Hackers target 2 Cisco zero-days for espionage

Apr 26 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s like your own personal Trojan against, well, trojans πŸ‘€πŸ†πŸ’€

It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!

It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.

Congrats, the cybercriminals are no match… for your patch! 🩹🩹🩹

Stop the WordPresses! πŸ“°πŸ›‘πŸ’‘


πŸ”’ Good news, WordPress users! The threat posed by the critical security flaw in the WP-Automatic plugin has been SOLVED! πŸ›‘οΈ Thanks to a new patch, your sites will once again be safe (so long as you update to version or later!)

πŸ” The Issue: Threat actors were actively exploiting a critical security flaw in the WP-Automatic plugin for WordPress. This flaw, tracked as CVE-2024-27956, had a CVSS score of 9.9 out of 10, making it extremely dangerous. 😱 It affected all versions of the plugin before

πŸ› οΈ The Fix: This vulnerability, identified as a SQL injection (SQLi) flaw, allowed attackers to gain unauthorised access to websites. They could create admin-level user accounts, upload malicious files, and potentially take full control of affected sites. But fear not! The brilliant minds behind WPScan have provided a solution. πŸ’‘ They've patched the flaw, sealing off this vulnerability for good!

πŸ“’ What You Need to Know: The flaw was rooted in the plugin's user authentication mechanism. Attackers could exploit it by sending specially crafted requests to execute arbitrary SQL queries against the database. 😱 But with the latest patch, this loophole has been closed, ensuring your WordPress sites remain secure. Phew! πŸ˜…

πŸ‘ Thank You: A big shoutout to the Automattic-owned company for swiftly addressing this issue. Your dedication to WordPress security is truly commendable! πŸ™Œ

πŸ” Stay Safe: Remember, keeping your plugins and WordPress installations updated is crucial for maintaining a secure online presence. Stay vigilant and keep those updates rolling in! πŸ’ͺ

Now, on to today’s hottest cybersecurity news stories:

  • πŸ‘¨β€πŸ’» State-sponsored hackers target 2 Cisco zero-days for espionage πŸ•΅οΈ

  • ☠️ Beware! New SEO-poisoning campaign is sneakier than ever πŸ‘₯

  • πŸšͺ Ring customers given $5.6 million in privacy breach settlement πŸ’°

Where’s the Cisco Kid when you need him? 🀠🏜️🌡

🚨 New Malware Campaign Targets Cisco Gear with Zero-Day Flaws! 🎯

πŸ”’ Cisco gear faces a new threat as a sophisticated state-sponsored actor, UAT4356 (also known as Storm-1849), launches a sneaky malware campaign dubbed ArcaneDoor. 😱

πŸ›‘οΈ The Threat: UAT4356 exploited two zero-day flaws in Cisco networking gear to deploy custom malware, including backdoors named 'Line Runner' and 'Line Dancer.' These backdoors enabled malicious actions like reconnaissance, network traffic capture, and even potential lateral movement within target environments.

πŸ› οΈ The Flaws: The vulnerabilities, CVE-2024-20353 and CVE-2024-20359, allowed attackers to execute malicious code and disrupt web services on Cisco Adaptive Security Appliances and Firepower Threat Defense Software. 😨

πŸ›‘οΈ CISA's Response: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged these vulnerabilities, urging federal agencies to apply fixes provided by Cisco before May 1, 2024.

πŸ•΅οΈ The Tactics: UAT4356's meticulous tactics include deploying implants to hide digital footprints and evade detection. These implants, Line Dancer and Line Runner, give attackers persistent access to compromised devices, even surviving reboots and upgrades. πŸ•΅οΈβ€β™‚οΈ

πŸ” What's Next: While the exact origin of ArcaneDoor remains unclear, the attacks underscore the importance of patching and monitoring perimeter network devices. With edge devices increasingly targeted, vigilance is key to thwarting cyber threats. πŸ’ͺ

Stay informed, stay secure! Keep an eye out for updates on this evolving situation. πŸ”’

SEOh-no! The black hats are back! πŸ‘€πŸŽ©πŸ˜ˆ

🚨 Alert: Malware Menace Unveiled! 🎭

πŸ” Unmasking the Threat: Zscaler ThreatLabz's latest investigation reveals a disturbing trend: the proliferation of fraudulent websites across popular hosting platforms. 😱

These sites, fueled by cybercriminals' cunning, exploit user behaviour using sophisticated Black Hat SEO tactics, notably SEO poisoning. Their aim? To spread malware far and wide, posing a significant threat to unsuspecting users.

🎯 The Cyber Threat Explained: These deceptive websites cloak themselves in the guise of legitimacy, leveraging SEO manipulation to dominate search engine rankings.

Once users fall into the trap and engage with these seemingly innocuous sites, malware swiftly infiltrates their systems. This sets the stage for potential financial extortion and other malicious activities, leaving victims vulnerable to cyber exploitation.

πŸ’‘ Protective Measures: Safeguard yourself by exercising caution when downloading software. Avoid sources of dubious repute and prioritise reputable websites and trusted software providers.

πŸ’ͺ By fortifying your digital defences and staying vigilant against cyber threats, you can navigate the online landscape with confidence and security. πŸ”’

🎣 Catch of the Day!! 🌊🐟🦞

My Favorite Newsletter: Stay ahead on the business of AIΒ 

Have you heard of Prompts Daily newsletter? I recently came across it and absolutely love it.

AI news, insights, tools and workflows. If you want to keep up with the business of AI, you need to be subscribed to the newsletter (it’s free).

Read by executives from industry-leading companies like Google, Hubspot, Meta, and more.

Want to receive daily intel on the latest in business/AI?

In just ONE click, you can quickly sign up to the free Prompts Daily newsletter.

Geez, Ring up the cash register πŸ’ΈπŸ’ΈπŸ’Έ

🚨 Ring Users Alert: Refunds Incoming! πŸ’°

The Federal Trade Commission (FTC) is taking action! They're sending out a whopping $5.6 million in refunds to Ring users who've had their private video feeds accessed without consent by Amazon employees and contractors, or suffered hacks due to inadequate security measures. 😱

πŸ” The Settlement: This initiative stems from a complaint lodged in May 2023, accusing Ring of failing to implement sufficient security protocols to safeguard devices from unauthorised access. Now, as part of the settlement, over 117,000 Ring consumers will receive payments through PayPal.

🏑 About Ring: Ring, an Amazon subsidiary, offers a range of smart home security products, from video doorbells to motion-activated lights. These devices provide remote access and control via a mobile app, but lax security measures left users vulnerable to breaches.

πŸ›‘οΈ Security Concerns: The FTC alleged that Ring granted its employees and third-party contractors unrestricted access to user devices, compromising privacy and security. Additionally, the lack of multi-factor authentication until 2019 made it easier for hackers to hijack accounts and access private video feeds.

πŸ’Έ Getting Your Refund: If you're one of the eligible Ring customers, keep an eye on your PayPal account! You have 30 days to redeem your refund. For more details on the refund process, check out the FTC's FAQ page.

Stay informed, stay secure! Your privacy matters. πŸ”’

πŸ—žοΈ Extra, Extra! Read all about it! πŸ—žοΈ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • πŸ›‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday πŸ“…

  • πŸ’΅Β Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for πŸ†“

  • πŸ“ˆΒ Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πŸ‘Ύ

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles