🚨 North Korea’s “Laptop Farm” in Nashville Exposed! 💻

Aug 16 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s always phishing for compliments 🎣 Feedback welcome! 

Patch of the Week! 🩹

First thing’s first, folks. Our weekly segment goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it… 😳 

Congrats to Windows, the cybercriminals are no match… for your (soon to be released 🙈) patch! 🩹

Check out this freshly hatched patch 🐣

🚨 Microsoft Office Zero-Day Flaw Exposed 🚨

🔓 Unpatched Office Vulnerability Could Leak Sensitive Data 🔓 Microsoft has revealed a critical zero-day vulnerability in Office, tracked as CVE-2024-38200 (CVSS score: 7.5). This spoofing flaw affects multiple Office versions, including Office 2016, Office 2019, Office LTSC 2021, and Microsoft 365 Apps​ (World Economic Forum).

⚠️ Web-Based Attack Threat ⚠️

In a potential attack scenario, hackers could host a malicious website or use compromised sites to trick users into opening specially crafted files. The attack relies on convincing users to click on a link, usually through phishing emails or instant messages

🩹 Patch just in 🩹

A formal patch for CVE-2024-38200 was shipped on August 13 as part of its monthly Patch Tuesday updates, but the tech giant said it identified an alternative fix that it has enabled via Feature Flighting as of July 30, 2024. 

Now, on to this week’s hottest cybersecurity news stories: 

  • 👮‍♂️ Nashville man charged for helping N. Koreans to get U.S. tech jobs 💻

  • 👂 Hackers could be eavesdropping on you via your Sonos speakers 🔊 

  • 🛒 PhaaS (phishing-as-a-service) contribute to all time in phishing attacks 🎣

Nashville man: Looking for a new Korea? 👀🙈💀 

🚨 North Korea’s “Laptop Farm” in Nashville Exposed! 💻

🤖 Fraud Scheme Uncovered 🤖 The U.S. Department of Justice (DoJ) has charged 38-year-old Matthew Isaac Knoot from Nashville for allegedly running a “laptop farm” to help North Korean IT workers secure remote jobs with American and British companies. These roles allegedly funded North Korea’s illicit weapons program.

💻 Deceptive Operations 💻
Knoot is accused of using stolen identities, including that of "Andrew M.," to deceive companies into hiring North Korean operatives. These workers used the stolen identity to secure jobs, while Knoot facilitated their access by hosting company laptops at his residence and installing unauthorised software.

🕵️ Exposing the Scheme 🕵️

From July 2022 to August 2023, Knoot’s operation allegedly caused over $500,000 in damages. He faces serious charges, including wire fraud and identity theft, which could result in up to 20 years in prison. This case follows similar charges against another individual, Christina Marie Chapman, earlier this year.

🏞️ Bigger Picture 🏞️

The scheme highlights ongoing threats posed by North Korean cyber operations, as recent advisories warn about IT workers generating revenue for the regime from abroad. The situation underscores the importance of vigilance in hiring practices, especially in the digital age.

Want SOC 2 compliance without the Security Theater?

  • Get the all-in-one platform for SOC 2

  • Build real-world security 💪

  • Penetration testing, compliance software, 3rd party audit, & vCISO

Schedule a demo for pricing!

Are you sitting comfortably? Then I'll begin 👂😬💀

🚨 Sonos Smart Speakers Vulnerable to Hacking! 🎶

🔓 New Security Flaws Exposed 🔓 Researchers have uncovered critical vulnerabilities in Sonos smart speakers that could allow hackers to take control of the devices, exposing users to potential cyber threats. The flaws, tracked as CVE-2024-3109 and CVE-2024-3110, affect various Sonos models and could be exploited to access private audio streams or launch attacks on home networks.

🎤 Speaker Hijacking Risk 🎤

One flaw allows attackers to remotely control speakers, play audio, and even transmit private conversations if the device is compromised. The second flaw could let attackers execute malicious code by sending specially crafted network requests to the speakers, potentially compromising other devices on the same network.

🩹 Patch On the Way 🩹

Sonos has acknowledged the vulnerabilities and is working on patches to address these issues. Users are advised to ensure their devices are updated with the latest firmware and to monitor any unusual activity on their networks.

🚨 Stay Secure 🚨

This discovery serves as a reminder of the security risks associated with smart home devices. As more gadgets become connected, the importance of robust cybersecurity measures becomes critical to protect against potential threats.

We were hoping it was just a PhaaSe 👀🙈😏

🚨 Phishing Attacks Surge in 2023: AI and PhaaS Fuel the Fire 🎣

💼 Phishing Incidents Skyrocket! 💼 In 2023, a staggering 94% of businesses were hit by phishing attacks, marking a 40% increase from the previous year, according to research from Egress. This sharp rise is largely attributed to the growing use of AI and the emergence of Phishing as a Service (PhaaS).

🤖 AI’s Role in the Rise 🤖

Generative AI has made it easier than ever for cybercriminals to craft convincing phishing content, from malicious emails to deepfake videos. AI can also assist in writing the malware often deployed during phishing campaigns, making these attacks more sophisticated and difficult to detect.

🎣 Phishing as a Service (PhaaS) 🎣

PhaaS platforms allow even those with limited technical skills to launch phishing attacks by hiring skilled attackers. This has democratised phishing, enabling more frequent and targeted campaigns.

📅 Timely and Targeted Attacks 📅

The surge in phishing is also driven by threat actors’ ability to quickly respond to current events, like the CrowdStrike “Blue Screen of Death” incident and major events like the Olympics and UEFA Euro 2024. These attacks often capitalise on the confusion or excitement surrounding such events, making them particularly effective.

🔍 Stay Vigilant 🔍

With AI and PhaaS making phishing easier, businesses and individuals must stay informed and take proactive steps to protect themselves from these evolving threats.

That’s all for this week, folks! Stay safe out there 🛡️🛡️🛡️

🗞️ Extra, Extra! Read all about it! 🗞️

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • 🛡️ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday 📅

  • 💵Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for 🆓

  • 📈Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future 👾

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles