Gone Phishing Daily

Home
Gone Phishing Daily

The Cyber Security Newsletter thats on the FBIs most wanted, no BS breakdown on the world of cyber security.
(1)

05/11/2024

🚨 New Hack Can Bypass Windows Security! 🕵️‍♂️

What’s Going On? 💻 A fresh hack has been uncovered that can bypass Microsoft’s Driver Signature Enforcement (DSE) on fully updated Windows systems. This new trick allows attackers to load unsigned kernel drivers, which could help them sneak in dangerous rootkits. These rootkits could hide malicious activity, disable security, and stay hidden on your system! 😨

How It Works 🔄

Researchers found that this method exploits a tool called “Windows Downdate,” which lets attackers downgrade parts of the Windows OS to older, unpatched versions. Essentially, they trick Windows Update into using vulnerable files, opening the door to exploit older security flaws.

Key Exploits Discovered 🚨

Two key vulnerabilities, CVE-2024-21302 and CVE-2024-38202, were previously addressed by Microsoft but can be exploited by this new method to reintroduce old vulnerabilities! Once attackers downgrade Windows to an older version, they can bypass the DSE, load unapproved drivers, and gain kernel-level control.

Why This is Dangerous ⚠️

Unlike past techniques like “Bring Your Own Vulnerable Driver” (BYOVD) attacks, this downgrade method directly targets core Windows components. This allows attackers to achieve a high level of control without being detected.

Can It Be Stopped? 🔒

Virtualization-Based Security (VBS) can help stop these attacks, but only if it’s fully enabled with UEFI lock and a “Mandatory” setting. In default settings, VBS might be disabled, letting attackers tamper with registry keys to turn it off and proceed with the exploit. Microsoft recommends careful setup of VBS to prevent this.

Final Thoughts 💡

To stay safe, Microsoft urges users to fully enable VBS and set the UEFI lock. And security tools should be designed to detect and stop downgrades like this before they cause harm.

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

26/10/2024

🚨 APT41 Targets Gambling Sector in Sophisticated, Persistent Cyber Attack 🎲💥

⚠️ Security Alert! The prolific Chinese threat actor APT41 (also known as Brass Typhoon and Wicked Panda) has launched a stealthy, multi-stage cyber attack on the gambling and gaming industry. Over nine months, this skilled nation-state group collected sensitive data like network configurations, user passwords, and high-value administrative credentials from the targeted company.

🛠️ A Methodical Infiltration

APT41, tracked by Security Joes and Sophos under Operation Crimson Palace, managed to maintain persistent access by observing the defender’s responses and adapting its toolset and techniques accordingly. This adaptive approach has allowed them to dodge defences and keep their activities hidden over an extended period. 🕵️‍♂️🔐

🕹️ Intricate Attack Techniques

- DCSync Attack: APT41 used this technique to grab password hashes from service and admin accounts to widen its network access.

- Phantom DLL Hijacking & LOLBins: Leveraging techniques like Phantom DLL Hijacking and LOLBins (Living Off the Land Binaries), including wmic.exe, allowed the attackers to execute payloads without drawing attention.

- Obfuscated Communication: When contacting their command-and-control (C2) server, APT41’s malware employs clever tactics, including GitHub scraping to update the C2 server address if the primary C2 fails, giving the operation resilience.

💻 Targeted Exploitation with JavaScript and XSL Files

After initial access, the attackers executed heavily obfuscated JavaScript through an XSL file ("texttable.xsl") to maintain access. This script was designed to fetch additional malware while precisely targeting devices within a specific IP range, 10.20.22.x, which helped them narrow down valuable assets within VPN subnets. 📡

💰 What’s the Endgame...

👉 To continue reading, please visit www.gonephishing.xyz and sign up to our newsletter to never miss a story!

18/10/2024

🚨 FBI Creates Fake Cryptocurrency to Unmask Crypto Market Manipulation! 💰

💥 Crypto scammers, watch out! In a bold move, the FBI has taken down a widespread crypto fraud operation by creating a fake cryptocurrency, NexFundAI, to expose shady market manipulation. 🕵️‍♂️

🛠️ How It Worked

As part of Operation Token Mirrors, the FBI launched NexFundAI, a fake crypto token marketed as a bridge between finance and artificial intelligence. However, it was secretly a sting operation designed to uncover illegal trading activities like wash trading and pump-and-dump schemes. 🎣

🔍 Wash Trading Explained

In this scam, companies involved in the operation made fake trades with their own tokens to artificially inflate prices. This created a false sense of value, tricking investors into buying in, only for the fraudsters to sell at a profit, leaving everyone else in the dust. 💥💸

🛑 Who Got Caught?

The crackdown has led to charges against 18 individuals and entities, including market makers like ZM Quant and CLS Global, who conspired to manipulate prices. So far, $25 million in cryptocurrency has been seized, and several key players arrested in the U.S., U.K., and Portugal.

💼 What’s the Damage?

Fraudulent companies exploited investors by promising big returns, but it was all smoke and mirrors. Pump-and-dump scams flooded the market with fake value, leaving unsuspecting buyers with worthless assets.

⚠️ Stay Alert!

As the crypto market continues to grow, so do scams. Remember: not all that glitters is Bitcoin! Protect yourself from market manipulation by staying informed and cautious. 🚨

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

13/10/2024

🚨 North Korean Hackers Target Tech Job Seekers! 👔

💼 Job interviews or cyber traps? Be aware! North Korea-linked hackers are targeting tech job seekers through fake interviews to spread malware. 🎯 The malicious campaign, named Contagious Interview, was first exposed by Palo Alto Networks' Unit 42 in late 2023.

📩 How It Works

Hackers pose as employers on job platforms, offering interviews to unsuspecting software developers. They trick victims into downloading malware disguised as coding assignments. 🖥️ The first stage of the attack instals BeaverTail, a downloader targeting both Windows and macOS. This then loads InvisibleFerret, a Python-based backdoor.

🦊 Sneaky Techniques!

The hackers continue their attacks despite being exposed, as their tactics remain effective. They use fake video conferencing apps to spread malware—now using the Qt framework for cross-platform infection. BeaverTail can steal browser passwords and cryptocurrency wallet data! 💳💻

🔍 What's Next?

These hackers haven't changed much about their strategy because it works! The malware can steal from 13 different cryptocurrency wallets, likely making this a financially motivated campaign to fund the North Korean regime. 🕵️‍♂️

Stay vigilant, especially if you're a developer seeking new opportunities—fake interviews might be more than just a bad offer. 🔒

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

04/10/2024

🚨 Newly Patched Kia Vulnerabilities Could Have Allowed Remote Control of Vehicles 🚗

Talk about driving without a licence (plate) 💀 Cybersecurity researchers recently disclosed a set of vulnerabilities in Kia vehicles that could have been exploited to gain remote control over key vehicle functions using nothing more than a licence plate number. These vulnerabilities, which have since been patched, affected nearly all Kia models manufactured after 2013.

💥 Key Findings

Researchers Neiko Rivera, Sam Curry, Justin Rhinehart, and Ian Carroll discovered that attackers could remotely gain control over a Kia vehicle's functions such as unlocking doors, starting the engine, or honking, all in under 30 seconds. The attacks did not even require an active Kia Connect subscription, meaning any vehicle equipped with the hardware was at risk.

🛠️ How the Attack Worked...

👉 To continue reading, please visit www.gonephishing.xyz and sign up to our newsletter to never miss a story!

27/09/2024

🚨 Takedown of International Criminal Network Behind Phishing Scheme 🛡️

Law enforcement authorities have successfully dismantled an international criminal network responsible for a phishing-as-a-service (PhaaS) platform known as iServer, which has targeted over 483,000 victims globally. Countries most affected include Chile (77,000), Colombia (70,000), and Ecuador (42,000), among others.

The takedown, called Operation Kaerb, was a joint effort between multiple countries, including Spain, Argentina, Chile, Colombia, and Peru. The operation, which ran from September 10 to 17, led to the arrest of an Argentinian national believed to be the mastermind behind iServer since 2018.

In total, 17 arrests were made, with 28 searches conducted, and over 921 items—including electronic devices, weapons, and mobile phones—were seized. Notably, 1.2 million phones are estimated to have been unlocked by the criminal network to date.

🛒 Phishing-as-a-Service (PhaaS) Platform

iServer was an automated phishing platform specifically designed to harvest credentials to unlock stolen or lost phones, setting it apart from typical phishing operations. The platform offered a web interface that allowed criminals, referred to as "unlockers," to retrieve passwords and user credentials from cloud-based platforms. These credentials were then used to bypass Lost Mode and unlink devices from their rightful owners.

🔗 Phishing Tactics...

👉 To continue reading, please visit www.gonephishing.xyz and sign up to our newsletter to never miss a story!

20/09/2024

🚨 Binance Warns of Global Clipper Malware Threat Targeting Crypto Users! 💸💻

Binance has issued a warning about a global clipper malware threat targeting cryptocurrency users, aiming to facilitate financial fraud by hijacking clipboard data. 🔓🚨 Clipper malware, also called ClipBankers, monitors a user's clipboard and replaces copied cryptocurrency wallet addresses with those controlled by attackers. This sneaky swap redirects digital assets to rogue wallets instead of the intended destination. 💼💸

The issue surged on August 27, 2024, causing significant financial losses, especially for users downloading unofficial apps and plugins on Android, iOS, and web platforms. 📱💻 Binance is actively blocklisting attacker addresses and has advised affected users to check for suspicious software. 🔒🔍

Binance urges users to avoid downloading software from unofficial sources and ensure apps are authentic. This malware often spreads through unofficial channels, especially when users search for apps in their native languages. 🌐⚠️

Cryptocurrency scams remain widespread, with 2023 marking a record year for fraud, leading to over $5.6 billion in losses, according to the FBI. 💰 Binance and security firms are on high alert, and users are encouraged to stay vigilant! 🛡️💡

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

13/09/2024

🚨 New Side-Channel Attack 'RAMBO' Exploits Radio Signals from RAM 🖥️

A novel side-channel attack named RAMBO has been uncovered, leveraging radio signals emitted by a device’s random access memory (RAM) to exfiltrate sensitive data from air-gapped networks.

This technique was developed by Dr. Mordechai Guri, head of the Offensive Cyber Research Lab at Ben Gurion University in Israel. RAMBO uses software-generated radio signals to encode and transmit sensitive information, such as files, images, encryption keys, and biometric data, posing a significant threat to highly secure, isolated systems. 📡💾

⚙️ How RAMBO Works

The attack relies on software-defined radio (SDR) hardware and a simple antenna to intercept the transmitted radio signals from compromised devices.

These signals can be decoded and translated back into binary information by a remote attacker, using SDR to demodulate and retrieve the exfiltrated data.

The malware manipulates the RAM’s clock frequencies to generate electromagnetic emissions that are encoded using Manchester encoding, allowing the data to be transmitted covertly.

This technique has been demonstrated on systems with Intel i7 3.6GHz CPUs and 16 GB RAM, achieving data exfiltration speeds of up to 1,000 bits per second. 📈🔑

👀 Exfiltration Capabilities of RAMBO

The RAMBO attack can leak various types of data, including keystrokes, documents, and biometric information.

For example:

Keystrokes: Exfiltrated in real-time with 16 bits per key.

- RSA Encryption Keys: A 4096-bit key can be exfiltrated in about 41.96 seconds at low speeds.

- Small Files: Biometric data, images (.jpg), and documents (.txt, .docx) can be transmitted within 400 seconds at slower speeds and even faster at higher speeds.

The efficiency of RAMBO makes it capable of leaking relatively brief information over a short period, underscoring the risk it poses to air-gapped systems. 📉🗂️

🛡️ Potential Countermeasures...

👉 To continue reading, please visit www.gonephishing.xyz and sign up to our newsletter to never miss a story!

06/09/2024

🚨 Bitcoin ATM Scams Surge, Costing Victims Millions! 💸

Bitcoin ATM scams are on the rise, with victims losing a staggering $114 million in 2023, nearly 10 times the $12 million lost in 2020, according to the Federal Trade Commission (FTC). Already, $65 million has been reported lost in just the first half of 2024. These scams are evolving, but the core tactic remains the same: tricking people into paying scammers under false pretences. 💰📉

🔍 How Bitcoin ATM Scams Work

Bitcoin ATMs, found in places like gas stations and grocery stores, allow users to buy and sell cryptocurrency. Scammers exploit this by contacting victims via phone, text, or online pop-ups, often impersonating bank or government officials. They convince victims that their bank accounts have been compromised and urge them to withdraw cash to secure their funds in what the scammers misleadingly refer to as “safety lockers.” 🚨📲

🛑 The Scam Process...

👉 To continue reading, please visit www.gonephishing.xyz and sign up to our newsletter to never miss a story!

19/08/2024

🚨 North Korea’s “Laptop Farm” in Nashville Exposed! 💻

🤖 Fraud Scheme Uncovered 🤖 The U.S. Department of Justice (DoJ) has charged 38-year-old Matthew Isaac Knoot from Nashville for allegedly running a “laptop farm” to help North Korean IT workers secure remote jobs with American and British companies. These roles allegedly funded North Korea’s illicit weapons program.

💻 Deceptive Operations 💻
Knoot is accused of using stolen identities, including that of "Andrew M.," to deceive companies into hiring North Korean operatives. These workers used the stolen identity to secure jobs, while Knoot facilitated their access by hosting company laptops at his residence and installing unauthorised software.

🕵️ Exposing the Scheme 🕵️

From July 2022 to August 2023, Knoot’s operation allegedly caused over $500,000 in damages. He faces serious charges, including wire fraud and identity theft, which could result in up to 20 years in prison. This case follows similar charges against another individual, Christina Marie Chapman, earlier this year.

🏞️ Bigger Picture 🏞️

The scheme highlights ongoing threats posed by North Korean cyber operations, as recent advisories warn about IT workers generating revenue for the regime from abroad. The situation underscores the importance of vigilance in hiring practices, especially in the digital age.

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

12/08/2024

🚨🌐 "0.0.0.0 Day" Puts Your Browser at Risk! 🌐

A dangerous new vulnerability, "0.0.0.0 Day," has been discovered in all major web browsers. This flaw could let hackers use malicious websites to break into local networks and access sensitive info. 🕵️‍♂️💻

🔍 What's the Danger?

The problem comes from how browsers handle certain network requests, especially with the IP address 0.0.0.0. Hackers can use this to sneak into local services, leading to possible remote code ex*****on. 😨🚫

💻 Who’s Affected?

This impacts Google Chrome, Mozilla Firefox, and Apple Safari on macOS and Linux. Windows users are safe for now, thanks to a block on this IP address. 🛡️✨

🚨 How Hackers Exploit It

By using public websites with domains like ".com," attackers can communicate with services on your local network via 0.0.0.0, bypassing important security measures like Private Network Access (PNA). 🌐🔓

🛠️ What's Being Done?

Web browsers are expected to block 0.0.0.0 access entirely by April 2024, preventing public websites from abusing this flaw. 🛠️🚫

🛡️ Stay Safe!

This vulnerability shows the need for better security across all browsers. Be cautious online until the fix is in place! 🌐👀

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

05/08/2024

🚨 Android Malware Alert! 📱

A large-scale campaign using malicious Android apps has been stealing users' SMS messages since February 2022. Over 107,000 unique malware samples have been found, targeting one-time passwords (OTPs) for identity fraud. 😱

🌐 Global Reach

Victims have been detected in 113 countries, with India and Russia hit hardest, followed by Brazil, Mexico, the U.S., Ukraine, Spain, and Turkey. This malware is intercepting OTPs from over 600 global brands. 🌎

🕵️ How It Works

- Deceptive Ads: Victims are tricked into installing malicious apps through fake ads mimicking Google Play Store listings or Telegram bots.

- SMS Access: Once installed, these apps request access to SMS messages and transmit them to one of 13 command-and-control (C2) servers. 📲

⚠️ Hidden Threat

The malware stays hidden, monitoring incoming SMS messages for OTPs used in online account verification. This allows hackers to commit identity fraud and create fake accounts. 🔐

💸 Payment Methods

Threat actors behind this campaign accept cryptocurrency and other payments to fuel a service called Fast SMS (fastsms[.]su), selling access to virtual phone numbers. 💰

🔐 Google’s Response

Google Play Protect, enabled by default on devices with Google Play Services, offers automatic protection against known malware versions. 🛡️

🚀 Continued Threat

Malicious actors continue to abuse Telegram for malware distribution and C2 operations. Recent discoveries include SMS Webpro and NotifySmsStealer targeting users in Bangladesh, India, and Indonesia. 📩

💻 Expanding to Other Platforms

The malware ecosystem is growing, with TgRAT, a Windows remote access trojan, now including a Linux variant. This malware can download files, take screenshots, and run commands remotely. 🖥️

🛡️ Stay Safe

- Avoid Suspicious Apps: Only download apps from trusted sources.

- Enable Google Play Protect: Ensure it’s active on your device.

- Be Wary of Phishing: Don't click on suspicious links in messages or emails. 🕵️‍♂️

Stay vigilant and protect your personal information! 🛡️

👉 To read more phishy articles, please visit www.gonephishing.xyz

29/07/2024

🚨 North Korean Operative Indicted for Ransomware Attacks on U.S. Healthcare 🏥

The U.S. Department of Justice has unsealed an indictment against a North Korean military intelligence operative, Rim Jong Hyok, for ransomware attacks targeting U.S. healthcare facilities. These attacks funnelled payments to support further cyber intrusions into defence, technology, and government entities worldwide.

🕵️‍♂️ Ransomware and Laundering

Rim Jong Hyok and his associates used ransomware to extort hospitals and health care companies in the U.S., laundering the proceeds to fund North Korea's illicit activities. This dangerous activity placed innocent lives at risk, according to FBI deputy director Paul Abbate.

💰 Reward and Arrests

The U.S. Department of State has announced a reward of up to...

👉 To continue reading, please visit www.gonephishing.xyz and sign up to our newsletter to never miss a story!

15/07/2024

🚨 AT&T Data Breach Alert! 🗃️

Hackers accessed data from almost all AT&T wireless customers and MVNOs between April 14-25, 2024. The stolen info includes customer call and text records from May 2022 to January 2023. 📅

📞 What's at Risk?

The breach exposed telephone numbers, interaction counts, call durations, and cell site IDs. This data can reveal who talked to whom and when. 📊

🔍 How Did It Happen?

Hackers exploited a third-party cloud platform, linked to Snowflake, affecting other major companies too. AT&T discovered the breach on April 19 and is working with law enforcement. 👮‍♂️

🛡️ What's Being Done?

AT&T will notify affected customers and urges vigilance against phishing and fraud. They’ve paid $370,000 in cryptocurrency to hackers for data deletion proof. Meanwhile, Snowflake is enforcing mandatory multi-factor authentication. 🛡️

🕵️‍♂️ Who’s Responsible?

24-year-old John Binns, already indicted for a 2021 T-Mobile hack, is connected to this incident. The hacker group ShinyHunters claimed responsibility. 🕵️‍♂️

Stay alert, and only trust messages from known senders! 📲

Top Tips 🛡️

- Be cautious of phishing and smishing attempts.

- Request details of your compromised call and text records.

- Enable multi-factor authentication on all accounts. 🔐

Stay vigilant, folks!

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

04/07/2024

🚨 Hacker Busted for 'Evil Twin' Wi-Fi! 👬🏻

Australian authorities arrested a man for using a portable Wi-Fi device to set up scam networks on flights, stealing data from unsuspecting passengers. Here's the scoop:

✈️ In-Flight Data Theft

During a domestic flight, airline employees noticed a suspicious Wi-Fi network. Upon landing in Perth, police found a 42-year-old man from West Australia with a mobile access device, laptop, and mobile phone in his carry-on luggage.

🕵️‍♂️ Sneaky Tactics

The man allegedly used these devices to create fake Wi-Fi access points mid-flight, tricking passengers into logging on and entering personal information such as email addresses and social media credentials. The investigation revealed similar cybercrimes at airports in Melbourne, Adelaide, and other locations.

🔒 Safety Tips from Authorities

Andrea Colman, an Australian AFP cybercrime detective inspector, advises that you shouldn't have to enter personal details to connect to free Wi-Fi networks. To protect yourself, install a reputable VPN on your devices to encrypt your data. Colman also suggests disabling Wi-Fi on mobile devices in public to prevent automatic connections to malicious hotspots.

"When using a public network, disable file sharing, don't do anything sensitive like banking, and change your device settings to 'forget network' once you're done," Colman added.

👮🏻 Facing Charges

The suspect now faces nine separate cybercrime charges. Travellers are urged to stay vigilant and cautious when using public Wi-Fi.

Stay safe and secure! 🛡️

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

03/07/2024

🚨 Israel Targeted With Cyberattacks! 🐪

Cybersecurity researchers have uncovered a new attack campaign targeting various Israeli entities using public frameworks like Donut and Sliver. Here's a quick breakdown:

🎯 Highly Targeted Attack

The campaign focuses on Israeli entities across different sectors. It uses open-source malware such as Donut and Sliver.

🕵️‍♂️ Supposed Grasshopper

Discovered by the French company HarfangLab, this campaign uses target-specific infrastructure and custom WordPress sites for payload delivery. The initial downloader, written in Nim, fetches malware from a server (auth.economy-gov-il[.]com/SUPPOSED_GRASSHOPPER.bin).

🛠️ Malware Delivery

In the first stage, a basic downloader fetches second-stage malware via virtual hard disk (VHD) files from custom WordPress sites. In the second stage, the Donut framework delivers Sliver, an open-source Cobalt Strike alternative.

🤔 Unknown Motives

Researchers suggest the campaign might be a legitimate pe*******on testing operation, raising transparency issues.

🔍 Related Discovery

SonicWall Capture Labs found an infection chain using Excel files to drop the Orcinius trojan. This multi-stage trojan uses Dropbox and Google Docs, hooks into Windows to monitor activity, and creates persistence via registry keys.

Stay vigilant! 🛡️

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

02/07/2024

🚨 Transparent Tribe Unleashes Malware-Laced Android Apps 🎯

We can see straight through you! 👀 The threat actor Transparent Tribe continues its malicious streak by distributing malware-laced Android apps through social engineering campaigns. 🚨📱

CapraTube Campaign Expands Targeting Scope 🔍

SentinelOne security researcher Alex Delamotte revealed that these APKs embed spyware into curated video browsing applications. The latest expansion targets mobile gamers, weapons enthusiasts, and TikTok fans. 🎮🔫🎵

The campaign, dubbed CapraTube, was first outlined in September 2023. Transparent Tribe uses these weaponized apps to deliver CapraRAT, a modified version of AndroRAT. This spyware captures a wide range of sensitive data by impersonating legitimate apps like YouTube. 📹🕵️‍♂️

New Malicious APKs Identified 📜

SentinelOne identified several new malicious APK files:

- Crazy Game (com.maeps.crygms.tktols)

- Sexy Videos (com.nobra.crygms.tktols)

- TikToks (com.maeps.vdosa.tktols)

- Weapons (com.maeps.vdosa.tktols)

CapraRAT uses WebView to launch URLs to YouTube or CrazyGames[.]com. In the background, it abuses permissions to access locations, SMS messages, contacts, call logs, make phone calls, take screenshots, and record audio and video. 🗺️📧📞📸🎤

Spyware Enhancements 🔒

A notable change in CapraRAT is that permissions like READ_INSTALL_SESSIONS, GET_ACCOUNTS, AUTHENTICATE_ACCOUNTS, and REQUEST_INSTALL_PACKAGES are no longer requested. This suggests a shift towards using the tool primarily for surveillance rather than as a backdoor. 🔍🔑

Additional Threats: Snowblind Banking Malware ⚠️

The disclosure coincides with Promon revealing Snowblind, a novel type of Android banking malware. Similar to FjordPhantom, Snowblind bypasses detection methods and uses the accessibility services API surreptitiously. By intercepting and manipulating system calls using the seccomp functionality, Snowblind can steal credentials, export data, and disable 2FA or biometric verification. 🏦🔑🔍

Stay vigilant and ensure your devices are secure against these evolving threats! 🛡️📱

👉 To read more phishy articles, please visit www.gonephishing.xyz & sign up!

01/07/2024

🚨 TeamViewer Detects IT Irregularity 🖥️

On June 26, 2024, TeamViewer discovered an "irregularity" in its internal corporate IT environment. 🖥️🔍

"We immediately activated our response team and procedures, started investigations together with a team of globally renowned cybersecurity experts, and implemented necessary remediation measures," the company said in a statement. 🛡️👨‍💻

Customer Data Unaffected 🔒

TeamViewer assured that its corporate IT environment is separate from the product environment and there is no evidence of customer data being impacted. 📊✅ An investigation is underway, and updates will be provided as new information becomes available. 🔄

TeamViewer, based in Germany, develops remote monitoring and management (RMM) software used by over 600,000 customers globally. 🌍📈

Health-ISAC Bulletin and APT29 Involvement ⚠️

The U.S. Health Information Sharing and Analysis Center (Health-ISAC) issued a bulletin about threat actors exploiting TeamViewer. 🏥🚨 APT29, a state-sponsored Russian threat actor, has been linked to this activity. 🕵️‍♂️

Attack Attributed to APT29 🕵️‍♂️

On Friday, TeamViewer attributed the attack to APT29, targeting credentials associated with an employee account. 🧑‍💼🔑

"Based on continuous security monitoring, our teams identified suspicious behaviour of this account and immediately put incident response measures into action," TeamViewer noted. "There is no evidence that the threat actor gained access to our product environment or customer data." 🛡️✅

Ongoing Response and Recommendations 🔄

TeamViewer is working with Microsoft and has implemented stronger security measures. 🛡️ Microsoft also revealed that some customer email inboxes were accessed by APT29 following a related breach. 📧🔓 TeamViewer continues to rebuild its internal IT environment to enhance security and has informed employees and relevant authorities. 🏢🔒 The situation remains under investigation. 🔍

👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story!

Address

Website

https://www.gonephishing.xyz/

Alerts

Be the first to know and let us send you an email when Gone Phishing Daily posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Videos

🚨 Emerging Threat: GenAI-Powered Phishing Attacks 🎣 In the tumultuous landscape of 2023, ransomware emerged as a relentless adversary, making headlines weekly with high-profile targets like MGM, Johnson Controls, Chlorox, and others falling victim. Among the various cyber threats, phishing-driven ransomware looms largest, constituting 90% of data breaches and causing over $10 billion in losses, according to reports from CISA and Cisco. GenAI 🤖 Enter the era of Generative Artificial Intelligence (GenAI), a game-changer in the realm of cybercrime. Exploiting human vulnerabilities rather than technological weaknesses, phishing stands as a potent strategy for cybercriminals. GenAI tools, like fraudulent versions of ChatGPT, enable the creation of highly personalised and context-aware phishing messages, making them virtually indistinguishable from genuine human communication. These attacks pose a significant challenge to traditional anti-phishing solutions, as GenAI-generated content lacks the typical signs of phishing. I see your GenAI, and raise you a Next-Gen MFA 🃏 In response to this evolving threat landscape, the spotlight shifts to Next-Generation Multi-Factor Authentication (Next-Gen MFA). Legacy MFA technology, often two decades old, proves insufficient against GenAI attacks. Next-Gen MFA, leveraging FIDO2-compliant wearables, emerges as a robust defence mechanism, virtually phishing-proof by eliminating human vulnerabilities. As GenAI-powered phishing attacks escalate, adopting wearable Next-Gen MFA devices, such as the Token Ring, becomes imperative. These devices offer a formidable defence against the sophistication of modern phishing threats, ensuring constant user safety and robust cybersecurity. Upgrade to Next-Gen MFA to stay ahead in the evolving landscape of cyber threats. 👉 To read more phishy articles, please visit www.gonephishing.xyz - and sign up to our newsletter to never miss a story! #Newsletter #CyberSecurity #Technolo

Shortcuts

Address
Alerts
Videos
Claim ownership or report listing
Want your business to be the top-listed Media Company?

Country:

City: