Hello all,
Congratulations Cyber Warrior! You’ve made it to the end of another year. It has been a daunting one with a massive AI-fueled upswing in phishing, smishing, malvertising, hacking, cracking, encrypting, DDoSing, stealing and destruction. Experts are sadly predicting that 2024 will not fare much better. However, there is hope. Just as AI elevated cyber-crime to new heights, it is finally starting to show signs of enabling enhanced defenses to catch malicious activity quicker and the ability to cut through the incessant barrage of the noise of attacking hordes. This week has been mostly quiet, but there are items to report on, so let’s get to it.
The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.
Notable Callouts:
- Apache OfBiz ERP has a critical zero-day that is already being exploited. If you use this, patch immediately!
- Apple was able to get a stay on the order banning Apple Watch sales. Alas, it was after the Christmas shopping season, so likely sales will be nowhere near what were anticipated.
- Barracuda keeps getting harpooned by Chinese threat actors and fried to a golden crisp. Another zero-day in their Email Security Gateway was just patched by the toothy-fish company. Devices were supposed to have been automatically updated, but if you use this, it may be prudent to check yours.
- Securities Exchange Commission (SEC) reporting rules went into effect on December 15, requiring public companies to disclose any event that may be material to investors within four days of the event. No more hiding for months. It is going to get interesting.
- Tesla had one of their engineers “mauled” by a robot in Texas. I suspect that it wasn’t programmed with Asimov’s Three Laws of Robotics… While this was an industrial accident, I expect that it won’t be long before a large military power starts imbuing fighting robots with AI directives to do actual harm.
In Ransomware, Malware, and Vulnerabilities News:
- First American Financial is back online after being down for about a week. That’s actually a pretty good recovery time. There are still aspects down, and their investigation will likely take months to produce definitive results.
- I review security software… reveals a new, free, service from Bitdefender called Scamio that seems promising. It is worth taking a look.
In Other News Events of Note and Interest:
- Google released an update for their Home Mini smart devices that made them rather dumb and bricked a goodly number.
- Ferret is the name for Apple’s public Large Language Model (LLM) which slipped out into the wild like its weaselly namesake – largely unnoticed until now. Apparently, it can run on rather modest hardware and is open source. I can hear Arnold Schwarzenegger’s voice saying, “This is not a Ferret, This is an AI.”
In Cyber Insurance News:
- Why CISOs Need to Make Cyber Insurers Their Partners does a good job of wording that they should be on the same team, as neither wants something bad to happen to a company.
In the coming weeks there will be a plethora of retrospective articles about the year that was and prognosticating ones about the new year. While nobody has a crystal ball that will provide clear guidance to navigate the turbulent waters of the cyber ocean. Proverbs 11:14 says, “..In the multitude of counselors there is safety”. Remember, none of us is as smart as all of us. Stay informed of trends and activities of both the good guys and the evil dirtbags intent on doing you and your charges harm. By doing so, we can hopefully stay one step ahead and have a safe, prosperous, and happy 2024.
Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News
Headline NEWS
- Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack
- US lifts ban on imports of latest Apple watch
- Barracuda fixes new ESG zero-day exploited by Chinese hackers
- SEC mandates public companies disclose cyber incidents
- Tesla Software Engineer Mauled By Robot At Texas Factory
Ransomware, Malware, and Vulnerabilities News
- Top 10 security stories of 2023
- 5 pivotal cybersecurity trends for 2024
- 3 main tactics attackers use to bypass MFA
- The hidden cyber security risks of QR codes
- How to recognize AI-generated phishing mails
- How AI Is Shaping the Future of Cybercrime
- First American says funds secure despite cyberattack
- Title insurer First American back online after cybersecurity incident
- Ohio lottery cybersecurity incident investigation
- Ryan Reynolds-backed Mint Mobile discloses data breach
- Essential DDoS statistics for understanding attack impact
- Zoom Open-sources New Vulnerability Impact Scoring System VISS
- CBS, Paramount owner National Amusements says it was hacked
- New Version of Meduza Stealer Released in Dark Web
- Eagers Automotive halts trading in response to cyberattack
- Hackers Attacking Linux SSH Servers to Deploy Scanner Malware
- Hackers steal customer data from Europe’s largest parking app operator
- LockBit gang claims to have breached accountancy firm Xeinadin
- Ransomware Gangs Are Collaborating To Attack Financial Services
- Ransomware Group Claims 100 Gb of Data Stolen From Nissan
- Lockbit ransomware attack interrupted medical emergencies at a German hospital network
- Carbanak Banking Malware Resurfaces with New Ransomware Tactics
- US Seizes BlackCat Ransomware Site, Offering Decryption Tool
- All I really need to know about cybersecurity, I learned in kindergarten
- Experts analyzed attacks against poorly managed Linux SSH servers
- Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks
- CISA: Exploitation of QNAP NVR, Future X Communication router flaws underway
- Fidelity National Financial subsidiary says 1.3 million affected by November cyberattack
- Cybercriminals launched ‘Leaksmas’ event exposing massive volumes of PII and compromised data
- I review security software for a living and I just found a new way to stop online scams
- Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts
- Researchers Uncover the ‘Most Sophisticated’ iPhone Exploit Ever
- Microsoft disables MSIX protocol handler abused in malware attacks
- New DMARC Data Shows 75% Increase in Suspicious Emails Hitting Inboxes
- Hackers see wealth of information to steal in kids’ school records
- iPhone Triangulation attack abused undocumented hardware feature
- Hybrid online frauds likely to gain momentum in 2024: Report
Other News Events of Note and Interest
- How to take advantage of Chrome’s side panel
- GitHub warns users to enable 2FA before upcoming deadline
- The New York Times sues OpenAI and Microsoft for copyright infringement
- Thousands of vendors fail to comply with ban on Chinese telecommunications equipment
- Apple’s first public LLM is called Ferret, powered by 8 Nivida A100 GPUs
- Hospitals ask courts to force cloud storage firm to return stolen data
- An Introduction to Ubuntu’s ‘Uncomplicated’ Firewall
- Google Home Mini update bricks devices for some users
- Google settles $5B lawsuit over tracking ‘incognito mode’ users
- Project Kuiper: Amazon’s answer to SpaceX’s Starlink passes ‘crucial’ test
- “Impossible” Puzzle Solved After 243 Years Using Quantum Entanglement
- GitLab Launches Browser-Based Dynamic Application Security Testing
- If successful, Intel’s next generation Battlemage graphics cards will benefit all gamers
- Microsoft reverts Windows 10’s File Explorer to pre-19H2 version, removes OneDrive search bar
- Microsoft releases new Windows 11 version 23H2 installation media (version 2)
- Microsoft year in review 2023: The year of Copilot
- Microsoft bet big on AI in 2023, but its AI future is still unclear
- How to Edit Windows OEM Information in System Settings
- Israel grants Intel $3.2 billion for new $25 billion chip plant
- Cool Tool – Xplorer: Not Just a Pretty Open-Source File Manager
- Cool Tool – WingetUI 2.2.0 updated with new features and fixes
- War of the workstations: How the lowest bidders shaped today’s tech landscape
- Copying files between Windows and Linux with SCP and PowerShell
- The top 10 AI tools of 2023, and how to use them to make more money
- Intel Meteor Lake BIOS update delivers double-digit performance boost
- How to Enable Core Isolation’s Memory Integrity Feature on Windows 11
- Microsoft’s game changer feature reinstalls Windows 11 directly via Windows Update