Multiple High-Severity Vulnerabilities Uncovered in ConnectedIO’s ER2000

Oct 10 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that shuts the door on cyber crime, same as Netflix has just done with its DVD rental business #endofanera πŸ“€πŸ’€

Today’s hottest cybersecurity news stories:

  • ⚑ Danger, danger, high voltage: Flaws in ConnectedIO’s 3G/4G routers via IoT πŸ”Œ

  • 😈 Introducing EvilProxy: Phishing Kit targets senior executives in U.S. firms 🎣

  • πŸ’£ Israeli attacked on every front: Gaza cybercriminals target energy sector πŸ‘¨β€πŸ’»

Connected IO, I’m tired of using technology πŸŽΆπŸ™ˆπŸ˜‚

 

giphy.com

 

πŸ”’ Security Alert: Multiple High-Severity Vulnerabilities Uncovered in ConnectedIO’s ER2000 Edge Routers and Cloud Platform! ⚠️

Hey there, cyber squad! 😱 We’ve got some alarming news to share about potential security risks 🚨. Multiple high-severity vulnerabilities have been discovered in ConnectedIO’s ER2000 edge routers and their cloud-based management platform, posing serious threats 🌐.

πŸ’₯ What’s the issue?

These vulnerabilities could allow malicious actors to execute malicious code and access sensitive data 😨. Bad actors could fully compromise the cloud infrastructure, remotely execute code, and leak customer and device information πŸ•΅οΈβ€β™‚οΈ. This affects 3G/4G routers, potentially exposing internal networks to severe threats 🌐.

πŸ› οΈ How does it work?

Attackers could exploit these flaws to remotely control, intercept traffic, and infiltrate Extended Internet of Things (XIoT) devices πŸ“Ά. The vulnerabilities affect ConnectedIO platform versions v2.1.0 and earlier, including the 4G ER2000 edge router and cloud services.

πŸ”‘ MQTT Protocol Issues

Issues in the MQTT communication protocol include hard-coded authentication credentials, enabling rogue device registration and access to sensitive data πŸ€–. Attackers can impersonate devices and execute arbitrary commands through crafted MQTT messages πŸ’¬.

πŸ“Š CVE Identifiers:

  • Β CVE-2023-33375: Stack-based buffer overflow vulnerability

  • CVE-2023-33376: Argument injection vulnerability in ip tables command

  • CVE-2023-33377: OS command injection vulnerability in set firewall command

  • CVE-2023-33378: Argument injection vulnerability in AT command message

❗ Serious Consequences

These vulnerabilities could disrupt businesses, production, and internal networks of companies worldwide 🌍.

🌐 Wider Implications

ConnectedIO isn’t the only one facing security issues. Synology, Western Digital, and Baker Hughes’ Bently Nevada 3500 rack model have also reported vulnerabilities that could pose significant threats πŸ™…β€β™‚οΈ.

Stay vigilant, update your systems, and ensure your digital fortress remains secure! πŸ”

 

Clean your Mac or PC

 

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That’s where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it’s the perfect solution for keeping your Mac or PC safe and secure.

The only thing necessary for EvilProxy to prevail is for good servers to do nothing πŸ—Ώ

 

giphy.com

 

🎣 Phishing Alert: New Campaign Targets U.S. Executives with EvilProxy Toolkit! πŸ‘₯

Beware, folks! A fresh phishing campaign is on the rise, specifically targeting senior executives in U.S. organisations πŸ‡ΊπŸ‡Έ. This sneaky operation is using the EvilProxy toolkit to snatch credentials and take over accounts 😱.

πŸ“… When did it start?

This wave of cyberattacks began in July 2023 and is mainly hitting sectors like banking, finance, insurance, real estate, and manufacturing 🏦🏒.

🎯 The Trick

The bad actors exploit a vulnerability on ‘indeed.com,’ redirecting victims to fake Microsoft pages to steal their info. Sneaky, right? 😈

πŸ”§ What’s EvilProxy?

EvilProxy is a crafty reverse proxy that stands between you and a legit login page, intercepting credentials, 2FA codes, and session cookies. It’s a hacker’s dream tool for hijacking accounts πŸ•΅οΈβ€β™‚οΈ.

πŸ’Ό Who Are the Culprits?

Microsoft calls these cybercriminals Storm-0835, with hundreds of customers paying monthly fees ranging from $200 to $1,000 for their phishing services 🌩️.

πŸ“§ How the Attack Works

Victims receive phishing emails with tricky links leading to Indeed, which then redirects them to EvilProxy pages to steal their login details. This happens thanks to an open redirect flaw 😨.

πŸ” In-Depth Look

The subdomain ‘t.indeed.com’ is manipulated to redirect users to a target site. In an attack, victims end up on a phishing page instead of the intended destination πŸͺ™.

πŸ“’ Stay Alert!

Hackers are getting craftier, even using Dropbox to create fake login pages that redirect to bogus sites for Microsoft credential theft. It’s a tough battle, but we need to stay vigilant! πŸ‘€

πŸ”’ Protect Yourself

Always double-check URLs, enable two-factor authentication, and be cautious with emails and attachments. Stay safe out there! πŸ’ͺ

🎣 Catch of the Day!! 🌊🐟🦞

πŸƒΒ The Motley Fool: β€œFool me once, shame on β€” shame on you. Fool me β€” you can’t get fooled again.” Good ol’ George Dubya πŸ˜‚ Let us tell who’s not fooling around though; that’s the CrΓΌe πŸ‘€ at Motley Fool. You’d be a fool (alright, enough already! πŸ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! πŸ› Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets πŸ€‘Β (LINK)


🚡 Wander: Find your happy place. Cue Happy Gilmore flashback πŸŒοΈβ›³πŸŒˆπŸ•ŠοΈ Mmmm Happy Place… πŸ˜‡ So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)


🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts βšΎπŸ‘»πŸΏ (Great movie, to be fair πŸ™ˆ). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty πŸ˜‘). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho πŸ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

Gaza scores again ⚽😭

 

giphy.com

 

🌐 Cyber Threat Alert: Gaza-Based Group Targets Israeli Organisations! ⚠️

Heads up, cybersecurity warriors! A Gaza-based threat actor known as Storm-1133 has been linked to a series of cyber attacks targeting Israeli energy, defence, and telecom sectors. Microsoft recently uncovered these malicious activities πŸ•΅οΈβ€β™‚οΈ.

🀝 Group Affiliation

Storm-1133 is believed to further the interests of Hamas, a militant group in Gaza. They primarily target organisations seen as hostile to Hamas, including Israeli energy and defence sectors, as well as Fatah-affiliated entities in the West Bank 🏒.

πŸ“§ Attack Method

This group uses a mix of social engineering and LinkedIn fake profiles posing as Israeli HR managers and developers. They send phishing messages, gather information, and deliver malware to employees in Israeli organisations. Sneaky, right? 😈

πŸ’Ό Third-Party Infiltration

Storm-1133 also tries to infiltrate third-party organisations with ties to Israeli targets. They deploy backdoors and use Google Drive to update their command-and-control infrastructure, keeping them a step ahead of defences πŸ›‘οΈ.

βš”οΈ Escalation in Conflict

These cyberattacks coincide with heightened tensions in the Israeli-Palestinian conflict. Hacktivist groups like Ghosts of Palestine are targeting government websites and IT systems in Israel, the U.S., and India. About 70 such incidents have been reported, primarily targeting U.S.-aligned nations 🌍.

🌐 Shifting Threat Landscape

Nation-state threats have evolved towards espionage campaigns, with the U.S., Ukraine, Israel, and South Korea among the most targeted nations. Iranian and North Korean actors are becoming more sophisticated, closing the gap with Russia and China 🌐.

πŸ” Stay Vigilant

As cyber threats evolve, it’s crucial to stay vigilant. Use strong security measures, watch out for phishing, and keep your systems updated to stay one step ahead of the cyber game! πŸ’ͺ

πŸ—žοΈ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • πŸ’ŠΒ HealthHack:Β Tech is making it easier than ever to reach your fitness goals, from wearable devices to nutrition apps, this newsletter does the research for you, get all the latest health tech gadgets delivered to your inbox.

  • β‚Ώ Crypto Nutshell: A well written and beautifully designed newsletter giving you the lowdown on crypto and web3, highly recommend if interested to get up to date info on the crypto/web3 market.

  • 🧠 Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles