Nov 06 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that’s the dynamite to cybercrime’s Guy Fawkes ????????????
Today’s hottest cybersecurity new stories:
???? Google Play launches 'Independent Security Review' badge for apps ✅
???? StripedFly malware sat undetected for 5 years, infects 1 million devices ????
???????? 139 Okta customers incl 1Password & BeyondTrust affected by breach ⚠️
Exciting news for Android users! Google is introducing a new "Independent security review" badge in the Play Store's Data safety section for apps that have undergone a Mobile Application Security Assessment (MASA) audit. ????️
????️ Improving cybersecurity
This initiative is all about improving cybersecurity. MASA allows app developers to have their apps independently validated against a global security standard, ensuring more transparency and empowering users to make informed choices before downloading apps. ????????
Nataliya Stanetsky from the Android Security and Privacy Team pointed out that this badge will be rolled out for VPN apps first because of the sensitive user data they handle.
???? One-stop shop for data
But here's the best part: Google wants the Data safety section to be your one-stop shop for app safety. It will provide details about the data collected, its purpose, and whether it's shared with third parties.
For developers, getting the security badge is as easy as working with one of the six Authorised Labs partners. They will test your app and, once it meets the requirements, you can proudly display the badge.
The entire process takes around 2-3 weeks, and Google wants you to know that while it doesn't guarantee an app is vulnerability-free, it signifies a commitment to user safety. Stay safe and enjoy your apps! ????????
Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.
That's where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:
Remove junk files and malware to free up space and improve performance
Protect your privacy by erasing sensitive data
Optimize your startup settings to speed up boot times
Manage your extensions and apps to keep your Mac or PC running smoothly
Since 2008 MacPaw is trusted by over 30 million users worldwide, and it's the perfect solution for keeping your Mac or PC safe and secure.
Kaspersky has uncovered an astonishing malware strain, StripedFly, camouflaged as a cryptocurrency miner, which has been evading detection for over five years. ????
????️♀️ What's StripedFly?
StripedFly is a complex malware framework that targets both Linux and Windows systems. It exploits the EternalBlue SMBv1 vulnerability, infiltrating public systems and installing a malicious shellcode.
This code can download files from remote repositories and execute PowerShell scripts, with additional features for data harvesting and self-uninstallation.
???? How It Operates
Strikingly, StripedFly disguises its communication through the TOR network, utilising custom-built TOR clients. It's also capable of offloading encrypted components to code repositories like Bitbucket, GitHub, or GitLab to avoid detection.
???? Persistence & Propagation
Once inside a system, StripedFly disables SMBv1 and spreads to other machines through SMB and SSH, using keys gathered from compromised systems. It maintains persistence through various methods, depending on the operating system.
???? Cryptocurrency Mining Deception
StripedFly downloads a Monero cryptocurrency miner that leverages DNS over HTTPS (DoH) requests to further conceal its activities. This miner acts as a decoy, diverting attention from its full capabilities.
???? Global Impact
This revelation comes in the wake of the EternalBlue exploit's repurposing by various hacking groups worldwide, such as North Korean and Russian actors, to spread malware like WannaCry and Petya.
???? Chinese Connection
There's evidence that Chinese hacking groups may have had early access to Equation Group exploits. The coding style and practices of StripedFly resemble those seen in other cyber espionage platforms used by U.S.-linked adversaries.
Stay vigilant, and keep your devices updated and secure. ????️????
???? The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya ???? Let us tell who’s not fooling around though; that’s the Crüe ???? at Motley Fool. You’d be a fool (alright, enough already! ????) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ???? Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ???? (LINK)
???? Wander: Find your happy place. Cue Happy Gilmore flashback ????️⛳????????️ Mmmm Happy Place… ???? So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ????️???? (LINK)
???? Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ⚾???????? (Great movie, to be fair ????). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty ????). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho ???? And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ???? (LINK)
Identity and authentication management provider Okta recently disclosed that an unauthorised intruder breached its support case management system, affecting 134 out of 18,400 customers. The breach occurred from September 28 to October 17, 2023.
???? Session Tokens Hijacked
The intruder accessed HAR files containing session tokens, which could be used for session hijacking attacks. This allowed them to hijack legitimate Okta sessions of five customers.
????️ Customers Impacted
Among the affected customers were 1Password, BeyondTrust, and Cloudflare. The breach was first reported by 1Password on September 29, with two other unnamed customers identified later.
????️ How the Breach Occurred
Okta revealed that a service account within its support system was abused. The credentials for this account were found in an employee's personal Google account, accessed through a Chrome web browser on an Okta-managed laptop.
????️ Actions Taken
Okta has revoked the session tokens, disabled the compromised service account, and blocked the use of personal Google profiles on enterprise versions of Google Chrome to prevent such incidents. They've also introduced session token binding based on network location as an enhanced security measure.
???? Stay Secure
It's a reminder to stay vigilant about cybersecurity, even with trusted providers. Ensure proper credential management and be cautious about personal accounts on work devices.
???? Data Exposure Incident
This security event follows another incident where personal information of Okta employees was exposed due to a breach of its healthcare coverage vendor.
Your security matters, so keep those defences strong! ????️
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.
Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.
Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)
Let us know what you think!
So long and thanks for reading all the phish!