March 30, 2024 - Red N Security

Weekly Cyber Security News
News Events and Information

Gathered from sources found on the web in the past seven days

Hello all,

This has been an interesting news-cycle week. An inordinate amount of electrons have been devoted to reporting about the Middle Kingdom’s activities and citizens. China is under scrutiny for an assortment of cyber-attacks and fear is growing regarding them gaining a technological advantage over western nations. So, read on for more details about this and other items regarding various vulnerabilities, exploits, and some cool technology wins.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

Apple has released updates to address newly revealed vulnerabilities, and to fix their debacle with macOS 14.4 disabling USB hubs, printers, Java, and more If you have iFruit, update for both stability and security as soon as you’re able.
AT&T has been denying or downplaying reports of a massive data breach involving over 70 million customers. Welp, this week they confirmed that it is real and reset millions of customer passcodes in response. They will also be offering credit monitoring and the like. Ouch.
BlueDucky. No, this isn’t something a Jeep owner finds on their hood. Actually, they might. But this particular BlueDucky is a tool that allows anyone to exploit CVE-2023-45866 with little to no effort, and it requires zero-clicks on the part of the victim. Bottom line, if your device can’t get updates for this Bluetooth vulnerability, turn Bluetooth off, or replace your device.
China has been accused by the governments of Finland, New Zealand, United Kingdom, and United States of actively sponsoring, supporting, and / or turning a blind eye toward hacking attacks against their countries and citizens. China vehemently denies the charges. Both the UK and the US have issued sanctions against Chinese nationals, and the US is offering a reward of up to $10 million regarding the men. Additional reports in our Other News Events of Notes and Interest section show China wanting to secure high-density chip fabrication technology, and the impact import restrictions are having on those ambitions and the fallout that corporations such as Intel, Microsoft, and HP are experiencing due to sanctions and embargoes.
Cisco warns of password-spraying attacks against VPN services. Here’s a thought Cisco, include native 2FA, at no additional cost, in your devices that offer VPN services. Problem solved.
Neuralink has shown a quadriplegic person with their implanted technology playing Mario Kart using the interface. It looks like Ray Kurzweil’s prediction of “singularity” may be coming ever closer to reality in our lifetimes.
XZ tools is used by most Linux distributions. Some creative bad guy managed to sneak in malicious code into the source repository. RedHat and others are urging immediate action to mitigate the backdoor this hack introduced.
Zero-days that were exploited in the wild jumped by 50% in 2023. That means that attack vectors that we didn’t know existed and could do little about before the bad guys used them doubled last year. And 2024 is shaping up to be similar.

In Ransomware, Malware, and Vulnerabilities News:

German Police along with Lithuania, and the US, seized the Nemesis Market, a Darknet crime shop for buying stolen credentials, initial access, purloined data, and more. Score one for the good guys!
Edge, Google Chrome, and Mozilla Firefox all received updates this week to patch zero-day vulnerabilities that were exploited recently in Pwn2Own in Vancouver, Canada. Check your browser for updates and do it. There are rumors that one of the Chromium zero-days is a drive-by, implying that no user interaction, other than opening a site is needed.

In Other News Events of Note and Interest:

Gmail turns 20 years old this week, can you believe it? In a time when email boxes had paltry amounts of storage measured in MBs, Google came out of the gate offering 1GB of space. The world hasn’t been the same since.
Russia, both Microsoft and HP have shut down most operations in Russia this week. Microsoft pulled their cloud services, and HP shut down their Russian support website.

In Cyber Insurance News:

Beware war exclusions in cyber insurance. The ongoing war between Russia and Ukraine have had some nasty spill-over effects to parts of the world not actively engaged in conflict. However, if cyber-warriors from either side of that conflict cause your company damage, would that fall under the “Acts of War” exclusion for coverage? The time to find out is now, and ensure you’re protected. Not once an event happens.

Familiarity, fatigue, and fog of war. We’re faced with it every day in the cyber security industry. Another ransomware incident, another data breach, another authentication bypass, another DDoS attack, another… you get the gist. Yet we cannot yield, we must remain on guard and ever watchful as if the digital lives of our charges depend on it, for they truly do.

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Cyber Insurance News