Sep 22 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that’s got that Friday feeling 🎉🎉🎉
It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!!!
It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.
Congrats, the cybercriminals are no match… for your patch! 🩹🩹🩹
Check out these freshly hatched patches!! 🐣🐣🐣
Trend Micro has released vital patches for a high-risk security flaw (CVE-2023-41179) actively exploited by attackers in Apex One and Worry-Free Business Security solutions for Windows. Ensure prompt updates to stay secure. Limit console access to trusted networks as a temporary fix. 🌐
CISA adds nine actively exploited vulnerabilities to its KEV catalogue, affecting Realtek SDK, Zyxel EMG2926 Routers, Laravel Ignition, Samsung Mobile Devices, Owl Labs Meeting Owl, and MinIO. GitLab has patched a critical vulnerability (CVE-2023-5009) – update now! Stay vigilant in the digital world! 💻🔐
Apple has released security updates to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari. The vulnerabilities could allow attackers to bypass signature validation, elevate their privileges, or execute arbitrary code.
The updates are available for the following devices and operating systems:
iOS 16.7 and iPadOS 16.7
iOS 17.0.1 and iPadOS 17.0.1
macOS Monterey 12.7 and macOS Ventura 13.6
watchOS 9.6.3 and watchOS 10.0.1
Apple recommends that all users install the updates as soon as possible. 📱💻
Now, on to today’s hottest cybersecurity stories:
📱 T-Mobile app glitch let users see other people's account info 👀
💵 Another $40m paid out to Western Union fraud victims 😔
🌎 Australia to build six 'cyber shields' to defend its shores 🌊
T-Mobile customers recently faced a concerning issue as they could access other people's account and billing details via the company's mobile app. The exposed info included names, phone numbers, addresses, account balances, and partial credit card data. Some users reported seeing multiple people's sensitive data.
Despite user reports on social media, T-Mobile clarified that this wasn't a cyberattack or breach. It resulted from a temporary system glitch during a planned update, affecting fewer than 100 customers. The issue has been resolved.
This isn't T-Mobile's first data security incident. In May, they disclosed their second data breach in 2023, following previous breaches since 2018. It's essential to stay vigilant and take precautions with your data.
💡 Data Breach History 💡
T-Mobile has faced multiple data breaches since 2018, affecting various aspects of customer information. They are actively working to enhance security measures to prevent future incidents.
Stay informed about data security! 🛡️
I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.
The group is very active and everyone in this private discord group is very chatty and helpful.
If you are interested in joining the group you can through the link below.
Great news for victims of fraud via Western Union! The financial giant is distributing an additional $40 million to reimburse 25,000 victims worldwide, marking the start of the second phase of the Western Union Remission. This follows a prior payout of $365 million to 148,000 victims. 💸💳
These funds were forfeited by Western Union as part of a 2017 agreement, where they admitted to aiding wire fraud and violating the Bank Secrecy Act. They pledged to forfeit $586 million in total to compensate victims targeted in various scams, including sweepstakes, grandparent, and romance scams. 🚫🕵️♂️💔
The Department of Justice (DoJ) has be//en accepting petitions for remission from fraud victims. This distribution underscores their commitment to justice and holding those responsible accountable. More distributions are expected in the near future. 🤝⚖️
If you've been a victim of fraud via Western Union, you may still have a chance to get your money back. Don't miss out! 🌟
🗞️ Extra, Extra! Read all about it! 🗞️
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
💊 HealthHack: Tech is making it easier than ever to reach your fitness goals, from wearable devices to nutrition apps. This newsletter keeps you in the know.
₿ Crypto Nutshell: A well written and beautifully designed newsletter giving you the lowdown on crypto and web3, highly recommend if interested to get up to date info on the crypto/web3 market.
🧠 Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.
Let us know what you think.
Gif on Giphy
Australia is fortifying its cybersecurity with a national strategy, announced by Home Affairs Minister Clare O'Neill. The strategy outlines six "cyber shields" to safeguard the nation:
Education: Empowering businesses and citizens with knowledge about online threats, defence, and post-incident support. 📚👩💼
Safe Technology: Establishing global safety standards for digital products, ensuring everything sold in Australia is safe to use. 🌐🛡️
Threat Sharing & Blocking: Enabling real-time exchange of threat intelligence between government and businesses to preemptively block threats. 🤝🚫
Critical Infrastructure Protection: Strengthening digital defences for vital government assets. 🏢💻
Sovereign Infosec Capability: Cultivating a thriving cyber ecosystem with skilled professionals. 👩💻👨🔬
Coordinated Global Action: Building regional resilience through partnerships and engagement, assisting neighbouring countries with their security. 🤝🌍
By 2030, Australia aims to lead in all things cyber through these measures. 🚀🇦🇺
👩💼 Director's Duty in Cybersecurity 👨💼
Joe Longo, Chair of ASIC, has issued a stern warning to Australian boards about cybersecurity. Directors are urged to take cyber risks seriously, integrate them into risk management, and enhance resilience. Neglecting these responsibilities could lead to legal consequences, including civil and criminal penalties. 🚫⚖️
Directors should not rely on a "vaccination theory of cyber security" but actively manage supply chain and vendor risk. They must also develop crisis plans for communication and recovery, involving third-party suppliers. 📝🔍
Remember, protecting critical information is paramount, especially when third parties are involved. Prioritise what matters most and fortify your cyber defences! 🔒🌐
So long and thanks for reading all the phish!