Nov 24 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that wishes you a merry #BlackFriday2023. Happy looting! 🙈💀😂 Kidding, kidding!
It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!
It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.
Congrats, the cybercriminals are no match… for your patch! 🩹🩹🩹
Check out these freshly hatched patches 🐣🐣🐣
🚨 PATCH NOW: CISA Issues Warning on “Looney Tunables” Linux Vulnerability! 🚨
CISA has directed all U.S. federal agencies to safeguard their systems against an exploited vulnerability affecting major Linux distributions.
🐧 Dubbed ‘Looney Tunables’ (CVE-2023-4911), the flaw stems from a buffer overflow in the GNU C Library’s ld.so dynamic loader, impacting popular platforms like Fedora, Ubuntu, and Debian.
Admins are urged to patch swiftly due to active exploits and online proof-of-concept releases. Qualys emphasises the risk of full root access on these platforms. CISA has added the flaw to its Known Exploited Vulnerabilities Catalog, mandating U.S. agencies to patch by December 12.
All organisations are advised to prioritise patching! 🔒🛡️🌐
Now, on to today’s hottest cybersecurity stories:
👮 American cops recoup $9m from ‘pig butchering’ scammers 🐷
🏛️ Fidelity National Financial shuts down after cyber-attack 👨💻
🍚 N. Korean ‘Diamond Sleet’ trojanizes CyberLink software 🔗
In a significant crackdown, the U.S. has seized nearly $9 million derived from widespread “pig butchering” scams that targeted over 70 victims nationwide. 🚔 These scams, involving romance and fake crypto investments, lure victims into depositing money, which is then stolen.
🐷 How It Works 🐷
The cybercriminals, operating as an organised group, created fake investment firms and crypto exchanges, convincing investors to deposit funds. The term “pig butchering” refers to fattening victims’ accounts before extracting as much as possible.
💸 Laundering Techniques 💸
To launder the stolen proceeds, the criminals employed chain hopping methods, complicating investigators’ roles. They frequently switched cryptocurrency tokens and used “privacy coins” like Monero and Z-cash, making tracking more challenging than traditional tokens like Bitcoin and Ethereum.
🕵️♂️ Law Enforcement Actions 🕵️♂️
Although no arrests or specific cybercriminal names were disclosed, the U.S. Secret Service San Francisco Field Office connected the laundering efforts to wallet addresses linked to the criminal organisation. The seizure was made possible through the collaboration of the Secret Service and the Justice Department.
🌐 Evolution of Crypto Laundering 🌐
Analysts noted the shift from traditional methods like mixers and tumblers to emerging techniques such as coin swaps and cross-chain bridges. These methods provide decentralised and privacy-focused means for exchanging coins, both for legitimate purposes and money laundering.
⚖️ Ongoing Investigation ⚖️
The Justice Department’s Computer Crime Division, the National Cryptocurrency Enforcement Team, and assistant U.S. attorneys are actively handling the case in the Northern District of California.
🔄 Asset Transfer 🔄
The seized proceeds were returned in the form of the U.S. dollar-tied stablecoin Tether, with the Justice Department acknowledging Tether’s role in facilitating the asset transfer.
🚨 Combating Cyber-Enabled Financial Fraud 🚨
The U.S. Secret Service emphasised its commitment to protecting the financial infrastructure, thanking the Justice Department for collaboration in this case.
💌 Stay Informed 💌
As law enforcement continues to target cybercriminals, it’s crucial to stay vigilant against evolving scams. Report any suspicious activity to cybercrime reporting portals. 💔📉 🌐
Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.
That’s where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:
Remove junk files and malware to free up space and improve performance
Protect your privacy by erasing sensitive data
Optimize your startup settings to speed up boot times
Manage your extensions and apps to keep your Mac or PC running smoothly
Since 2008 MacPaw is trusted by over 30 million users worldwide, and it’s the perfect solution for keeping your Mac or PC safe and secure.
Fortune 500 company Fidelity National Financial (FNF), a major player in title insurance and settlement services, reported a cybersecurity incident impacting certain systems. 🏠🔒
☠️ DefCon 1 ☠️
The company launched an investigation, enlisted experts, alerted law enforcement, and implemented measures to assess and contain the breach. As part of containment, access to some systems was blocked, causing disruptions in services related to title insurance, escrow, and mortgage transactions. 🛑😟
⛓️ Breaking The Chain ⛓️
FNF disclosed that an unauthorised third party accessed systems and acquired credentials, with the investigation ongoing. Real Estate News noted that the breach halted scheduled closings, leaving agents and homebuyers in a scramble. 🏡💻
FNF has not commented on the situation. If you have info on the breach, contact Gone Phishing securely. Stay tuned for updates as the investigation unfolds. 🕵️♂️🔍🌐
Our new segment where we pick out some cool sites we like, reply to the mail and let us know what you think.
🃏 The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can’t get fooled again.” Good ol’ George Dubya 😂 Let us tell who’s not fooling around though; that’s the Crüe 👀 at Motley Fool. You’d be a fool (alright, enough already! 🙈) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! 🐛 Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets 🤑 (LINK)
🚵 Wander: Find your happy place. Cue Happy Gilmore flashback 🏌️⛳🌈🕊️ Mmmm Happy Place… 😇 So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)
🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts ⚾👻🍿 (Great movie, to be fair 🙈). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty 😑). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho 😉 And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)
Microsoft’s Threat Intelligence team has uncovered a state-sponsored threat, Diamond Sleet, linked to North Korea, orchestrating a supply chain attack.
The attackers are distributing a trojanized version of a legitimate application by CyberLink, a Taiwanese multimedia software developer. The modified installer includes malicious code that downloads a second-stage payload, impacting over 100 devices across Japan, Taiwan, Canada, and the U.S.
🔍 Modus Operandi 🔍
The poisoned file is hosted on CyberLink’s update infrastructure, featuring checks to evade security products. The second-stage payload establishes connections with compromised command-and-control servers. Notably, Diamond Sleet has a history of targeting government, defence, telecom, and financial institutions since at least 2013.
💻 Tech Tactics 💻
Microsoft observed the use of trojanized open-source and proprietary software by the threat actor. Despite the supply chain attack, no hands-on-keyboard activity was detected on target environments post-installation of the tampered installer, named LambLoad.
🚫 Evading Detection 🚫
The weaponised downloader inspects for security software and fetches a disguised payload, masquerading as a PNG file. Upon execution, the malware contacts a legitimate-but-compromised domain for additional payloads.
🌐 Global Impact 🌐
This revelation follows recent North Korean campaigns revealed by Palo Alto Networks Unit 42. Microsoft previously tied Diamond Sleet to the exploitation of a critical security flaw in JetBrains TeamCity. Stay vigilant, update security measures, and monitor for any unusual activity. 🛡️
Have a good weekend y’all, and of course, Happy Holidays to our American readers! 🍽️🦃👏🌽🌰🥂🍻 And do yourselves a favour and don’t bother with the Black Friday sales and stay in with your families instead 😂 Just a suggestion, mind ❤️
🗞️ Extra, Extra! Read all about it! 🗞️
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.
Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.
Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)
Let us know what you think.
So long and thanks for reading all the phish!