???? iPhone users beware! Brace for ‘most sophisticated’ hack ⚠️

Dec 29 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that wants to wish you a happy new year and thank you for supporting us in 2023. Roll on 2024! ????????????

It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!

It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.

Congrats, the cybercriminals are no match… for your patch! ????????????

Check out these freshly hatched patches ????????????

An eye for an eye and a patch for Apache ????

???? Security Alert: Apache OfBiz Zero-Day Vulnerability! ????

???? A critical zero-day security flaw, CVE-2023-51467, has been uncovered in Apache OfBiz ERP, an open-source Enterprise Resource Planning system. This vulnerability allows threat actors to bypass authentication protections, posing a serious risk to user data.

???? The flaw originates from an incomplete patch for a previous critical vulnerability, CVE-2023-49070 (CVSS score: 9.8), released this month.

????️‍♂️ The attack exploits an HTTP request with empty/invalid USERNAME and PASSWORD parameters, triggering an authentication success message. This allows unauthorised access to internal resources. The NIST National Vulnerability Database describes it as a Server-Side Request Forgery (SSRF) vulnerability.

⚠️ Action Required: Users relying on Apache OfBiz are urged to update to version 18.12.11 or later immediately. This update is crucial for mitigating potential threats and securing your system against unauthorised access.

Now, on to today’s hottest cybersecurity stories:

  • ???? iPhone users beware! Brace for ‘most sophisticated’ hack ⚠️

  • ????‍???? Hackers enslave Linux SSH servers for crypto-mining ⛏️

  • ???? Rugmi malware is being detected 100s of times per day ????

Well, they’re certainly not iPhoning it in ????????????

???? Operation Triangulation Spyware Targets Apple iOS Devices! ????️‍♂️

Russian cybersecurity firm Kaspersky unveiled the Operation Triangulation spyware attacks, branding them the "most sophisticated attack chain" ever witnessed.

Active since 2019 (we’ve covered Operation Triangulation in Gone Phishing), this latest campaign exploits four zero-day flaws, allowing unprecedented access to iOS devices up to version iOS 16.2.

The attack initiates with a zero-click iMessage containing a malicious attachment, enabling the deployment of a spyware module and elevation of permissions.

????️ Vulnerabilities Exploited:

  • CVE-2023-41990: FontParser flaw (Addressed in iOS 15.7.8 and iOS 16.3)

  • CVE-2023-32434: Kernel integer overflow (Addressed in iOS 15.7.7, iOS 15.8, and iOS 16.5.1)

  • CVE-2023-32435: WebKit memory corruption (Addressed in iOS 15.7.7 and iOS 16.5.1)

  • CVE-2023-38606: Kernel issue allowing modification of sensitive state (Addressed in iOS 16.6)

???? Noteworthy Findings: CVE-2023-38606, a previously unknown hardware feature, facilitated a bypass of Apple's hardware-based security, exposing a flaw in the system's security through obscurity. This revelation underscores the importance of transparency in hardware security.

???? Apple's Response: Apple patched CVE-2023-41990 in January 2023, but details were only made public on September 8, 2023, coinciding with the release of iOS 16.6.1. This brings the total number of zero-days addressed by Apple in 2023 to 20.

???? Global Implications: This development coincides with reports that Apple's warnings of state-sponsored spyware targeting Indian journalists and politicians raised scepticism, with officials pressuring Apple to downplay the alerts.

???? Security Insight: Security researcher Boris Larin emphasised the risks of relying on "security through obscurity," highlighting the potential pitfalls of undisclosed hardware features.

???? Stay Informed: As the cybersecurity landscape evolves, it's crucial to stay vigilant. Keep your devices updated, and remain informed about potential threats.

Hackers: with my mine on my money and my money on my mine ????????????

???? Cybersecurity Alert: Linux SSH Servers Under Attack! ⚠️

Malicious actors are exploiting insecure Linux SSH servers, aiming to install port scanners and dictionary attack tools. Nope, not servers that are having an existential crisis, one’s that are poorly secured, that is ????.

The end goal for the hackers is to compromise other vulnerable servers, creating a network for cryptocurrency mining and distributed denial-of-service (DDoS) attacks.

???? Threat Actor Tactics: Adversaries employ dictionary attacks to guess SSH credentials, potentially leading to a successful brute-force attempt. Once breached, malware such as scanners is deployed to identify other susceptible systems, spreading the infection. Notably, the attackers execute commands like "grep -c ^processor /proc/cpuinfo" to determine CPU core count.

???? Origin of Threat: The tools used in these attacks are attributed to the PRG old Team, with slight modifications by threat actors. Evidence suggests their use since 2021.

????️ Protective Measures: To mitigate risks, users are advised to use complex passwords, regularly update them, and keep systems up-to-date.

???? Global Threat Landscape: In tandem with these findings, Kaspersky reveals a new multi-platform threat, NKAbuse, leveraging a decentralised network protocol (NKN) for DDoS attacks. Stay vigilant and prioritise cybersecurity best practices.

???? Stay Informed: As the cyber landscape evolves, staying informed is key. Regularly update passwords, enhance security measures, and be cautious of potential threats.

???? Catch of the Day!! ????????????

Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

Rugmi tender, Rugmi do ????????????????????️

???? Malware Alert: New Loader Unleashes Information Stealers! ????

???? Threat Overview: A fresh malware loader, named Win/TrojanDownloader.Rugmi, is the culprit behind the deployment of various information stealers, including Lumma Stealer, Vidar, RecordBreaker, and Rescoms, according to cybersecurity firm ESET.

???? Loader Components: The Rugmi loader comprises three components: a downloader for encrypted payloads, an internal resource loader, and an external file loader. ESET's Threat Report H2 2023 outlines its modus operandi.

???? Detection Surge: Telemetry data reveals a significant spike in Rugmi loader detections during October and November 2023, jumping from single-digit daily numbers to hundreds per day.

???? Malware-as-a-Service Model: Typically sold under a Malware-as-a-Service model, Lumma Stealer is advertised for $250/month, with a premium plan at $20,000 providing source code access and resale rights.

????️ Adaptive Distribution Tactics: The off-the-shelf tool adapts tactics, employing methods like malvertising, fake browser updates, and infiltrating cracked installations of popular software.

????️‍♂️ Discord CDN Exploitation: Rugmi leverages Discord's CDN for malware distribution, enticing targets with offers of $10 or Discord Nitro subscriptions through direct messages. The disguised executable file contains the Lumma Stealer payload.

???? Global Impact: Ready-made malware solutions contribute to widespread malicious campaigns, making Lumma Stealer attractive to less technically skilled threat actors, warns ESET.

???? NetSupport RAT Variant: McAfee Labs (who’ve been smashing it lately!) uncovered a new NetSupport RAT variant, evolving from its legitimate precursor, NetSupport Manager. This variant targets the U.S. and Canada, using obfuscated JavaScript files and PowerShell commands in its attack chain.

???? Security Recommendations: To stay protected, users are advised to update passwords regularly, employ robust cybersecurity measures, and remain vigilant against evolving cyber threats.

That’s all for 2023, folks. Thanks again! We’ll see you on Monday to hopefully provide a few welcome giggles (along with some stellar info and advice of course!) to ease your hangovers… ???????????? Stay safe!

????️ Extra, Extra! Read all about it! ????️

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter
  • ???? CACTUS ransomware exploits flaws in Qlik Sense ????

Recent articles