Oct 16 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that take no cyber-prisoners 💀
Today’s hottest cybersecurity news stories:
💲 Binance’s not so smartchain gets exploited by ‘EtherHiding’ 👀
🚦 Signal debunks reports of zero-day vuln, finds no evidence 🤲
📱 Steam adds SMS security check for devs to combat malware 👾
🌐 Threat actors have taken their game to the “next level” by using Binance’s Smart Chain (BSC) contracts, and it’s time to stay informed! This campaign, known as EtherHiding, was discovered by Guardio Labs two months ago.
👾 This sneaky malware campaign started by compromising WordPress sites, tricking visitors into updating their browsers, and then unleashing information-stealing malware like Amadey, Lumma, or RedLine.
💥 But now, they’ve adapted! These cybercriminals are using blockchain, making it decentralised, anonymous, and nearly unstoppable. 😱
🕵️♀️ Security experts Nati Tal and Oleg Zaytsev warn that “this campaign is up and harder than ever to detect and take down.” 😨
🔗 In the latest attacks, malicious code is injected into websites to create a smart contract on the BNB Smart Chain, fetching even more dangerous payloads from a command-and-control (C2) server. Victims are duped into downloading malicious files.
🚫 And here’s the catch: These criminals are using decentralised services, making it challenging to stop them. 😡
👮 So, what can you do to stay safe? Keep your WordPress site secure! Update your plugins, remove unnecessary admin users, and use strong passwords. 💪
🦠 Stay informed, stay safe, and protect your online world! 🌐🛡️🔒
Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.
That’s where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:
Remove junk files and malware to free up space and improve performance
Protect your privacy by erasing sensitive data
Optimize your startup settings to speed up boot times
Manage your extensions and apps to keep your Mac or PC running smoothly
Since 2008 MacPaw is trusted by over 30 million users worldwide, and it’s the perfect solution for keeping your Mac or PC safe and secure.
🚫 Signal, the popular encrypted messaging app, has responded to rumours of a zero-day vulnerability, calling them unfounded.
The company conducted a thorough investigation and found no evidence to support the claim. They also reached out to the U.S. government, which could not validate the alleged flaw.
🔍 Signal is urging anyone with valid information to report it to security@signal[.]org, emphasising the importance of responsible disclosure.
🧐 This comes after reports surfaced over the weekend suggesting a zero-day vulnerability in Signal could potentially grant complete access to a targeted mobile device. As a precaution, users are advised to disable link previews within the app by going to Signal Settings > Chats > Generate link previews.
💰 Meanwhile, the market for zero-day exploits in messaging apps is booming, with prices ranging from $1.7 million to $8 million. These vulnerabilities are highly sought after by nation-state threat actors for remote code execution and surveillance.
🌍 Amnesty International reports spyware attacks against journalists, politicians, and academics in various regions, aiming to deploy the Predator spyware developed by the Intellexa alliance.
👀 Stay vigilant in the world of cybersecurity; threats are evolving fast! 🌐🛡️
🃏 The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can’t get fooled again.” Good ol’ George Dubya 😂 Let us tell who’s not fooling around though; that’s the Crüe 👀 at Motley Fool. You’d be a fool (alright, enough already! 🙈) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! 🐛 Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets 🤑 (LINK)
🚵 Wander: Find your happy place. Cue Happy Gilmore flashback 🏌️⛳🌈🕊️ Mmmm Happy Place… 😇 So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)
🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ⚾👻🍿 (Great movie, to be fair 🙈). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty 😑). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho 😉 And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)
Valve, the force behind the Steam gaming platform, is upping its security game in response to reports of malware-infected game updates.
Last month, some gamers received alarming messages from Steam support, revealing that certain game updates contained malware. Valve claims fewer than 100 people downloaded these infected games.
🕵️♂️ One affected game, “NanoWar: Cells VS Virus,” developer Benoit Fresion, reported a compromise of his Steam developer account due to stolen session cookies from his browser.
📲 Valve’s new security measure is SMS-based, providing game developers with a confirmation code via text message during login attempts to update their apps. This adds an extra layer of verification beyond a username and password.
⚠️ However, experts warn that SMS-based two-factor authentication can be vulnerable to SIM swap attacks. Hackers can trick mobile carriers into switching a phone number to a different SIM card and gain access to verification codes sent via SMS.
💪 While this step is an improvement, stronger security options like app-based TOTP authenticators or hardware keys could offer better protection.
🔐 Steam developers are advised to link their phone numbers to their accounts by October 24, 2023, to enhance security.
🖥️ In addition, safeguard your devices and computers to protect your game development work from malicious threats.
🎮 Stay safe in the gaming world! 🛡️
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
💊 HealthHack: Tech is making it easier than ever to reach your fitness goals, from wearable devices to nutrition apps, this newsletter does the research for you, get all the latest health tech gadgets delivered to your inbox.
₿ Crypto Nutshell: A well written and beautifully designed newsletter giving you the lowdown on crypto and web3, highly recommend if interested to get up to date info on the crypto/web3 market.
🧠 Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.
Let us know what you think!
So long and thanks for reading all the phish!