NoaBot targets SSH servers for crypto-mining

Jan 11 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s knows more about cybersecurity than Joe Biden’s forgotten 🙃

 Today’s hottest cybersecurity news stories:

  • 🤖 NoaBot targets SSH servers for crypto-mining ⛏️

  • 🔌 AI plugin flaw exposes 50k WordPress sites to RATs 🐀

  • 🏛️ FTC bans data broker from selling Americans’ location data 📍 

What are they crypto mining for? Noa’s Ark 😏

🚨 New Bot Steals Your Computer Power for Crypto 🚨

NoaBot, a sneaky bot based on the infamous Mirai, is hijacking computers to mine cryptocurrency! ⛏️ This means it uses your processing power to make money for someone else, slowing down your computer and wasting electricity.

Here's the lowdown 📝

  • Spreads like a virus: NoaBot scans for vulnerable computers and forces its way in, then spreads to other victims. ️

  • Hides from antivirus: This sneaky bot uses tricks to avoid detection, making it harder to stop.️

  • Mines secretly: NoaBot instals a hidden program that mines cryptocurrency, draining your resources for the attacker's profit.

  • Targets everyone: From homes to businesses, NoaBot is targeting computers worldwide.

How to stay safe 🏰

  • Lock down your SSH: Don't allow anyone to access your computer remotely unless you absolutely need to.

  • Strong passwords: Use unique, complex passwords for all your accounts. No more "123456"!

  • Keep software updated: Regularly update your operating system and other software to patch vulnerabilities. ️

  • Spread the word! Share this warning with your friends and family to help everyone stay safe from NoaBot and other crypto-mining threats.

Stay vigilant and stay secure! 🛡️

Shift Left: How to Turn Security into Review 

In the competitive landscape of software business, optimizing processes and leveraging efficiencies can make a significant difference in building a strong pipeline and closing revenue faster.

Read the free ebook from Vanta to learn how to:

  • Apply the DevOps principles of “shifting left” to position security as a differentiator — instead of a hurdle

  • Center security in your sales conversations at every stage to proactively remove roadblocks to revenue

  • Invest in your security story by making it easy for buyers to access security-related information

Vanta helps SaaS businesses of all sizes manage risk and prove security in real time. Download the guide to get started.

Time to unplug? 🔌🙈💀

🚨 AI Engine Alert! Update Now to Fix Security Flaw 🚨

Have you heard about the big security issue with the AI Engine plugin? Over 50,000 sites with the free version are at risk (yikes!), and hackers could take control if you don't update.

What's the problem? 👀

A sneaky bug lets anyone upload anything they want to your site, even bad stuff like malware . This could give hackers complete control and steal your data or mess up your site .Don't worry, there's a fix!

The AI Engine team rolled out an update (yay!) in version 1.9.99 that patches the bug. So, just update your plugin, and you're good to go!

Here's how to stay safe 🏰

  • Update to version 1.9.99 ASAP! Seriously, don't wait (time is precious ⏳).

  • Backup your site just in case. Better safe than sorry! ️

  • Keep an eye on WordPress security news. Stay informed to avoid future trouble .

  • Spread the word! Share this with your WordPress buddies so they can protect their sites too.

Remember, together we're stronger!

P.S. Check out these other helpful tips for keeping your WordPress site safe:

  • Use strong passwords and keep them secret

  • Update your software regularly (not just AI Engine!) ️

  • Be careful about what plugins you install ️‍

Let's keep our WordPress sites safe and sound! 🛡️

🎣 Catch of the Day!! 🌊🐟🦞

🃏 The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya 😂 Let us tell who’s not fooling around though; that’s the Crüe 👀 at Motley Fool. You’d be a fool (alright, enough already! 🙈) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! 🐛 Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets 🤑 (LINK)


🚵 Wander: Find your happy place. Cue Happy Gilmore flashback 🏌️⛳🌈🕊️ Mmmm Happy Place… 😇 So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)


🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts 👻🍿 (Great movie, to be fair 🙈). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty 😑). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho 😉 And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

FTC FTW! 🎉🎉🎉

🚨 Win for Privacy! FTC Bans Data Broker from Selling Location Data 🚨

Imagine someone knowing not just where you live, but where you go to the doctor, the church you attend, or even the bars you frequent. That's exactly what data broker Outlogic was doing by selling Americans' raw location data. The cheek of it!

But today, the U.S. Federal Trade Commission (FTC) stepped in and said enough is enough! They banned Outlogic from selling this sensitive data and ordered them to delete everything they've already collected.

What is this a big deal?

  • Our location data reveals a lot about our private lives, including our health, beliefs, and even political views. ⛪️️

  • Outlogic didn't always get people's consent to sell their data, and even when they did, they often failed to respect opt-out requests.

  • This kind of unchecked data tracking can be used for everything from targeted advertising to stalking.

What does this mean for you? 🧑

This is a major victory for privacy rights!

It sends a message to other data brokers that they can't just collect and sell our personal information without our permission. ‍

It's a reminder to be careful about what apps you install and what permissions you give them.

Top Tips 🛡️

  • Read app privacy policies carefully before you install them.

  • Only give apps access to the information they absolutely need.

  • Use apps that let you control your location sharing settings.

  • Consider using a VPN to encrypt your internet traffic. ️

Let's celebrate this win for privacy! But remember, the fight for our data isn't over. Stay informed and stay vigilant!

🗞️ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Wealthy Primate: Want to earn over $100k a year in IT or cybersecurity? 20 year veteran 'Wealthy Primate' might be able to help you climb that tree 🐒🌴 with his stick and banana approach 🍌😏

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles