Sep 29 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that wants to destroy cybercrime like #Cloudflare destroys Discord on PCs 👀🙈😂
It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!!
It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.
Congrats, the cybercriminals are no match… for your patch! 🩹🩹🩹
Check out these freshly hatched patches!! 🐣🐣🐣
🔒 Google acted swiftly to address a critical zero-day (CVE-2023-5217) in Chrome, actively exploited by spyware vendors.
💻 Upgrade to Chrome version 117.0.5938.132 on Windows, macOS, and Linux to stay secure.
🌐 Mozilla also released updates for Firefox (versions 118.0.1, Firefox ESR 115.3.1, Firefox Focus for Android 118.1, and Firefox for Android 118.1) to fix a similar issue.
Ensure your browser is up to date! 🚀🛡️ Stay safe online! 💪😊
Now, on to today’s hottest cybersecurity stories:
💰 Russian zero-day company offers $20m for hacking iPhones, Androids 📱
🐀 ZenRAT attacks Bitwarden and others via SEO poisoning & malspam ☣️
👨💻 Hackers siege GitHub with info-stealing commits masked as Dependabot 🤖
Russian-based Operation Zero, known for acquiring and selling zero-day exploits, has raised the stakes, offering researchers a whopping $20 million for hacking tools targeting iPhones and Android devices.
They made this announcement via Telegram and X (formerly Twitter), encouraging developer teams to collaborate by offering competitive plans and bonuses.
🌐 Notably, Operation Zero exclusively serves non-NATO countries, particularly Russian private and government organisations. CEO Sergey Zelenyuk, when questioned about this, remained tight-lipped, citing "obvious reasons."
💰 Zelenyuk explained that current high bounties might be temporary, driven by market dynamics and the challenges of hacking iOS and Android. These full chain exploits are most sought-after by government actors willing to pay a premium for exclusivity.
🌐 For years, companies worldwide have offered bounties to researchers, but Operation Zero stands out by not notifying vulnerable vendors. Instead, they sell exploits to government customers, operating in a secretive and fluctuating grey market.
💡 Competitors like Zerodium and Crowdfense also offer significant bounties for mobile device exploits, emphasising the lucrative nature of zero-day markets.
🌍 The zero-day market remains largely unregulated, but geopolitical factors, like China's bug-reporting law, are increasingly influencing the landscape. This law requires researchers to alert the Chinese government before vendors, potentially consolidating China's hold on zero-days for intelligence purposes.
Stay informed and cautious in this evolving cybersecurity landscape. 🛡️💻📱
I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.
The group is very active and everyone in this private discord group is very chatty and helpful.
If you are interested in joining the group you can through the link below.
Bitwarden is giving parking wardens a run for their money when it comes to ‘most hated warden’ thanks to ZenRAT’s dastardly infiltration of the open-source password manager.
The fresh malware strain is causing concern as it targets Windows systems for information theft. The exact distribution method is unclear, but similar threats often employ SEO poisoning, adware bundles, or malspam campaigns.
🔍 Attack Insights 🔍
Proofpoint researchers stumbled upon ZenRAT on a fake website posing as Bitwarden, an open-source password manager. Notably, when non-Windows users visited the site, they were safely redirected. However, Windows users were lured in with a deceptive Bitwarden installer.
🛡️ ZenRAT Features 🛡️
ZenRAT is a modular Remote Access Trojan (RAT) equipped for information theft. It swiftly collects data like CPU and GPU details, OS version, RAM, IP address, antivirus, and applications from infected systems. This pilfered info, including browser data and credentials, is sent to the C2 server in a zip file named Data.zip.
🌐 Info-Stealing Surge 🌐
While ZenRAT is fresh on the scene, information-stealing malware is on the rise. Other threats like ValleyRAT, Sainbox RAT, Purple Fox, Golang-based MetaStealer, and Atomic Stealer have been spotted in different campaigns.
🔒 Stay Safe 🔒
Researchers advise caution with search engine ad results, a prime source of malware. Always be vigilant when downloading software from untrusted sources, and double-check the legitimacy of the hosting domains.
Stay protected online! 🛡️🖥️📢
🗞️ Extra, Extra! Read all about it! 🗞️
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
💊 HealthHack: Tech is making it easier than ever to reach your fitness goals, from wearable devices to nutrition apps. This newsletter keeps you in the know.
₿ Crypto Nutshell: A well written and beautifully designed newsletter giving you the lowdown on crypto and web3, highly recommend if interested to get up to date info on the crypto/web3 market.
🧠 Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.
Let us know what you think.
In a recent cyber threat, hackers are infiltrating GitHub accounts, disguising malicious code as Dependabot contributions. This sinister campaign was uncovered in July 2023, targeting both public and private repositories.
🤖 Impersonating Dependabot 🤖
Dependabot, a GitHub tool, automatically updates projects with vulnerable dependencies. Attackers acquired GitHub access tokens, enabling them to pose as Dependabot with fake "fix" commits. Not so dependable now, eh?
🔒 The Malicious Code 🔒
These fake commits hide malicious code designed to:
1️⃣ Extract secrets from GitHub projects and send them to the attacker's server.
💼 Private Repositories Also at Risk 💼
As many tokens granted access to private repos, both public and private GitHub projects fell victim to this attack.
🔍 Possible Compromise Points 🔍
Although the exact token theft method remains unclear, analysts suspect malware infection, possibly via a malicious package. Most victims were in Indonesia, indicating a potentially targeted attack.
🛡️ Stay Safe 🛡️
Consider using GitHub's fine-grained personal access tokens to limit permissions, reducing risks in case of compromise.
Protect your code and be vigilant! 💻🔐 Have a good weekend folks and remember to think before you clink. I mean click. Cheers 🍻
So long and thanks for reading all the phish!