Dec 14 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that hates cybercriminals as much as #AlexJones hates ‘the globalists’ 🙈😂😂 He’s back 💀
Today’s hottest cybersecurity news stories:
📱 Android users: Google’s got your back w/ ‘clang sanitisers’ 🧼
👨💻 Ukraine is struck by a cybercriminals: hackers target Kyivstar 📡
🍜 Chinese hackers drown US infrastructure with ‘Typhoon’ attack 🌊
In a recent update, Google shines a spotlight on Clang sanitizers, bolstering the security of Android's cellular baseband. 📱 This includes IntSan and BoundSan, part of the powerful UndefinedBehaviorSanitizer (UBSan) tool, designed to catch various undefined behaviours during program execution.
Ivan Lozano and Roger Piqueras Jover reveal these sanitizers are architecture-agnostic, perfect for bare-metal deployment. 🛡️ Enabling them in C/C++ code bases helps mitigate unknown vulnerabilities, ensuring a more secure Android experience.
It was Bound to Sappen 😬
Months after announcing collaboration for firmware security, Google strategically implements IntSan and BoundSan as compiler-based exploit mitigation measures. 🚧 Though they carry a performance overhead, they're active in security-critical areas like message parsing, encoding/decoding libraries, IMS, TCP/IP stacks, and messaging functions.
‘2G toggle’ 💃
While 2G security relies on the "2G toggle," Google hints at Rust as a solution for broader vulnerability classes. 🦀 Notably, they've rewritten Android Virtualization Framework's firmware in Rust for a memory-safe foundation.
Stay safe 🛡️
"As the OS becomes a harder target, the baseband will attract more attention. Modern tools and exploit mitigation raise the bar for baseband attacks," conclude the researchers. 🌐💻
Stay tuned for a safer Android future! 🚀🔐
Ukraine's major telecom player, Kyivstar, is grappling with a severe cyberattack, impacting mobile and internet services nationwide. 📡 Owned by VEON, it serves over 25 million mobile subscribers and 1 million home internet users.
Kyivstar of the show 🤩
Attributing the attack to the war with Russia, Kyivstar is working tirelessly to restore services amid disruptions in air raid alerts and the banking sector. The company assures subscribers affected by the hack will receive compensation after network stabilisation.
While details about the attack remain undisclosed, Kyivstar emphasises no evidence of subscriber data compromise. 👤 The pro-Russia hacktivist group, KillNet, claims responsibility on Telegram, but without supporting evidence.
In a twist, KillNet's leader, KillMilk, has retired, passing leadership to "Deanon Club," who vows widespread recruitment for attacks on government facilities, encryption firms, and the gambling sector. 💼🕵️
GRRR 😡 oh sorry: ‘GUR’ 😂
Meanwhile, Ukraine's Defence Intelligence (GUR) reveals hacking into Russia's Federal Taxation Service servers, wiping data and affecting a related IT company. This follows GUR's cyber assault on Russia's Federal Air Transport Agency last month.
Russian politician Anton Gorelkin disputes the FNS attack, alleging it's Ukrainian propaganda. Stay vigilant against scams, and Kyivstar promises updates on compensation and network restoration via official channels. 🛡️💻
🃏 The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya 😂 Let us tell who’s not fooling around though; that’s the Crüe 👀 at Motley Fool. You’d be a fool (alright, enough already! 🙈) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! 🐛 Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets 🤑 (LINK)
🚵 Wander: Find your happy place. Cue Happy Gilmore flashback 🏌️⛳🌈🕊️ Mmmm Happy Place… 😇 So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)
🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ⚾👻🍿 (Great movie, to be fair 🙈). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty 😑). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho 😉 And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)
Hacking groups linked to China have launched cyberattacks on crucial U.S. infrastructure, focusing on utilities, communications, and transport. 💻🚨 The ongoing Volt Typhoon campaign by the Chinese People's Liberation Army has infiltrated U.S. government systems, impacting water and power utilities, oil and gas pipelines, transportation, and communication entities.
What happened, Pacifically? 😏
The alleged attacks aim at logistics targets, potentially tied to U.S.-China conflicts in the Pacific. 🤖 Both nations have a history of blaming each other for cyberattacks, with the Volt Typhoon campaign marking the latest episode. Key targets include a West Coast port, Hawaii's water utilities, an oil and gas pipeline, and a Texas power grid operator.
While no disruptions have occurred, the Hawaii system attack raises concerns about potential Pacific fleet operations. 👾 The hackers use stolen credentials and home/work routers to conceal their actions, with the Volt Typhoon attacks spanning sectors like manufacturing, education, and IT since 2021.
USA! USA! 🗽
Collaborating with tech firms, the U.S. government employs mitigation strategies, emphasising stricter monitoring, enhanced authentication, and widespread password resets. 🤝🔒 The rise of cyber warfare underscores the need for international mechanisms to navigate this complex landscape.
Stay tuned for updates on cybersecurity developments! 🚀
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.
Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.
Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)
Let us know what you think!
So long and thanks for reading all the phish!