Mar 08 2024
Welcome to Gone Phishing, your daily cybersecurity newsletter that knows that just like the sitting (sleeping? ๐) American president, hackers are simply Biden their time, ready to steal anything from an election to your Yahoo password ๐ #StateoftheUnionโฆ State of it!! ๐
Itโs Friday, folks, which can only mean one thingโฆ Itโs time for our weekly segment!
It goes by many names. Patch of the Week, Tweak of the week. Okay, thatโs it.
Congrats, the cybercriminals are no matchโฆ for your patch! ๐ฉน๐ฉน๐ฉน
Check out these freshly hatched patches ๐ฃ๐ฃ๐ฃ
An Apple patch a day keeps the hackers at bay ๐ค
๐ Apple’s Security Update Blitz! ๐
Apple has swiftly responded to security concerns with a barrage of updates, tackling two actively exploited vulnerabilities alongside several others. These include CVE-2024-23225, a memory corruption flaw in the Kernel, and CVE-2024-23296 affecting the RTKit real-time operating system. ๐ฑ
These vulnerabilities allow attackers to bypass kernel memory protections. But fear not! ๐ก๏ธ Apple has beefed up validation in iOS 17.4, iPadOS 17.4, iOS 16.7.6, and iPadOS 16.7.6 to ward off potential attacks.
From iPhone 8 to the latest iPhone XS models and various iPad generations, updates are here to safeguard your devices.ย ๐ฑ This marks Apple’s third zero-day exploit fix this year, emphasising the ever-evolving cybersecurity landscape’s importance. Meanwhile, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is flagging more vulnerabilities, underscoring the need for timely updates.
Stay vigilant and keep those devices locked down! ๐๐ช
Now, on to todayโs hottest cybersecurity stories:
๐ต๏ธ Google engineer turned Chinese spy arrested for stealing AI secrets ๐ค
๐ฐ Stop the WordPresses! Hacked sites are abusing visitors’ browsers ๐ป
๐ผ Chinese threat actor Evasive Panda targets Tibetan users w/ malware ๐พ
giphy.com
The U.S. Department of Justice (DoJ) has unmasked a tale of corporate espionage, indicting a 38-year-old Chinese national and a California resident for allegedly stealing proprietary information from Google while clandestinely working for two China-based tech companies. ๐ต๏ธโโ๏ธ๐ผ๐
Linwei Ding’s Deception Unveiled ๐ต๏ธโโ๏ธ๐ป๐
Linwei Ding (aka Leon Ding), a former Google engineer, stands accused of transferring over 500 confidential files containing artificial intelligence (AI) trade secrets from Google’s network to his personal account while maintaining secret affiliations with Chinese tech firms. Ding, who joined Google in 2019, allegedly orchestrated the theft between May 2022 and May 2023, aiming to bolster the competitive edge of two China-based companies in the AI sector. ๐ต๏ธโโ๏ธ๐๐ป
The Machinations of Espionage ๐ต๏ธโโ๏ธ๐๐ผ
Ding’s modus operandi involved covertly copying Google’s trade secrets onto his personal devices and concealing the illicit data transfer by converting them into PDFs. To further obfuscate his actions, Ding allegedly misled Google by allowing another employee to use his access badge to access Google premises while he was, in reality, in China. Ding resigned from Google in December 2023. ๐๐๐
Legal Ramifications and Cybersecurity Implications โ๏ธ๐ก๏ธ๐ผ
Ding faces four counts of theft of trade secrets, with each count carrying a maximum penalty of 10 years in prison and a $250,000 fine. This revelation underscores the persistent threat posed by insider threats and foreign espionage, necessitating robust cybersecurity measures and heightened vigilance in safeguarding intellectual property and sensitive data. ๐จ๐๐ป
Espionage Eclipses Borders ๐๐ต๏ธโโ๏ธ๐ผ
The indictment of Linwei Ding comes on the heels of another high-profile arrest, highlighting the transnational nature of espionage and the insidious tactics employed by threat actors to compromise national security and undermine corporate integrity. As cyber threats continue to evolve, collaborative efforts and enhanced cybersecurity measures are imperative to combatting espionage and safeguarding critical assets. ๐ก๏ธ๐๐
๐จ WordPress Under Attack: New Threats Uncovered! ๐
๐ Sucuri’s latest findings reveal a surge in brute-force attacks on WordPress sites using malicious JavaScript injections. Threat actors target innocent visitors to launch distributed brute-force attacks, exploiting compromised sites.
๐ป Instead of crypto drainers, attackers now employ leaked passwords to breach WordPress sites. The attack unfolds in five stages, allowing unauthorised access to victim sites.
๐ฐ Profit motives may drive this shift, as compromised WordPress sites offer various monetization avenues. Losses from crypto drainers soared in 2023, with attackers exploiting vulnerabilities to bypass security measures.
๐ก๏ธ Concurrently, cybersecurity experts warn of exploits targeting WordPress plugins like 3DPrint Lite (CVE-2021-4436) and SocGholish campaigns distributing JavaScript malware via plugin modifications.
โ ๏ธ Stay vigilant! WordPress admins must prioritise patching vulnerabilities and implementing robust security measures to thwart evolving cyber threats.
TL;DR?
๐จ WordPress sites face surge in brute-force attacks.
๐ผ Profit motives drive attackers to exploit vulnerabilities.
โ ๏ธ Cybersecurity experts warn of plugin-related exploits.
๐ก๏ธ Prioritise security measures to safeguard WordPress sites.
Get access to the info
Learn AI in 5 minutes a day. We’ll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.
๐ฏ ESET uncovers a sophisticated cyber campaign by Evasive Panda, aiming to compromise Tibetan users through watering hole and supply chain attacks since September 2023.
๐ป The attacks deploy malicious downloaders for Windows and macOS, introducing the MgBot backdoor and the previously unknown Nightdoor Windows implant.
๐ At least three websites were compromised for watering hole attacks, including the Kagyu International Monlam Trust’s site, strategically targeting users in India, Taiwan, Hong Kong, Australia, and the U.S.
๐ The attackers also infiltrated an Indian software company’s supply chain, distributing trojanized installers of Tibetan language translation software.
๐ก๏ธ Evasive Panda’s arsenal includes multiple backdoors and payloads hosted on compromised websites, facilitating data theft and system manipulation.
๐ Stay vigilant! Cybersecurity measures must be reinforced to combat evolving threats from sophisticated threat actors like Evasive Panda.
TL;DR?
๐ผ Evasive Panda orchestrates cyber assaults on Tibetan users since September 2023.
๐ป Malicious downloaders deploy MgBot and Nightdoor implants.
๐ Compromised websites used for watering hole attacks, targeting multiple countries.
๐ก๏ธ Supply chain infiltration facilitates distribution of trojanized software.
๐ Cybersecurity measures must be strengthened to counter Evasive Panda’s tactics.
Thatโs all for this week, folks! Stay safe out there and donโt click on anything we wouldnโt! ๐
๐๏ธ Extra, Extra! Read all about it! ๐๏ธ
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
๐ก๏ธ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday ๐
๐ตย Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for ๐
๐ย Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future ๐พ
Let us know what you think.
So long and thanks for reading all the phish!
๐ต CACTUS ransomware exploits flaws in Qlik Sense ๐ป