Weekly Cyber Security
News Events &Information
From sources found online in the past seven days
Hello all,
It was a lighter news cycle this week, but there was still a good deal to read and digest. Microsoft, after taking a severe bruising from the Cyber Safety Review Board, has pledged to make Security their number one priority. And the impact of successful cyber-attacks are among some of the items We’ll highlight this week. So, onward.
The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.
Notable Callouts:
- Aruba, by HPE has patched ten vulnerabilities, four of which were critical Remote Code Execution bugs in their ArubaOS. So far there is no sign of active exploitation. Patch quickly before the Threat Actors figure out how to exploit them.
- Clorox, is not a name you see in tech news too often, unless you recall that they had a “cyber attack” in August of last year. The recovery from that incident took significant time, stalling production, and distribution of products. Current news is that their latest numbers show that they are still suffering with distribution issues which are having negative financial effects. An organization the size of Clorox can likely weather this storm. However, you need to ask yourself, do you have a business continuity plan (BCP) that could keep your enterprise afloat in a similar scenario?
- Docker has been shown to have millions of repositories that “contain[ed] malicious content, ranging from spam to dangerous malware and phishing sites.” Moderation appears to be somewhat lacking. Although with millions of them, how could anyone moderate all of that? It is incumbent upon the person downloading to vet the content.
- Dropbox had someone break into their Dropbox Sign (formerly HelloSign) and get information “related to all users of Dropbox Sign, including account settings, names and emails. For some users, phone numbers, hashed passwords and authentication information like API keys, OAuth tokens and multi-factor authentication methods were also exposed.” Further, if you’ve ever received a Dropbox Sign or HelloSign email, your email address is now in the dirty mitts of the hacker as well. You’re welcome. Expect a flood of fake emails related to this soon.
- Microsoft released a patch in January to address a security flaw that could allow attackers to bypass BitLocker encryption. The patch failed if your WinRE (Windows Recovery Environment) partition didn’t have at least 250MB of free space. Significant numbers of systems don’t have enough space. Even reinstalling Windows 10 won’t fix the issue because the WinRE partition is only 522MB by default when it is created by the Windows installer. Now Microsoft is telling us that it has given up on making an automatic fix for Windows 10 for their failing update. They now say that the WinRE partition must be resized manually – on every system. BTW, many Windows 11 systems have the same issue, but Microsoft hasn’t said they’ve given up on it, yet.
- OpenVPN is the underpinning of many VPN (Virtual Private Network) solutions out there. Some researchers have listed their upcoming BlackHat USA 2024 talk where they’ll be showing zero-day flaws in the product. Unless you’re directly using OpenVPN (which many people do), you’ll need to wait for vendors to incorporate any fixes needed into their software. If you use OpenVPN, watch for updates and apply quickly.
- Palo Alto has been fighting a maximum severity flaw in their firewalls for a few weeks now. New guidance was issued this week. If you use this gear, make sure that you stay up to date on the continually evolving state of mitigation.
- Yaroslav Vasinskyi, may his name rot in a very warm uncomfortable place, was sentenced this week to nearly 14 years in prison and ordered to pay $16 million in restitution. He is one of the masterminds behind the Sodinokibi/REvil ransomware scourge that was responsible for thousands of companies being simultaneously encrypted when they broke into Kaseya, among other attacks. Score one for the good guys. It was a long time coming, but he has been brought to justice!
In Ransomware, Malware, and Vulnerabilities News:
- NSA, FBI alert to spoofing emails that appear to come from trusted sources. It shouldn’t have to be said, but it does. Sadly, there are still legions of people who are ignorant to the schemes of these evil people. Please verify the source before interacting with the email.
In Other News Events of Note and Interest:
- Microsoft has pledged that everything will now be looked at through the lens of security first. They’ve published a lengthy, read-worthy, blog article about “Expanding Microsoft’s Secure Future Initiative”. In the next post link below that, Satya Nadella put out a memo to Microsoft employees detailing some of the same points about safety first. Amazing what impact a few successful cyberattacks can have on a corporation.
- No more 12345 is about legislation passed by the UK to outlaw weak device passwords. It is a shame this needs legislation; manufacturers shouldn’t need to be forced to do the right thing.
In Cyber Insurance News:
- Berkly Cyber Risk Solutions to offer new crisis counseling coverage. Recognizing that significant mental and emotional trauma can result from cyberattack, the insurer is making this valuable service available as a covered option.
With all of the negative press out there regarding hacks, vulnerabilities, and exploits, it is easy to forget the incredible marvel that is our modern computing age. The same tool that enables the dirt-bag to drain a window’s life savings is one that allows a kick-starter campaign to raise enough money to cover someone’s emergency transplant surgery. The same remote access software that lets a threat actor into a network to do nefarious things allows the disabled person to be gainfully employed from their home. And the list could go on… Yes, great evil exists, but there is also great good. You just need to look for it – and protect it.
Keep the shields up. They really are out to get you.
Headline NEWS
- HPE Aruba Networking fixes four critical RCE flaws in ArubaOS
- Clorox Cyberattack Recovery Stalls, Pushing Outlook Down
- Millions of Docker repos found pushing malware, phishing sites
- Dropbox says hacker accessed passwords, authentication info during breach
- Microsoft admits it can’t fix Windows 10 KB5034441 “0x80070643 – ERROR_INSTALL_FAILURE”
- Critical OpenVPN Zero-Day Flaws Affecting Millions of Endpoints
- Palo Alto Updates Remediation for Max-Critical Firewall Bug
- Hacker jailed over $700M REvil ransomware scheme
Ransomware, Malware, and Vulnerabilities News
- NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources
- Hackers Who Exploited Cisco Firewall Zero-Days Linked To China
- Organizations patch CISA KEV list bugs 3.5 times faster than others
- Collection agency FBCS warns data breach impacts 1.9 million people
- CISA says GitLab account takeover bug is actively exploited in attacks
- 1,400 GitLab Servers Impacted by Exploited Vulnerability
- Hacker Sentenced After Years of Extorting Psychotherapy Patients
- Billions of Android Devices Open to ‘Dirty Stream’ Attack
- AI is creating a new generation of cyberattacks
- AI-driven phishing attacks deceive even the most aware users
- 1,200+ Vulnerabilities Detected In Microsoft Products In 2023
- Grafana Tool Vulnerability Let Attackers Inject SQL Queries
- Most attacks affecting SMBs target five older vulnerabilities
- The Breach of a Face Recognition Firm Reveals a Hidden Danger of Biometrics
- Critical infrastructure operators urged to harden systems against pro-Russia hackers
- Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers
- China-Linked ‘Muddling Meerkat’ Hijacks DNS to Map Internet on Global Scale
- Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover
- New R Programming Vulnerability Exposes Projects to Supply Chain Attacks
- Honeywell: USB Malware Attacks on Industrial Orgs Becoming More Sophisticated
- New “Goldoon” Botnet Targets D-Link Routers With Decade-Old Flaw
- Hacker free-for-all fights for control of home and office routers everywhere
- Vulnerability Exploits Triple as Initial Access Point for Breaches
- Hackers scam Southern California woman out of $25K
- Eight Arms to Hold You: The Cuttlefish Malware
- New Latrodectus malware attacks use Microsoft, Cloudflare themes
- ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan
- Lazarus Group hackers launch new method for cyber attacks
- Law firm Shook Lin & Bok hit by ransomware attack
- 1 year after cyberattack, San Bernardino County Sheriff’s Department has yet to fully recover
- London Drugs closes stores until further notice due to cyberattack
- London Drugs rebuilding infrastructure after cybersecurity breach
- Panda Restaurants discloses data breach after corporate systems hack
- Researchers find AI training data, employee credentials in exposed government contractor database
- Thousands of Airsoft players under threat after data breach
- PoC Exploit Released For Windows Kernel EoP Vulnerability
- VNC Is The Hacker’s New Remote Desktop Tool For Cyber Attacks
- AMD finally patches gaping Zenbleed security hole
Other News Events of Note and Interest
- Cool Tool: The Arc browser arrives on Windows to take on Chrome and Edge
- Cool Tool: This looks interesting – FastCopy 5.7.7
- Expanding Microsoft’s Secure Future Initiative (SFI)
- Read Satya Nadella’s Microsoft memo on putting security first
- LibreOffice 24.2.3 Office Suite Is Now Available for Download with 79 Bug Fixes
- Firefox Power User Keeps 7,400+ Browser Tabs Open for 2 Years
- LastPass goes independent over a year after serious breaches
- New CISA incident reporting draft rule deemed excessive
- Here’s five great uses for your YubiKey
- Ford Trucks Partners With Argus Cyber Security
- Should Cybersecurity Leadership Finally be Professionalized?
- NIST launches a new platform to assess generative AI
- S. Government Releases New AI Security Guidelines for Critical Infrastructure
- Take A Tour! NIST Cybersecurity Framework 2.0: Small Business Quick Start Guide
- MSI Claw claims up to 150% added performance from new BIOS and GPU driver updates
- VMware by Broadcom blinks again – this time easing change for cloud service providers
- No more 12345: devices with weak passwords to be banned in UK
- World Password Day: A Reminder We’re Still Using Crackable Tech
- FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data
- Marriott admits it falsely claimed for five years it was using encryption during 2018 breach
- Microsoft: April Windows Server updates cause NTLM auth failures
- Microsoft’s latest Windows update breaks VPNs, and there’s no fix
- Microsoft rolls out update to fix a bug that was installing Copilot on Windows 11 PCs
- Microsoft Outlook adds Copilot support for mobile apps as part of its latest updates
- Microsoft Edge gets a built-in internet speed test tool, here’s how to use it
- PSA: How to disable ‘Rewrite with Copilot’ popup in Microsoft Edge
- Microsoft fixes bug behind incorrect BitLocker encryption errors
- Microsoft starts rolling out OneDrive’s offline mode on the web