Mar 19 2024
Welcome to Gone Phishing, your daily cybersecurity newsletter thatβs Phishy like Sunak πππ
Todayβs hottest cybersecurity news stories:
π Stop the WordPresses!! Remove miniOrange plugin ASAP! Major flaw! π±
π£ Phishing goes commercial with APT26 casting out on Europe, Americas, Asia π
π‘ AT&T claims data leak of a whopping 70M didnβt come from their systems π
β οΈ WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are urged to delete them immediately due to a critical security flaw (CVE-2024-2172).
π Rated 9.8 out of 10 on the CVSS scale, the flaw impacts specific versions:
π Malware Scanner (versions <= 4.7.2)
π Web Application Firewall (versions <= 2.1.1)
π¨ These plugins have been permanently closed by maintainers as of March 7, 2024, affecting over 10,000 and 300 active installations, respectively.
π The vulnerability allows unauthenticated attackers to grant themselves admin privileges by updating user passwords, potentially leading to complete site takeover.
π A missing capability check in the mo_wpns_init() function is to blame, enabling attackers to manipulate site content, upload malicious files, and more.
π Additionally, a similar high-severity flaw (CVE-2024-1991) was discovered in the RegistrationMagic plugin, impacting all versions up to 5.3.0.0.
π The issue, addressed on March 11, 2024, permits authenticated attackers to elevate their privileges, affecting over 10,000 installations.
π‘οΈ Stay vigilant! Ensure your WordPress plugins are up to date and remove affected plugins to safeguard your site's security.
Learn AI in 5 minutes a day. We'll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.
π¨ APT28, a Russia-linked threat group, is orchestrating ongoing phishing attacks across Europe, South Caucasus, Central Asia, and North and South America.
π£ These campaigns employ lure documents mimicking government and non-governmental organisations' content, covering various sectors like finance, cyber security, and healthcare.
π IBM X-Force identifies this activity as ITG05, also known as Blue Athena, Fancy Bear, and others.
π» Recent tactics involve exploiting Microsoft Outlook flaws to steal NTLMv2 hashes, possibly for future relay attacks.
π From late November 2023 to February 2024, phishing attacks utilised the "search-ms:" URI protocol handler in Windows to distribute malware hosted on WebDAV servers, possibly controlled via compromised Ubiquiti routers.
π APT28 impersonates entities from Argentina, Ukraine, and other countries, using authentic-looking documents to trigger infections.
β οΈ The attack culminates in the deployment of malware like MASEPIE, OCEANMAP, and STEELHOOK, capable of file exfiltration, command execution, and browser data theft.
π APT28 demonstrates adaptability, leveraging new infection methods and commercial infrastructure while evolving malware capabilities.
π» Stay vigilant against phishing attempts! Ensure robust cybersecurity measures to thwart such attacks.
πΒ The Motley Fool: βFool me once, shame on β shame on you. Fool me β you can't get fooled again.β Good olβ George Dubya π Let us tell whoβs not fooling around though; thatβs the CrΓΌe π at Motley Fool. Youβd be a fool (alright, enough already! π) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! π Kidding aside, if you check out their website theyβve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets π€Β (LINK)
π΅Β Wander: Find your happy place. Cue Happy Gilmore flashback ποΈβ³πποΈ Mmmm Happy Placeβ¦ π So, weβve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, itβs easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway ποΈπΒ (LINK)
πΒ Digital Ocean: If you build it they will come. Nope, weβre not talking about a baseball field for ghosts βΎπ»πΏ (Great movie, to be fair π). This is the Digital Ocean whoβve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website youβll find yourself catching the buzz even if you canβt code (guilty π). But if you can and youβre looking for somewhere to test things out or launch something new or simply enhance what youβve got, weβd recommend checking out their services foβ sho π And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! πΏΒ (LINK)
π AT&T denies a 2021 breach after a hacker leaked data affecting 71 million individuals, although some entries have been verified as accurate.
π The data, initially offered for sale by a threat actor called ShinyHunters, includes names, addresses, mobile numbers, encrypted birth dates, and social security numbers.
π» MajorNelson later leaked the data for free, with decrypted birth dates and social security numbers, potentially exposing customers to targeted attacks.
π While not all entries are confirmed, some have been validated by individuals and cybersecurity experts, suggesting a partial but significant data dump.
β The source of the data remains unclear, but indications point to it being AT&T customer data.
π If you were an AT&T customer in 2021 or earlier, assume your data may be compromised. Beware of phishing attempts, SMS scams, and SIM swapping attacks.
π§ Stay cautious of unsolicited communications claiming to be from AT&T. When in doubt, contact AT&T directly to verify the legitimacy of any messages.
Thatβs all for today, folks!
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
π‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday π
π΅Β Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for π
πΒ Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πΎ
Let us know what you think!
So long and thanks for reading all the phish!