Sep 15 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that wonders whether hackers know that the house always wins. Somebody’s fixing to get their hand smashed with a hammer 😂😂😂
It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!!!
It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.
Congrats, the cybercriminals are no match… for your patch! 🩹🩹🩹
Check out these freshly hatched patches!! 🐣🐣🐣
Among the vulnerabilities, 5 are Critical, 55 are Important, and 1 is Moderate in severity. Notably, the update includes a fix for CVE-2023-4863, a critical heap buffer overflow flaw in the WebP image format in the Chromium-based Edge browser.
👾 The two actively exploited Microsoft vulnerabilities are:
CVE-2023-36761 (CVSS 6.2) – Microsoft Word Information Disclosure Vulnerability.
CVE-2023-36802 (CVSS 7.8) – Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability.
📢 Google has issued out-of-band security patches for a critical flaw in Chrome (CVE-2023-4863) exploited in the wild, the fourth zero-day addressed this year.
🦊 Mozilla released updates to fix a critical zero-day vulnerability (CVE-2023-4863) in Firefox and Thunderbird also exploited in the wild. Apple patched two actively exploited security holes.
Now, on to today’s hottest cybersecurity stories:
👨💻 Hackers try their luck in Vegas. MGM cyberattack standoff hits day 5 👀
🖥️ Microsoft: phishermen are out in force and their eyeing up corporate Teams 🔭
🍆 Chastity cages are vulnerable to hackers. If you don’t know, don’t google 😬
MGM Resorts, known for its Las Vegas Strip properties like Bellagio and Aria, faces a prolonged outage following a cyberattack. 🏨💻 Guests report ATM and slot machine issues, digital key card problems, and disrupted electronic payments. The outage, now in its fourth day, has forced staff to use pen and paper and left TVs and phones inoperable in hotel rooms.
🦠 Cyberattack Origin 🕵️♂️
Scattered Spider, a hacking group linked to the ALPHV ransomware gang, claims responsibility for the MGM breach. The same group reportedly targeted Caesars Entertainment, leading to a $30 million ransom payment to prevent stolen data disclosure. Caesars confirmed the breach and the theft of sensitive customer data.
🤯 Unusual Culprits 🎮
Scattered Spider, characterised by a high number of minors in its ranks, employs social engineering tactics, like exploiting LinkedIn and contacting help desks to gain access. Experts emphasise that these are Western hackers, recruiting minors due to lenient legal consequences.
🕵️♂️ Investigation Ongoing 🕵️♀️
While the FBI investigates both incidents, authorities advise against ransom payments.
Stay safe, and don't fall prey to cyber threats! 💡🛡️
I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.
The group is very active and everyone in this private discord group is very chatty and helpful.
If you are interested in joining the group you can through the link below.
Microsoft has issued a warning regarding a new phishing campaign conducted by an initial access broker, using Teams messages as bait to infiltrate corporate networks. The campaign is tracked as Storm-0324 (also known as TA543 and Sagrid).
🔍 How It Works 📆
Starting from July 2023, Storm-0324 has been observed distributing payloads through Microsoft Teams chats using open-source tools, marking a shift away from email-based initial infections. Storm-0324 serves as a payload distributor, enabling the spread of various malicious payloads, including downloaders, banking trojans, ransomware, and more.
🦠 Evading Detection 🕵️♂️
This campaign employs evasive techniques, including traffic distribution systems like BlackTDS and Keitaro to redirect victims to malicious download sites while evading detection by certain security solutions.
💼 Phishing Tactics 📤
The attackers have updated their tactics as of July 2023, sending phishing lures via Teams with malicious links leading to SharePoint-hosted ZIP files. They use an open-source tool called TeamsPhisher to exploit vulnerabilities, similar to tactics used by APT29 (aka Midnight Blizzard) in May 2023.
🔒 Microsoft's Response ✋
Microsoft has enhanced security measures to block this threat, suspending accounts and tenants linked to fraudulent activity. The goal is to prevent more dangerous follow-on attacks, like ransomware.
🌐 Ransomware Landscape 💻
Ransomware attacks are on the rise in 2023. The U.K. National Cyber Security Centre (NCSC) and National Crime Agency (NCA) highlight the importance of cyber hygiene, as most attacks result from opportunistic initial access.
Stay vigilant and practise good cyber hygiene to protect against evolving threats! 🛡️📧
🗞️ Extra, Extra! Read all about it! 🗞️
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
✈️ ViaTravelers: Get exclusive travel tips, news, and insider deals right in your inbox.
🌐 Leadership in Tech: A weekly newsletter for CTOs, engineering managers and senior engineers to become better leaders.
🧠 Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.
Let us know what you think!
A rather intimate tech mishap unfolded recently, involving a company that manufactures a chastity device (like a cage sort of thing) for people with penises (men). 🍆💻
This device, which can be controlled remotely over the internet by a partner (or mistress), inadvertently exposed users' sensitive information, including email addresses, plain-text passwords, home addresses, and even GPS coordinates! 🏡🌍🙈🙈🙈
🔍 The Security Researcher's Discovery 🔐
An anonymous security researcher uncovered this data breach, gaining access to records of over 10,000 users through two vulnerabilities. He alerted the company in June 2023, urging them to fix these issues and protect user data. However, the company has yet to address the problems and ignored TechCrunch's requests for comment.
🕵️♂️ Easy to Exploit 😬
The researcher expressed concerns about the ease with which these vulnerabilities could be exploited and the company's apparent irresponsibility. He defaced the company's website on August 23 to warn them and users about the risks. Sadly (or hilariously), the flaws remain unresolved.
Welcome to 2023, folks 🙃 Have a good weekend and see you on Monday 👍
So long and thanks for reading all the phish!