Sep 15 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that wonders whether hackers know that the house always wins. Somebodyโs fixing to get their hand smashed with a hammer ๐๐๐
Itโs Friday, folks, which can only mean one thingโฆ Itโs time for our weekly segment!!!
It goes by many names. Patch of the Week, Tweak of the week. Okay, thatโs it.
Congrats, the cybercriminals are no matchโฆ for your patch! ๐ฉน๐ฉน๐ฉน
Check out these freshly hatched patches!! ๐ฃ๐ฃ๐ฃ
Among the vulnerabilities, 5 are Critical, 55 are Important, and 1 is Moderate in severity. Notably, the update includes a fix for CVE-2023-4863, a critical heap buffer overflow flaw in the WebP image format in the Chromium-based Edge browser.
๐พ The two actively exploited Microsoft vulnerabilities are:
CVE-2023-36761 (CVSS 6.2) – Microsoft Word Information Disclosure Vulnerability.
CVE-2023-36802 (CVSS 7.8) – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability.
๐ข Google has issued out-of-band security patches for a critical flaw in Chrome (CVE-2023-4863) exploited in the wild, the fourth zero-day addressed this year.
๐ฆ Mozilla released updates to fix a critical zero-day vulnerability (CVE-2023-4863) in Firefox and Thunderbird also exploited in the wild. Apple patched two actively exploited security holes.
Now, on to todayโs hottest cybersecurity stories:
๐จโ๐ป Hackers try their luck in Vegas. MGM cyberattack standoff hits day 5 ๐
๐ฅ๏ธ Microsoft: phishermen are out in force and their eyeing up corporate Teams ๐ญ
๐ Chastity cages are vulnerable to hackers. If you donโt know, donโt google ๐ฌ
MGM Resorts, known for its Las Vegas Strip properties like Bellagio and Aria, faces a prolonged outage following a cyberattack. ๐จ๐ป Guests report ATM and slot machine issues, digital key card problems, and disrupted electronic payments. The outage, now in its fourth day, has forced staff to use pen and paper and left TVs and phones inoperable in hotel rooms.
๐ฆ Cyberattack Origin ๐ต๏ธโโ๏ธ
Scattered Spider, a hacking group linked to the ALPHV ransomware gang, claims responsibility for the MGM breach. The same group reportedly targeted Caesars Entertainment, leading to a $30 million ransom payment to prevent stolen data disclosure. Caesars confirmed the breach and the theft of sensitive customer data.
๐คฏ Unusual Culprits ๐ฎ
Scattered Spider, characterised by a high number of minors in its ranks, employs social engineering tactics, like exploiting LinkedIn and contacting help desks to gain access. Experts emphasise that these are Western hackers, recruiting minors due to lenient legal consequences.
๐ต๏ธโโ๏ธ Investigation Ongoing ๐ต๏ธโโ๏ธ
While the FBI investigates both incidents, authorities advise against ransom payments.
Stay safe, and don't fall prey to cyber threats! ๐ก๐ก๏ธ
I came across ZZZ money club during the crypto market bull run when everyoneโs a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.
The group is very active and everyone in this private discord group is very chatty and helpful.
Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.
If you are interested in joining the group you can through the link below.
Microsoft has issued a warning regarding a new phishing campaign conducted by an initial access broker, using Teams messages as bait to infiltrate corporate networks. The campaign is tracked as Storm-0324 (also known as TA543 and Sagrid).
๐ How It Works ๐
Starting from July 2023, Storm-0324 has been observed distributing payloads through Microsoft Teams chats using open-source tools, marking a shift away from email-based initial infections. Storm-0324 serves as a payload distributor, enabling the spread of various malicious payloads, including downloaders, banking trojans, ransomware, and more.
๐ฆ Evading Detection ๐ต๏ธโโ๏ธ
This campaign employs evasive techniques, including traffic distribution systems like BlackTDS and Keitaro to redirect victims to malicious download sites while evading detection by certain security solutions.
๐ผ Phishing Tactics ๐ค
The attackers have updated their tactics as of July 2023, sending phishing lures via Teams with malicious links leading to SharePoint-hosted ZIP files. They use an open-source tool called TeamsPhisher to exploit vulnerabilities, similar to tactics used by APT29 (aka Midnight Blizzard) in May 2023.
๐ Microsoft's Response โ
Microsoft has enhanced security measures to block this threat, suspending accounts and tenants linked to fraudulent activity. The goal is to prevent more dangerous follow-on attacks, like ransomware.
๐ Ransomware Landscape ๐ป
Ransomware attacks are on the rise in 2023. The U.K. National Cyber Security Centre (NCSC) and National Crime Agency (NCA) highlight the importance of cyber hygiene, as most attacks result from opportunistic initial access.
Stay vigilant and practise good cyber hygiene to protect against evolving threats! ๐ก๏ธ๐ง
๐๏ธ Extra, Extra! Read all about it! ๐๏ธ
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
โ๏ธ ViaTravelers: Get exclusive travel tips, news, and insider deals right in your inbox.
๐ย Leadership in Tech: A weekly newsletter for CTOs, engineering managers and senior engineers to become better leaders.
๐ง ย Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.
Let us know what you think!
A rather intimate tech mishap unfolded recently, involving a company that manufactures a chastity device (like a cage sort of thing) for people with penises (men). ๐๐ป
This device, which can be controlled remotely over the internet by a partner (or mistress), inadvertently exposed users' sensitive information, including email addresses, plain-text passwords, home addresses, and even GPS coordinates! ๐ก๐๐๐๐
๐ The Security Researcher's Discovery ๐
An anonymous security researcher uncovered this data breach, gaining access to records of over 10,000 users through two vulnerabilities. He alerted the company in June 2023, urging them to fix these issues and protect user data. However, the company has yet to address the problems and ignored TechCrunch's requests for comment.
๐ต๏ธโโ๏ธ Easy to Exploit ๐ฌ
The researcher expressed concerns about the ease with which these vulnerabilities could be exploited and the company's apparent irresponsibility. He defaced the company's website on August 23 to warn them and users about the risks. Sadly (or hilariously), the flaws remain unresolved.
Welcome to 2023, folks ๐ Have a good weekend and see you on Monday ๐
So long and thanks for reading all the phish!