight on Clang sanitizers, bolstering the security of Android's cellular baseband. ๐ฑ This includes IntSan and BoundSan, part of the powerful UndefinedBehaviorSanitizer (UBSan) tool, designed to catch various undefined behaviours during program execution.
โArchitecture-agnosticโ ๐คท
Ivan Lozano and Roger Piqueras Jover reveal these sanitizers are architecture-agnostic, perfect for bare-metal deployment. ๐ก๏ธ Enabling them in C/C++ code bases helps mitigate unknown vulnerabilities, ensuring a more secure Android experience.
It was Bound to Sappen ๐ฌ
Months after announcing collaboration for firmware security, Google strategically implements IntSan and BoundSan as compiler-based exploit mitigation measures. ๐ง Though they carry a performance overhead, they're active in security-critical areas like message parsing, encoding/decoding libraries, IMS, TCP/IP stacks, and messaging functions.
โ2G toggleโ ๐
While 2G security relies on the "2G toggle," Google hints at Rust as a solution for broader vulnerability classes. ๐ฆ Notably, they've rewritten Android Virtualization Framework's firmware in Rust for a memory-safe foundation.
Stay safe ๐ก๏ธ
"As the OS becomes a harder target, the baseband will attract more attention. Modern tools and exploit mitigation raise the bar for baseband attacks," conclude the researchers. ๐๐ป
Stay tuned for a safer Android future! ๐๐
Ukraine's major telecom player, Kyivstar, is grappling with a severe cyberattack, impacting mobile and internet services nationwide. ๐ก Owned by VEON, it serves over 25 million mobile subscribers and 1 million home internet users.
Kyivstar of the show ๐คฉ
Attributing the attack to the war with Russia, Kyivstar is working tirelessly to restore services amid disruptions in air raid alerts and the banking sector. The company assures subscribers affected by the hack will receive compensation after network stabilisation.
While details about the attack remain undisclosed, Kyivstar emphasises no evidence of subscriber data compromise. ๐ค The pro-Russia hacktivist group, KillNet, claims responsibility on Telegram, but without supporting evidence.
In a twist, KillNet's leader, KillMilk, has retired, passing leadership to "Deanon Club," who vows widespread recruitment for attacks on government facilities, encryption firms, and the gambling sector. ๐ผ๐ต๏ธ
GRRR ๐ก oh sorry: โGURโ ๐
Meanwhile, Ukraine's Defence Intelligence (GUR) reveals hacking into Russia's Federal Taxation Service servers, wiping data and affecting a related IT company. This follows GUR's cyber assault on Russia's Federal Air Transport Agency last month.
Russian politician Anton Gorelkin disputes the FNS attack, alleging it's Ukrainian propaganda. Stay vigilant against scams, and Kyivstar promises updates on compensation and network restoration via official channels. ๐ก๏ธ๐ป
๐ย The Motley Fool: โFool me once, shame on โ shame on you. Fool me โ you can't get fooled again.โ Good olโ George Dubya ๐ Let us tell whoโs not fooling around though; thatโs the Crรผe ๐ at Motley Fool. Youโd be a fool (alright, enough already! ๐) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐ Kidding aside, if you check out their website theyโve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐คย (LINK)
๐ตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐๏ธโณ๐๐๏ธ Mmmm Happy Placeโฆ ๐ So, weโve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโs easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐๏ธ๐ย (LINK)
๐ย Digital Ocean: If you build it they will come. Nope, weโre not talking about a baseball field for ghosts โพ๐ป๐ฟ (Great movie, to be fair ๐). This is the Digital Ocean whoโve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโll find yourself catching the buzz even if you canโt code (guilty ๐). But if you can and youโre looking for somewhere to test things out or launch something new or simply enhance what youโve got, weโd recommend checking out their services foโ sho ๐ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ฟย (LINK)
Hacking groups linked to China have launched cyberattacks on crucial U.S. infrastructure, focusing on utilities, communications, and transport. ๐ป๐จ The ongoing Volt Typhoon campaign by the Chinese People's Liberation Army has infiltrated U.S. government systems, impacting water and power utilities, oil and gas pipelines, transportation, and communication entities.
What happened, Pacifically? ๐
The alleged attacks aim at logistics targets, potentially tied to U.S.-China conflicts in the Pacific. ๐ค Both nations have a history of blaming each other for cyberattacks, with the Volt Typhoon campaign marking the latest episode. Key targets include a West Coast port, Hawaii's water utilities, an oil and gas pipeline, and a Texas power grid operator.
While no disruptions have occurred, the Hawaii system attack raises concerns about potential Pacific fleet operations. ๐พ The hackers use stolen credentials and home/work routers to conceal their actions, with the Volt Typhoon attacks spanning sectors like manufacturing, education, and IT since 2021.
USA! USA! ๐ฝ
Collaborating with tech firms, the U.S. government employs mitigation strategies, emphasising stricter monitoring, enhanced authentication, and widespread password resets. ๐ค๐ The rise of cyber warfare underscores the need for international mechanisms to navigate this complex landscape.
Stay tuned for updates on cybersecurity developments! ๐
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.
Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.
Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)
Let us know what you think!
So long and thanks for reading all the phish!