Jun 21 2024
Welcome to Gone Phishing, your daily cybersecurity newsletter thatβs cyber-sonic, give us gin and tonic πΈπΈπΆ Happy Friday, folks! πππ
Itβs Friday, folks, which can only mean one thingβ¦ Itβs time for our weekly segment!
It goes by many names. Patch of the Week, Tweak of the week. Okay, thatβs it.
Congrats, the cybercriminals are no matchβ¦ for your patch! π©Ήπ©Ήπ©Ή
Check out this freshly hatched patch π£
π¨ VMware Security Alert: Critical Updates Released! π‘οΈ
VMware has issued updates for critical flaws in Cloud Foundation, vCenter Server, and vSphere ESXi that could lead to privilege escalation and remote code execution. π¨π§
Vulnerabilities:
CVE-2024-37079 & CVE-2024-37080 (CVSS 9.8): Heap-overflow flaws in DCE/RPC protocol, allowing remote code execution via crafted network packets.
CVE-2024-37081 (CVSS 7.8): Local privilege escalation in vCenter due to sudo misconfiguration, enabling root access for authenticated users.
These flaws affect vCenter Server versions 7.0 and 8.0, resolved in updates 7.0 U3r, 8.0 U1e, and 8.0 U2d. π₯οΈπ§
No active exploitation reported, but users should apply patches immediately due to the severity. β οΈπ»
Now, todayβs hottest cybersecurity news stories:
π¦ Kraken cryptocurrency exchange suffers $3M theft πΈ
π AMD are looking into company data theft claims π€
π¨π»βπ» UNC3886 uses Fortinet, VMware 0-Days to spy π
Gif by PerrolokogamesCompany on Giphy
Security Breach at Kraken π‘οΈπ Kraken, a major crypto exchange, revealed a security incident where a researcher exploited a critical zero-day flaw, stealing $3 million in digital assets.
Exploited Vulnerability β οΈπ
Flaw: Allowed artificial inflation of account balance
Discovered: Bug Bounty alert received
Resolved: Issue fixed within 47 minutes
Deposit Exploit π¨π°
Method: Initiated deposit without completing it, receiving funds
Risk: No client assets affected, but allowed asset creation
Cause: Recent user interface change enabling premature fund use
Exploitation Timeline ποΈπ
Initial Alert: Kraken identified the flaw within minutes
Further Investigation: Three accounts exploited the flaw
Stolen Amount: Nearly $3 million from Krakenβs treasury
From Research to Extortion π‘πΌ
Researcher Action: Exploited flaw to credit $4 in crypto
Misuse: Shared exploit with two others, leading to $3 million theft
Demand: Requested payment for PoC exploit and fund return
Krakenβs Response πβοΈ
Engagement: Coordinating with law enforcement
Message: Emphasised ethical rules of bug bounty programs
Warning: Actions taken were deemed extortion, not white hat hacking
Key Takeaways ππ
Security Programs: Importance of following bug bounty rules
Ethical Hacking: Distinguish between responsible disclosure and criminal activity
Rapid Response: Effective incident resolution minimises damage
Stay vigilant and adhere to ethical standards in cybersecurity! ππ
Data Breach Investigation! π΅οΈββοΈπ On June 18, AMD announced it is investigating claims of a data breach by a cybercriminal group named "Intelbroker."
Official Statement π£οΈπ
Collaboration: Working with law enforcement and a third-party hosting partner
Objective: Assess the validity and significance of the stolen data
Sensitive Information Exposed ππ
Reported Stolen Data: Future product details, customer databases, financial records
Media Reports: Intelbroker claimed responsibility for the breach
Market Impact ππ΅
AMD Shares: Marginal decline in extended trading
Ongoing Investigation πβοΈ
Law Enforcement: Close cooperation to determine breach scope
Security Measures: Strengthening defences to prevent future incidents
Stay tuned for updates on this developing story. π°π
Whether youβre starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, ISO 42001, HIPAA, HITRUST CSF, NIST AI, and more.
Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center, all powered by Vanta AI.
Instantly calculate how much time you can save with Vanta.
Advanced Tactics Unveiled! ππ UNC3886, a China-nexus cyber espionage actor, uses multiple persistence mechanisms to maintain access to compromised environments, targeting network devices, hypervisors, and virtual machines.
Exploited Zero-Day Flaws β οΈπ§
UNC3886 exploited several zero-day flaws:
CVE-2022-41328 (Fortinet FortiOS)
CVE-2022-22948 (VMware vCenter)
CVE-2023-20867 (VMware Tools)
Diverse Target Profile ππΌ
UNC3886 targeted entities in North America, Southeast Asia, and Oceania, affecting:
Governments
Telecommunications
Technology
Aerospace and Defense
Energy and Utilities
Rootkits and Backdoors πͺπ§
UNC3886 used rootkits like Reptile and Medusa on guest VMs and deployed backdoors such as MOPSLED and RIFLESPINE, using GitHub and Google Drive for command-and-control (C2).
Key Malware Families π¦ π»
LOOKOVER: Sniffer for TACACS+ packets
VIRTUALSHINE: VMCI sockets-based backdoor
VIRTUALPIE: Python backdoor
VIRTUALSPHERE: VMCI-based backdoor
Strengthening Defences π‘οΈπ οΈ
Organisations should follow security recommendations from Fortinet and VMware to protect against these advanced threats.
Stay vigilant and keep your defences strong! ππ
ποΈ Extra, Extra! Read all about it! ποΈ
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
π‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday π
π΅Β Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for π
πΒ Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πΎ
Let us know what you think.
So long and thanks for reading all the phish!