Law enforcement take down

Jul 21 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that treats cybercriminals like British heroes treat Just Stop Oil protestors ????????????

It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!!!

It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.

Congrats, the cybercriminals are no match… for your patch! Check out these just freshly hatched patches!! ????????????

Today, courtesy of Microsoft’s monthly Patch Tuesday, we have the following critical (but thankfully not zero-day!) flaws.

Indeed, Microsoft addressed six critical vulnerabilities, but no zero-day exploits were reported. Among the vulnerabilities, there are three noteworthy ones:

  • CVE-2023-29357: A critical flaw in Microsoft Office SharePoint that could allow attackers to gain administrator privileges on affected systems by using spoofed JWT authentication tokens. This vulnerability has not been actively exploited or publicly disclosed yet.

  • CVE-2023-32031: A critical remote code execution vulnerability in Microsoft Exchange Server, which could be exploited by an attacker to execute malicious code on the server's account. So far, there are no reports of active exploitation or public disclosure.

  • CVE-2023-28310: Another critical remote code execution vulnerability in Microsoft Exchange Server, which could be triggered by an authenticated attacker on the same intranet as the Exchange server using a PowerShell remoting session. There have been no reports of active exploitation or public disclosure for this vulnerability.

Overall, these vulnerabilities pose significant risks and require immediate attention from users to apply the necessary patches provided by Microsoft. And that’s not all, folks!

Additionally, Adobe has released a fresh round of updates to address an incomplete fix for a recently disclosed ColdFusion flaw that has come under active exploitation in the wild.

The critical shortcoming, tracked as CVE-2023-38205 (CVSS score: 7.5), has been described as an instance of improper access control that could result in a security bypass. It impacts the following versions:

  • ColdFusion 2023 (Update 2 and earlier versions)

  • ColdFusion 2021 (Update 8 and earlier versions),

  • ColdFusion 2018 (Update 18 and earlier versions)

Get updating, people!

Now on to today’s hottest cyber security stories:

  • ???? RaaS: Is Hive gang affiliated with infamous Conti cybercrime syndicate? ????

  • ???? ‘Bad.Build’ flaw uncovered in Google Cloud Build by good actors

  • ????️ CISA & NSA release guidance to protect 5G network ‘slicing’ from threats ☠️

To be Conti-nued ????

???? Hive Cybercriminal Group Disrupted

In January, law enforcement took down the Hive cybercriminal group, known for its ransomware-as-a-service (RaaS) operations.

Hive was linked to the Conti ransomware group and had affiliations with other former Conti operators, including Royal, Black Basta, and Quantum.

???? Global RaaS Affiliates and Victims

RaaS affiliates span the globe, using diverse tactics and techniques. Hive's modus operandi involved providing a ransomware encryptor on the dark web, offering services to affiliates, and allowing users to purchase licences to configure ransomware payloads for extortion.

???? Cryptocurrency in Ransomware Payments

Like other ransomware groups, Hive relied on cryptocurrency for ransom payments. The anonymous and borderless nature of cryptocurrencies, particularly Bitcoin (BTC), made them an ideal choice for quick and discreet fund transfers.

Ransomware operators can adjust the demanded amount based on the token's current price to account for its volatility.

????️ Top Tips:

To protect against RaaS attacks, it's crucial to stay vigilant and implement robust cybersecurity measures.

Regularly update software, maintain backups of critical data, and educate employees about phishing and other attack vectors.

By understanding RaaS trends and the role of cryptocurrencies, we can better defend against such threats and ensure the security of our digital assets. Stay informed and be prepared! ????????

I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.

The group is very active and everyone in this private discord group is very chatty and helpful.

Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.

If you are interested in joining the group you can through the link below.

A bad Google Cloud Builder blames Bad.Build ????

???? Security Alert: Google Cloud Vulnerability ????

???? Cybersecurity researchers have discovered a privilege escalation flaw in Google Cloud, posing a potential threat to application images and users. The vulnerability, called Bad.Build, was found in the Google Cloud Build service by cloud security firm Orca.

FYI, Cloud Build is a service that executes your builds on Google Cloud. Cloud Build can import source code from a variety of repositories or cloud storage spaces, execute a build to your specifications, and produce artefacts such as Docker containers or Java archives.

Or, in other words, it’s a tool for developers to build and test their code. Simples.

???? Attackers can exploit the flaw to impersonate the default Cloud Build service, giving them the power to manipulate images in the Google Artifact Registry and inject malicious code.

This could lead to supply chain attacks, affecting applications built from the compromised images. If these corrupted applications are deployed in customers' environments, it becomes a significant supply chain risk.

???? Google has issued a partial fix after responsible disclosure. However, the privilege escalation vector remains, classified as low-severity. No further customer action is currently required.

???? The flaw arises from Cloud Build's automatic creation of a default service account with excessive permissions, including access to audit logs containing all project permissions. This valuable information aids attackers in lateral movement and privilege escalation.

????️ Top Tips:

To safeguard against potential risks, users of Google Cloud should be vigilant.

Regularly monitor for updates and patches from Google and follow best security practices to prevent unauthorised access and potential supply chain attacks.

???????? Stay secure and keep your cloud environments protected!

????️ Extra, Extra! Read all about it ????️

Each week, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ???? Millionaire Habits: Learn how to steal the simple habits of millionaire in 3 minutes or less straight from your inbox

  • ???? Bot Eat Brain: Teaches how to harness the awesome power of AI whilst avoiding common pitfalls.

  • ???? Stand the f*ck out: Anxious about AI, wary customers, and rising competition? This on-trend newsletter could be just the ticket.

Let us know what you think!


???????? U.S. cybersecurity and intelligence agencies have issued recommendations to bolster security for 5G standalone network slicing, protecting against potential threats ????????

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) stressed that 5G's dynamic threat landscape necessitates advanced monitoring and analytical capabilities to meet network slicing service requirements over time.

5G, the latest cellular network technology, boasts faster data speeds and lower latency. Network slicing, an architectural model, allows providers to create virtual networks catering to diverse clients and use cases.

This advisory builds upon December 2022 guidance, cautioning that network slicing exposes users to various threat vectors like denial-of-service attacks, jamming, identity theft, and adversary-in-the-middle attacks, impacting network service integrity, confidentiality, and availability.

In a report by Enea AdaptiveMobile Security in March 2021, concerns about brute-force attacks gaining unauthorised access to slices and orchestrating denial-of-service attacks against other network functions were highlighted. ⚠️????

Stay informed, stay secure! ????️???? And, above all, enjoy your weekend cyber-squad! ????????????

So long and thanks for reading all the phish!

Cyber Dawgs top picks from the week, he's your Dawg, he got you.

MONDAY: AI Phishing attacks, what to watch for

TUESDAY: Using MS Word, check this out

WEDNESDAY: Mobile devices targeted by spyware

THURSDAY: Android users targeted with malware

footer graphic cyber security newsletter

Recent articles