Google engineer turned Chinese spy arrested

Mar 08 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that knows that just like the sitting (sleeping? ๐Ÿ˜‚) American president, hackers are simply Biden their time, ready to steal anything from an election to your Yahoo password ๐Ÿ™ˆ #StateoftheUnionโ€ฆ State of it!! ๐Ÿ™ƒ

Itโ€™s Friday, folks, which can only mean one thingโ€ฆ Itโ€™s time for our weekly segment!

It goes by many names. Patch of the Week, Tweak of the week. Okay, thatโ€™s it.

Congrats, the cybercriminals are no matchโ€ฆ for your patch! ๐Ÿฉน๐Ÿฉน๐Ÿฉน

Check out these freshly hatched patches ๐Ÿฃ๐Ÿฃ๐Ÿฃ

An Apple patch a day keeps the hackers at bay ๐Ÿค“

๐Ÿš€ Apple’s Security Update Blitz! ๐Ÿ

Apple has swiftly responded to security concerns with a barrage of updates, tackling two actively exploited vulnerabilities alongside several others. These include CVE-2024-23225, a memory corruption flaw in the Kernel, and CVE-2024-23296 affecting the RTKit real-time operating system. ๐Ÿ˜ฑ

These vulnerabilities allow attackers to bypass kernel memory protections. But fear not! ๐Ÿ›ก๏ธ Apple has beefed up validation in iOS 17.4, iPadOS 17.4, iOS 16.7.6, and iPadOS 16.7.6 to ward off potential attacks.

From iPhone 8 to the latest iPhone XS models and various iPad generations, updates are here to safeguard your devices.ย ๐Ÿ“ฑ This marks Apple’s third zero-day exploit fix this year, emphasising the ever-evolving cybersecurity landscape’s importance. Meanwhile, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is flagging more vulnerabilities, underscoring the need for timely updates.

Stay vigilant and keep those devices locked down! ๐Ÿ”’๐Ÿ’ช

Now, on to todayโ€™s hottest cybersecurity stories:

  • ๐Ÿ•ต๏ธ Google engineer turned Chinese spy arrested for stealing AI secrets ๐Ÿค–

  • ๐Ÿ“ฐ Stop the WordPresses! Hacked sites are abusing visitors’ browsers ๐Ÿ’ป

  • ๐Ÿผ Chinese threat actor Evasive Panda targets Tibetan users w/ malware ๐Ÿ‘พ

Itโ€™s a byte-sized betrayal ๐Ÿ˜ฌ๐Ÿ˜ฌ๐Ÿ˜ฌ


๐Ÿšจ Espionage Unveiled: Google’s Secrets Stolen by Chinese National ๐Ÿ•ต๏ธ

The U.S. Department of Justice (DoJ) has unmasked a tale of corporate espionage, indicting a 38-year-old Chinese national and a California resident for allegedly stealing proprietary information from Google while clandestinely working for two China-based tech companies. ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ’ผ๐Ÿ”“

Linwei Ding’s Deception Unveiled ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ’ป๐Ÿ”

Linwei Ding (aka Leon Ding), a former Google engineer, stands accused of transferring over 500 confidential files containing artificial intelligence (AI) trade secrets from Google’s network to his personal account while maintaining secret affiliations with Chinese tech firms. Ding, who joined Google in 2019, allegedly orchestrated the theft between May 2022 and May 2023, aiming to bolster the competitive edge of two China-based companies in the AI sector. ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ”’๐Ÿ’ป

The Machinations of Espionage ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ”๐Ÿ’ผ

Ding’s modus operandi involved covertly copying Google’s trade secrets onto his personal devices and concealing the illicit data transfer by converting them into PDFs. To further obfuscate his actions, Ding allegedly misled Google by allowing another employee to use his access badge to access Google premises while he was, in reality, in China. Ding resigned from Google in December 2023. ๐Ÿ”๐Ÿ”’๐ŸŒ

Legal Ramifications and Cybersecurity Implications โš–๏ธ๐Ÿ›ก๏ธ๐Ÿ’ผ

Ding faces four counts of theft of trade secrets, with each count carrying a maximum penalty of 10 years in prison and a $250,000 fine. This revelation underscores the persistent threat posed by insider threats and foreign espionage, necessitating robust cybersecurity measures and heightened vigilance in safeguarding intellectual property and sensitive data. ๐Ÿšจ๐Ÿ”’๐Ÿ’ป

Espionage Eclipses Borders ๐ŸŒ๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ’ผ

The indictment of Linwei Ding comes on the heels of another high-profile arrest, highlighting the transnational nature of espionage and the insidious tactics employed by threat actors to compromise national security and undermine corporate integrity. As cyber threats continue to evolve, collaborative efforts and enhanced cybersecurity measures are imperative to combatting espionage and safeguarding critical assets. ๐Ÿ›ก๏ธ๐ŸŒ๐Ÿ”’

When WordPress comes to shove, will you be protected? ๐Ÿ‘€๐Ÿ˜ฌ๐Ÿ’€

๐Ÿšจ WordPress Under Attack: New Threats Uncovered! ๐Ÿ”’

๐Ÿ” Sucuri’s latest findings reveal a surge in brute-force attacks on WordPress sites using malicious JavaScript injections. Threat actors target innocent visitors to launch distributed brute-force attacks, exploiting compromised sites.

๐Ÿ’ป Instead of crypto drainers, attackers now employ leaked passwords to breach WordPress sites. The attack unfolds in five stages, allowing unauthorised access to victim sites.

๐Ÿ’ฐ Profit motives may drive this shift, as compromised WordPress sites offer various monetization avenues. Losses from crypto drainers soared in 2023, with attackers exploiting vulnerabilities to bypass security measures.

๐Ÿ›ก๏ธ Concurrently, cybersecurity experts warn of exploits targeting WordPress plugins like 3DPrint Lite (CVE-2021-4436) and SocGholish campaigns distributing JavaScript malware via plugin modifications.

โš ๏ธ Stay vigilant! WordPress admins must prioritise patching vulnerabilities and implementing robust security measures to thwart evolving cyber threats.


๐Ÿšจ WordPress sites face surge in brute-force attacks.

๐Ÿ’ผ Profit motives drive attackers to exploit vulnerabilities.

โš ๏ธ Cybersecurity experts warn of plugin-related exploits.

๐Ÿ›ก๏ธ Prioritise security measures to safeguard WordPress sites.

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž


Get access to the info


Learn AI in 5 minutes a day. We’ll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Itโ€™s like a poor manโ€™s Kung Fu Panda ๐Ÿ˜’๐Ÿ™ƒ๐Ÿผ

๐Ÿผ Evasive Panda Strikes Again: New Cyber Assaults Target Tibetan Users!

๐ŸŽฏ ESET uncovers a sophisticated cyber campaign by Evasive Panda, aiming to compromise Tibetan users through watering hole and supply chain attacks since September 2023.

๐Ÿ’ป The attacks deploy malicious downloaders for Windows and macOS, introducing the MgBot backdoor and the previously unknown Nightdoor Windows implant.

๐Ÿ” At least three websites were compromised for watering hole attacks, including the Kagyu International Monlam Trust’s site, strategically targeting users in India, Taiwan, Hong Kong, Australia, and the U.S.

๐ŸŒ The attackers also infiltrated an Indian software company’s supply chain, distributing trojanized installers of Tibetan language translation software.

๐Ÿ›ก๏ธ Evasive Panda’s arsenal includes multiple backdoors and payloads hosted on compromised websites, facilitating data theft and system manipulation.

๐Ÿ”’ Stay vigilant! Cybersecurity measures must be reinforced to combat evolving threats from sophisticated threat actors like Evasive Panda.


๐Ÿผ Evasive Panda orchestrates cyber assaults on Tibetan users since September 2023.

๐Ÿ’ป Malicious downloaders deploy MgBot and Nightdoor implants.

๐ŸŒ Compromised websites used for watering hole attacks, targeting multiple countries.

๐Ÿ›ก๏ธ Supply chain infiltration facilitates distribution of trojanized software.

๐Ÿ” Cybersecurity measures must be strengthened to counter Evasive Panda’s tactics.

Thatโ€™s all for this week, folks! Stay safe out there and donโ€™t click on anything we wouldnโ€™t! ๐Ÿ˜‰

๐Ÿ—ž๏ธ Extra, Extra! Read all about it! ๐Ÿ—ž๏ธ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ๐Ÿ›ก๏ธ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday ๐Ÿ“…

  • ๐Ÿ’ตย Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for ๐Ÿ†“

  • ๐Ÿ“ˆย Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future ๐Ÿ‘พ

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter
  • ๐ŸŒต CACTUS ransomware exploits flaws in Qlik Sense ๐Ÿ’ป

Recent articles