May 4, 2024


Weekly Cyber Security News
News Events and Information

Gathered from sources found on the web in the past seven days

Red-N logo


Hello all,

It was a lighter news cycle this week, but there was still a good deal to read and digest. Microsoft, after taking a severe bruising from the Cyber Safety Review Board, has pledged to make Security their number one priority. And the impact of successful cyber-attacks are among some of the items We’ll highlight this week. So, onward.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

  • Aruba, by HPE has patched ten vulnerabilities, four of which were critical Remote Code Execution bugs in their ArubaOS. So far there is no sign of active exploitation. Patch quickly before the Threat Actors figure out how to exploit them.
  • Clorox, is not a name you see in tech news too often, unless you recall that they had a “cyber attack” in August of last year. The recovery from that incident took significant time, stalling production, and distribution of products. Current news is that their latest numbers show that they are still suffering with distribution issues which are having negative financial effects. An organization the size of Clorox can likely weather this storm. However, you need to ask yourself, do you have a business continuity plan (BCP) that could keep your enterprise afloat in a similar scenario?
  • Docker has been shown to have millions of repositories that “contain[ed] malicious content, ranging from spam to dangerous malware and phishing sites.” Moderation appears to be somewhat lacking. Although with millions of them, how could anyone moderate all of that? It is incumbent upon the person downloading to vet the content.
  • Dropbox had someone break into their Dropbox Sign (formerly HelloSign) and get information “related to all users of Dropbox Sign, including account settings, names and emails. For some users, phone numbers, hashed passwords and authentication information like API keys, OAuth tokens and multi-factor authentication methods were also exposed.” Further, if you’ve ever received a Dropbox Sign or HelloSign email, your email address is now in the dirty mitts of the hacker as well. You’re welcome. Expect a flood of fake emails related to this soon.
  • Microsoft released a patch in January to address a security flaw that could allow attackers to bypass BitLocker encryption. The patch failed if your WinRE (Windows Recovery Environment) partition didn’t have at least 250MB of free space. Significant numbers of systems don’t have enough space. Even reinstalling Windows 10 won’t fix the issue because the WinRE partition is only 522MB by default when it is created by the Windows installer. Now Microsoft is telling us that it has given up on making an automatic fix for Windows 10 for their failing update. They now say that the WinRE partition must be resized manually – on every system. BTW, many Windows 11 systems have the same issue, but Microsoft hasn’t said they’ve given up on it, yet.
  • OpenVPN is the underpinning of many VPN (Virtual Private Network) solutions out there. Some researchers have listed their upcoming BlackHat USA 2024 talk where they’ll be showing zero-day flaws in the product. Unless you’re directly using OpenVPN (which many people do), you’ll need to wait for vendors to incorporate any fixes needed into their software. If you use OpenVPN, watch for updates and apply quickly.
  • Palo Alto has been fighting a maximum severity flaw in their firewalls for a few weeks now. New guidance was issued this week. If you use this gear, make sure that you stay up to date on the continually evolving state of mitigation.
  • Yaroslav Vasinskyi, may his name rot in a very warm uncomfortable place, was sentenced this week to nearly 14 years in prison and ordered to pay $16 million in restitution. He is one of the masterminds behind the Sodinokibi/REvil ransomware scourge that was responsible for thousands of companies being simultaneously encrypted when they broke into Kaseya, among other attacks. Score one for the good guys. It was a long time coming, but he has been brought to justice!

In Ransomware, Malware, and Vulnerabilities News:

  • NSA, FBI alert to spoofing emails that appear to come from trusted sources. It shouldn’t have to be said, but it does. Sadly, there are still legions of people who are ignorant to the schemes of these evil people. Please verify the source before interacting with the email.

In Other News Events of Note and Interest:

  • Microsoft has pledged that everything will now be looked at through the lens of security first. They’ve published a lengthy, read-worthy, blog article about “Expanding Microsoft’s Secure Future Initiative”. In the next post link below that, Satya Nadella put out a memo to Microsoft employees detailing some of the same points about safety first. Amazing what impact a few successful cyberattacks can have on a corporation.
  • No more 12345 is about legislation passed by the UK to outlaw weak device passwords. It is a shame this needs legislation; manufacturers shouldn’t need to be forced to do the right thing.

In Cyber Insurance News:

  • Berkly Cyber Risk Solutions to offer new crisis counseling coverage. Recognizing that significant mental and emotional trauma can result from cyberattack, the insurer is making this valuable service available as a covered option.

With all of the negative press out there regarding hacks, vulnerabilities, and exploits, it is easy to forget the incredible marvel that is our modern computing age. The same tool that enables the dirt-bag to drain a window’s life savings is one that allows a kick-starter campaign to raise enough money to cover someone’s emergency transplant surgery. The same remote access software that lets a threat actor into a network to do nefarious things allows the disabled person to be gainfully employed from their home. And the list could go on… Yes, great evil exists, but there is also great good. You just need to look for it – and protect it.

Keep the shields up. They really are out to get you.

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Cyber Insurance News
Tags
Share this with: