Aug 24 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that shows cybercriminals about the same amount of respect that Tucker and Trump showed the other Republican candidates last night π³π¬π
Todayβs hottest cybersecurity news stories:
π° Ransomware attacks up 153% on last year and 16% on last month π
π― Itβs open season on 1000s of STILL unpatched Open(dumpster)fire XMPP servers π₯
π― NoFilter attack: Bypass Windows security with new stealth privilege escalation tactic π
Recent reports from top cybersecurity firms reveal alarming trends in ransomware attacks π. These attacks are not only increasing in number but also becoming more sophisticated. π»π°
FYI: Ransomware attacks are a type of malware designed to deny a user or organisation access to files on their computer and demanding a ransom payment for the decryption key.
According to NCC Group's July 2023 report, attacks surged by 153% compared to last year, with industrials as the prime target π. Europe witnessed a 59% jump in attacks! π
The notorious Cl0p group is a major player, impacting 730 orgs and 47M people via the MOVEit hack π΅οΈββοΈ. But excluding them, the victim count dropped π. New players like 8Base are emerging.
BlackFog's data highlights a shocking 4-year high in July 2023 attacksΒ π. Surprisingly, only 38 out of 428 attacks were disclosed publicly π±.
Education took a hit too! Sophos reveals rising attacks, with many paying ransoms for data recovery ππ΅. Barracuda warns of doubled attacks in sectors like healthcare π₯.
The level of sophistication is soaring too! Ransomware gangs focus on data theft and exploiting vulnerabilities π. Lumu's report lists top precursors like Qbot and Dridex.
Hold onto your hats for the costs πΈ! Manufacturing firms lost $46.2B due to ransomware between 2018-2023 π΅.
Stay vigilant and protect your systems. Backup your data, update software, and educate your teams about phishing threats. Together, we can beat the cyber crooks! πͺπ‘οΈ
I came across ZZZ money club during the crypto market bull run when everyoneβs a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.
The group is very active and everyone in this private discord group is very chatty and helpful.
Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.
If you are interested in joining the group you can through the link below.
A concerning report from VulnCheck has revealed that thousands of Openfire XMPP servers are vulnerable to a high-severity flaw π. Tracked as CVE-2023-32315 (CVSS score: 7.5), this flaw could allow unauthorised access to restricted admin console pages π΅οΈββοΈ.
This vulnerability affects all Openfire versions since April 2015. While protections were in place, they didn't cover a certain type of URL encoding.
Threat actors are actively exploiting this, with links to the Kinsing crypto botnet malware π¦ .
Cybersecurity scans found that around 50% of 6,300 accessible Openfire servers are running affected versions π±.
Attackers can bypass authentication by creating an admin account and uploading a plugin for code execution. However, VulnCheck discovered a stealthier approachβextracting credentials and uploading a plugin without creating an admin account πΎ.
This method cleverly avoids detection in security logs π΅οΈ.
Top Tip:
The best defence is to update to the latest Openfire versions immediately to prevent potential threats.
Stay secure and spread the word to protect your systems and data! π‘οΈπ
Hold tight, folks! A sneaky attack method named NoFilter πΆοΈ has been uncovered, exploiting the Windows Filtering Platform (WFP) for privilege escalation in Windows OS π±.
This method, discovered by Deep Instinct, helps attackers go from admin to "NT AUTHORITYSYSTEM," a major escalation πΎ. It was revealed at the DEF CON security conference.
Here's the scoop: NoFilter takes advantage of WFP, which manages network traffic. By digging into an RPC method called "BfeRpcOpenToken," attackers can manipulate access tokens. These tokens are like keys to unlock privileged tasks.
The hacky part? Malware can use tokens from other processes to gain SYSTEM privileges, even in the kernel, staying stealthy π.
In a nutshell, NoFilter can launch as "NT AUTHORITYSYSTEM" or another logged-on user. It shows that built-in components like WFP can harbour new attack routes, avoiding monitored WinAPI and security products.
Remember, hackers are getting craftier, so keep your systems updated and stay vigilant! π‘οΈπ«
So long and thanks for reading all the phish!
