Aug 09 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that brings the smoke to cybercrime 💀💀💀
Today’s hottest cyber security stories:
🌐HACKED! UK's electoral registers struck by a smooth cybercriminal 🎩
⌨️ New software allows phones to decipher typed passwords just by listening 👂
👾 New malware targets newbie cybercriminals with ‘OpenBullet Configs’ 🔫
🔒🗳️ UK's Elections Watchdog Hit by Cyber Attack 🌐🔓
The UK's Electoral Commission has fallen victim to a "complex cyber-attack" potentially impacting millions of voters 🚨🕵️♂️. "Hostile actors" gained unauthorised access to electoral registers dating back to August 2021, also breaching emails and "control systems" 💻📧.
Though the breach was only discovered in October of the previous year, the watchdog urges people to be vigilant about their data usage 🛡️🔍. The commission reveals hackers accessed register copies held for research and political donor checks 💼��.
Chief Executive Officer Shaun McNally confirms awareness of the compromised systems, yet can't definitively identify accessed files 📂❓. Breached data includes names and addresses of UK voters registered between 2014 and 2022, encompassing private registers and overseas voters' names 🏠🌐.
While personal data held on the registers doesn't pose "high risk," it could potentially be combined with public information for profiling purposes 📝🔍. The watchdog emphasises hackers couldn't alter or delete information on electoral registers 🚫❌.
The commission delayed public disclosure to mitigate vulnerabilities, and the Information Commissioner's Office is urgently investigating the data breach 🕵️♂️🔍.
The watchdog assures steps have been taken to enhance cybersecurity against future attacks 🛡️🔒. Hope so!
I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.
The group is very active and everyone in this private discord group is very chatty and helpful.
If you are interested in joining the group you can through the link below.
🔐🎮 Academics Develop "Keystroke Sound" Hack! 🕵️♂️💻
Researchers have created a "deep learning-based acoustic side-channel attack" that identifies laptop keystrokes recorded by a nearby phone with 95% accuracy 📱🔊.
When trained on Zoom-recorded keystrokes, accuracy reached 93%, setting a new medium record 📈🔍.
These "side-channel attacks" exploit a system's physical effects during data processing, such as acoustics, to gather insights 🔒🔊. These attacks pose a threat to user privacy and security, enabling malicious actors to steal passwords and sensitive data 💥🔐.
The ubiquity of keyboard sounds makes them a convenient target. People tend to underestimate their sound while typing, even if they hide their screen 👀🔈.
To execute this attack, researchers used MacBook Pro keys, recorded their sounds, and employed a deep learning model, CoAtNet, to classify keystrokes 🎹🤖.
🗞️ Extra, Extra! Read all about it 🗞️
Each fortnite, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
💰 Daily Dough: Bite-sized investing ideas, wisdom, news, and trends you need to grow your dough!
📈 ProductivityGlide: A bite-sized email for your most productive day yet!
🏫 AI Marketing School: The latest AI Marketing tools, techniques, and news delivered biweekly.
Let us know what you think!
🔒🦠 Malware Alert: New Campaign Targets Aspiring Hackers! 🚨💻
A fresh malware campaign is using malicious OpenBullet configuration files to exploit inexperienced cybercriminals, aiming to deploy a remote access trojan (RAT) capable of data theft 🔓🌐.
Kasada, a bot mitigation firm, has identified this activity as an attempt to exploit "trusted criminal networks," with advanced threat actors preying on novice hackers 🕵️♂️🕵️♀️.
OpenBullet, initially a legitimate open-source penetration testing tool, is now being misused. It automates credential stuffing attacks, powered by a customised configuration file tailored to a specific website. This facilitates attacks without cumbersome browser windows 📜🔐.
These configurations are traded within criminal circles, empowering less skilled hackers, or "script kiddies," to launch their own attacks 🛠️💥. The flexibility of this approach has also led to a new attack route, targeting other hackers seeking these files in hacking forums 🌐💣.
The malware focuses on popular browsers and crypto wallets, exploiting the likes of Brave, Chrome, and Microsoft Edge 🌐💼. The campaign's unique use of Telegram to distribute malicious configs highlights the criminals' cryptocurrency preference 📲🔗.
No honour among cyber-thieves!
This breach among thieves shows the ever-evolving landscape of cyber threats 🔄🔒.
So long and thanks for reading all the phish!