Nov 08 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that wishes cyberattacks only happened โNow and thenโ ๐ #NewBeatles ๐๐ธ๐๏ธ
Todayโs hottest cybersecurity news stories:
๐ช Watch out! โJupyterโ malware ups its game stealthy infostealer ๐ค๐
๐๐ฒ N. Korea criminals โBlueNoroffโ blamed for macOS hack-attack ๐จโ๐ป
๐ Ransomware attackers leak 5 Canadian hospitalsโ patientsโ data ๐ฅ
The Jupyter Infostealer, also known as Polazert, SolarMarker, and Yellow Cockatoo, is back with sneaky "simple yet impactful changes." ๐ป Researchers from VMware Carbon Black uncovered this dangerous malware's latest tactics.
๐ Initial Access: Jupyter tricks users with manipulated SEO tactics and malvertising to download it from dubious websites. ๐
๐ What Does It Do?
Harvests Credentials ๐ค
Establishes Encrypted Command-and-Control Communication ๐
Executes Arbitrary Commands โ๏ธ
๐ Latest Updates:
The malware now uses certificates to make itself appear legitimate, but it's a disguise! Fake installers launch the infection chain, connecting to a remote server using PowerShell. ๐ฑ
๐ Evolving Threats:
Other malware, like Lumma Stealer and Mystic Stealer, have been updated to include loaders for more devious attacks, including ransomware. ๐
๐ Constant Evolution:
Jupyter Infostealer has updated its network communication and gained popularity among cybercriminals. It now distributes other malware like RedLine, DarkGate, and GCleaner using its loader functionality. ๐
๐พ More Malware:
Keep an eye out for Akira Stealer and Millenium RAT, equipped with various features for data theft. The world of cyber threats is constantly changing! ๐
๐ค Proxy Botnet Alert:
PrivateLoader and Amadey malware have infected thousands of devices with a proxy botnet called Socks5Systemz. ๐งฆ This botnet turns infected machines into proxies for anonymity. ๐ฐ
๐ Where Are the Threat Actors?
The actors behind these attacks may be of Russian origin, given the lack of infections in the country. ๐ปโโ๏ธ
Stay safe online! ๐ช Update your security tools and stay vigilant. ๐ก
Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.
That's where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:
Remove junk files and malware to free up space and improve performance
Protect your privacy by erasing sensitive data
Optimize your startup settings to speed up boot times
Manage your extensions and apps to keep your Mac or PC running smoothly
Since 2008 MacPaw is trusted by over 30 million users worldwide, and it's the perfect solution for keeping your Mac or PC safe and secure.
The notorious BlueNoroff, also known as APT38 and more, linked to North Korea, is behind a new macOS malware named ObjCShellz.
๐ง What You Need to Know:
Part of the RustBucket malware campaign ๐ผ
Likely delivered via social engineering ๐คฏ
Used in multi-stage attacks ๐ฅ
๐ต๏ธโโ๏ธ How It Works:
ObjCShellz, written in Objective-C, is a remote shell for executing commands from an attacker's server. ๐
๐ฏ Potential Targets:
It's suspected that this malware targets companies in the cryptocurrency industry or those closely related. โฟ
๐ Cyber Threats Evolve:
North Korea-sponsored groups like Lazarus, to which BlueNoroff is linked, are constantly evolving and sharing tactics and tools. ๐
๐ซ Stay Vigilant:
While it's a simple malware, it's highly functional. Keep your cybersecurity tools updated! ๐ช
Watch out for more macOS malware campaigns as these threat actors adapt and expand their reach. ๐ย ๐ซ๐ฆ
๐ย The Motley Fool: โFool me once, shame on โ shame on you. Fool me โ you can't get fooled again.โ Good olโ George Dubya ๐ Let us tell whoโs not fooling around though; thatโs the Crรผe ๐ at Motley Fool. Youโd be a fool (alright, enough already! ๐) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! ๐ Kidding aside, if you check out their website theyโve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets ๐คย (LINK)
๐ตย Wander: Find your happy place. Cue Happy Gilmore flashback ๐๏ธโณ๐๐๏ธ Mmmm Happy Placeโฆ ๐ So, weโve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itโs easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ๐๏ธ๐ย (LINK)
๐ย Digital Ocean: If you build it they will come. Nope, weโre not talking about a baseball field for ghosts โพ๐ป๐ฟ (Great movie, to be fair ๐). This is the Digital Ocean whoโve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youโll find yourself catching the buzz even if you canโt code (guilty ๐). But if you can and youโre looking for somewhere to test things out or launch something new or simply enhance what youโve got, weโd recommend checking out their services foโ sho ๐ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! ๐ฟย (LINK)
๐ฑ In a major security breach, patient and employee data from five Canadian hospitals have been stolen and leaked online due to a ransomware attack.
๐จ Hospitals Impacted:
Bluewater Health
Chatham-Kent Health Alliance
Erie Shores HealthCare
Hรดtel-Dieu Grace Healthcare
Windsor Regional Hospital
Plus, service provider TransForm Shared Service Organization
๐ Shared Drive Compromised:
A shared drive was breached as part of this incident, leading to the exposure of sensitive information.
๐ฅ Data Stolen:
Bluewater Health suffered the most significant impact, with approximately 5.6 million patient visits and some employee data stolen.
Chatham-Kent Health Alliance had employee information compromised, including names, addresses, social insurance numbers, and more.
Erie Shores HealthCare patients' information and employee social insurance numbers were also stolen.
Limited patient and employee data was accessed for Windsor Regional Hospital and Hรดtel-Dieu Grace Healthcare.
๐ No Banking Info Compromised: Fortunately, no banking information was stolen in the attack.
๐ Ongoing Investigation:
All hospitals are actively working to identify affected individuals and the extent of employee data compromised. The Ontario Information and Privacy Commissioner has been notified.
๐ฆ Ransomware Gang Claims Responsibility:
While the threat actor remains unnamed, the Daixin ransomware gang has claimed responsibility and posted allegedly stolen data online, including thousands of personally identifiable and protected health information records.
๐ Cybersecurity Warning:
Last year, the US cybersecurity agency CISA and the FBI warned about the risks associated with the Daixin ransomware.
Stay vigilant! ๐ซ๐ป๐ก๏ธ Itโs unclear at this juncture whether any or all of the affected hospitals straight up refused to pay the hackerโs ransom or never even had the chanceโฆ Goes to show, you canโt negotiate with cyber-terrorists โ ๏ธโ ๏ธโ ๏ธ
Reminds us of the old scorpion and the frog fable ๐ฆ๐ธ Screwing people over is in these hackersโ very nature even if it means they wind up losing out.
Anyway, on that bombshell: till next time homies โ๏ธ
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.
Libby Copa:ย The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.
Techspresso:ย Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)
Let us know what you think!
So long and thanks for reading all the phish!