Apr 08 2024
Welcome to Gone Phishing, your daily cybersecurity newsletter that wonders whether #WWIII will be a cyber one? And will the revolution be televised? Or live streamed? π #DeathtoAmerica is trending π¬π¬π¬
Β Todayβs hottest cybersecurity news stories:
π Magneto (now Adobe) bug is being exploited, payment data stolen π³
βοΈ Winter is comingβ¦ Cybersecurity firms raised $2.3B in Q1 of 2024
πͺ Saudi Arabian financial firms bitten by Solar Spiderβs JSOutProx RAT π·οΈ
Heads up, online sellers! A critical flaw in Magento has been targeted by cyber attackers, posing a serious threat to e-commerce websites. Β
The Vulnerability πͺ
Known as CVE-2024-20720 (CVSS score: 9.1), this vulnerability allows attackers to inject a persistent backdoor into Magento sites, potentially leading to arbitrary code execution.
Adobe addressed this issue in security updates released on February 13, 2024.
How It Works π οΈ
Sansec discovered attackers using a sneaky database layout template to automatically insert malicious code. By combining the Magento layout parser with default packages, they execute system commands. This code injection occurs when specific web pages, like the checkout cart, are accessed.
The Consequences βοΈ
The injected code sets up a backdoor for deploying a Stripe payment skimmer, stealing sensitive financial data. π¨
In Other News π°
The Russian government has charged six individuals for using similar skimmer malware to steal credit card info from foreign e-commerce sites since 2017. This highlights the ongoing threat of cybercrime in the e-commerce world. ππ³
Stay vigilant and update your Magento platform to stay protected against such threats! πβ
Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.
Exciting news from the cybersecurity world! π» According to Pinpoint Search Group's Cyber Security Vendor Funding Report for Q1 2024, cybersecurity companies collectively raised an impressive $2.3 billion in funding. π
Key Findings π
Pinpoint tracked 77 funding rounds, similar to Q1 2023.
Despite the number of rounds remaining constant, the total investment decreased by 20% compared to Q1 2023.
March saw a record-breaking $1.4 billion raised across 42 funding rounds, the highest monthly total since February 2023.
Breakdown by Funding Rounds πΈ
Seed rounds led the pack with 32 rounds, followed by Series A (18) and Series B (9).
Growth funding amounted to $682 million, with Series E ($410 million), Series A ($375 million), and Series B ($320 million) also significant.
Industry Insight π
Pinpoint noted a positive trend in late-stage rounds (Series C and higher) compared to 2023, indicating potential stability and growth in the cybersecurity sector.
Expert Opinion π€
Mark Sasson from Pinpoint Search Group highlighted the challenges of 2023 but emphasised positive signs, especially in later funding rounds. Notable investments include Silverfort, Extrahop, Bugcrowd, Coro, Axonius, Nozomi, and Claroty.
Despite fluctuations, the cybersecurity industry remains resilient and poised for continued innovation and development. π‘οΈπ°
πΒ The Motley Fool: βFool me once, shame on β shame on you. Fool me β you can't get fooled again.β Good olβ George Dubya π Let us tell whoβs not fooling around though; thatβs the CrΓΌe π at Motley Fool. Youβd be a fool (alright, enough already! π) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! π Kidding aside, if you check out their website theyβve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets π€Β (LINK)
π΅Β Wander: Find your happy place. Cue Happy Gilmore flashback ποΈβ³πποΈ Mmmm Happy Placeβ¦ π So, weβve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itβs easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ποΈπΒ (LINK)
πΒ Digital Ocean: If you build it they will come. Nope, weβre not talking about a baseball field for ghosts βΎπ»πΏ (Great movie, to be fair π). This is the Digital Ocean whoβve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youβll find yourself catching the buzz even if you canβt code (guilty π). But if you can and youβre looking for somewhere to test things out or launch something new or simply enhance what youβve got, weβd recommend checking out their services foβ sho π And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! πΏΒ (LINK)
Heads up, cyber defenders! A sophisticated threat group has unleashed an updated version of the JSOutProx JavaScript remote access Trojan (RAT), targeting organisations in the Middle East. π±
What You Need to Know β οΈ
Cybersecurity firm Resecurity uncovered this new wave of attacks, revealing the malware's complex capabilities.
The attackers tailor the malware's functions to each victim's environment, making it highly adaptable and dangerous.
Insight from Experts π€
Gene Yoo, CEO of Resecurity, describes JSOutProx as a multi-stage implant with multiple plug-ins. It infiltrates systems, gathering data and carrying out malicious actions based on the victim's profile.
Identifying the Culprits π΅οΈ
The cybercriminal group behind JSOutProx, dubbed Solar Spider, is believed to have ties to China. Their targets span across India, the Asia-Pacific, Africa, and the Middle East.
Modus Operandi π οΈ
JSOutProx poses as innocuous PDF files containing financial documents. Once opened, it executes JavaScript, initiating a two-stage attack process. The malware downloads additional plug-ins from legitimate platforms like GitHub or GitLab to evade detection.
Protecting Against JSOutProx π‘οΈ
Educate employees on handling suspicious emails or files.
Β Implement robust defence-in-depth strategies, including patching, network segmentation, and vulnerability management.
Financial institutions, in particular, are at risk of data theft and other malicious activities orchestrated by JSOutProx. Vigilance and proactive security measures are crucial to thwarting these threats. πͺπ
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
π‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday π
π΅Β Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for π
πΒ Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πΎ
Let us know what you think!
So long and thanks for reading all the phish!