May 11, 2024

Hello all,

This week was the relative calm before the storm, as Tuesday is Patch Tuesday from Adobe, Microsoft and many other vendors. Even with the relative calm, there is still plenty to know about. So, on to the news.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

• BIG-IP appliances, by F5, has patched several vulnerabilities in Next Central Manager. It is unclear if all flaws uncovered by researchers have been patched, as three of them have remained unacknowledged by the vendor. If you use this, check with F5 for guidance.
• Citrix had two separate items that require mitigation, one set is in their Netscaler ADC and Gateway And the other is in XenCenter, where they recommend either removing Putty or updating it to at least version 0.81.
• Dell just celebrated their 40th birthday a week ago. Apparently, a hacker named Menelik decided that harvesting and offering 49 million customer records for sale would be a great way to celebrate. Thankfully, the exfiltrated data doesn’t appear to contain user information, but this could turn interesting really quick with fake update notices and the like going to Dell owners. Stay vigilant and vet any such notices carefully.
• Google patched the fifth zero-day of the year in Chrome. Since this is already under active exploitation, don’t delay updating your browser. Likewise, expect that Chromium-based browsers such as Microsoft Edge, Brave, Opera, and Vivaldi will all receive updates soon which should be applied ASAP.
• United Healthcare had their CEO report recently that 1 in 3 Americans’ data was breached by threat actors in their recent highly publicized ransomware incident. This is staggering! If three people are having lunch together, then it is very probable that at least one of them had their data stolen.
• Veeam fixed a critical Remote Code Execution vulnerability in their Service Provider Console backup management platform. It affects VSPC versions 4.0, 5.0, 6.0, 7.0 and 8.0. The fix is to update your supported version to the latest cumulative patch. If you’re running an unsupported version, upgrade, or shut it down.

In Ransomware, Malware, and Vulnerabilities News:

• Lockbit was in the news a lot. This evil ransomware scourge had their site taken over again by the authorities, then they unmasked the Admin of the site. Lockbit retaliated by publishing names and claims of breaches to dozens of organizations world-wide. I wonder what the Feds will do next. This might make a good reality TV show – I’d watch.
• BEC… Tifton, GA sent nearly $50,000 to someone they should not have. That’s got to hurt. Make sure you have processes and safeguards in place so that you don’t make a similar blunder. And in an unrelated, but also Georgia news item…
• Sawnee Electrical Cooperative had their website taken over so thoroughly that they had to obtain a new website and warn all customers to not attempt using the old site.

In Other News Events of Note and Interest:

• Microsoft Ads in Start Menu – do you hate these as much as I do? Then this new tool may be for you, check out the Oh Frick Go Back app by Maddy on GitHub.

In Cyber Insurance News:

• AI devours data is an interesting article that talks about the rise of AI at insurance providers. Like in most industries there is concern about being replaced. It is a pretty good read.

On May 10, 1869, the United States became a unified nation when East met West at Promontory Summit in Utah. Information that would have taken weeks, if not months, to reach the other coast was now available in days. As telegraph wires went up along the routes, days went down to hours, if not minutes. One hundred and fifty-five years later, it is now standard to measure information exchange in terms of milliseconds. Recent advances in quantum teleportation will likely soon produce instantaneous, simultaneous information exchange. When a bit is flipped at one end of the connection, quantum entanglement simultaneously flips a bit at the remote end, with zero latency. What an age to be alive! Of course we should ask, are we better off, or would it be better not to know everything instantly? Definitely something to ponder.

And remember, keep the shields up. They really are out to get you.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Critical vulnerabilities in BIG-IP appliances leave big networks open to intrusion
• Citrix Netscaler ADC and Gateway high severity Out of Bounds Memory read bug
• Citrix warns admins to manually mitigate PuTTY SSH client bug
• Dell warns of data breach, 49 million customers affected
• Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability
• UnitedHealthcare CEO says ‘maybe a third’ of US citizens were affected by recent hack
• Veeam fixes RCE flaw in backup management platform

Ransomware, Malware, and Vulnerabilities News

• AT&T delays Microsoft 365 email delivery due to spam wave
• CISA starts CVE “vulnrichment” program
• Millions of IoT Devices at Risk From Integrated Modem
• macOS Cuckoo Stealer malware family
• May 2024 Patch Tuesday forecast: A reminder of recent threats and impact
• New Spectre-Style ‘Pathfinder’ Attack Targets Intel CPU, Leak Encryption Keys and Data
• Cyberthreat landscape permanently altered by Chinese operations, US officials say
• Law enforcement seized Lockbit group’s website again
• Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator
• City of Wichita breach claimed by LockBit ransomware gang
• Deutsche Telekom claimed by LockBit, dozens more ransom victims
• 500,000 Impacted by Ohio Lottery Ransomware Attack
• JPMorgan Chase Suffers Data Breach Affecting Personal Information of 451,809 Customers
• Threat Actors Allegedly Breached HSBC & Barclays Data, Exposing 2.2 Million Records
• Ransomware crooks now SIM swap executives’ kids to pressure their parents
• Sawnee EMC asking customers to use new website after cybersecurity incident affected original one
• City of Tifton says it lost nearly 50K in cyber scam
• Certain systems unavailable after City of Wichita cyber security incident
• Boeing confirms attempted $200 million ransomware extortion attempt
• Derby city manager discusses recovery from last year’s cyberattack
• Ransomware operations are becoming less profitable
• Ascension Hospital investigating network interruption due to likely cyberattack
• BlackBasta claims Synlab attack, leaks some stolen documents
• UK armed forces’ personal data hacked in Ministry of Defense breach
• Classes cancelled as ‘sinister’ school cyber-attacks rise
• Cybersecurity researchers find that fake USPS phishing sites account for at least as much internet traffic as the Postal Service itself
• SentinelOne: Ransomware actors are adapting to EDR
• China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion
• APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data
• New law will require owners of critical services to report wider range of cybersecurity incidents
• Qantas confirms technology issue caused data breach that exposed personal information of customers
• Massive webshop fraud ring steals credit cards from 850,000 people
• HijackLoader Using Weaponized PNG Files To Deliver Multiple Malware
• Zscaler Investigating Data Breach After Hacker Claims Sale
• Zscaler takes “test environment” offline after rumors of a breach
• Log4J Still Among Top Exploited Vulnerabilities, Cato Finds
• Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw
• Novel attack against virtually all VPN apps neuters their entire purpose
• Financial threat report 2023: phishing, PC and mobile malware
• DBIR: Supply Chain Breaches Up 68% Year Over Year
• Overwhelmed with spam texts? Stats show the problem is getting worse
• Cybercrime stats you can’t ignore
• Cybercriminals are getting faster at exploiting vulnerabilities
• It Costs How Much?!? The Financial Pitfalls of Cyberattacks on SMBs
• How long does it take a hacker to crack a password in 2024?
• GhostStripe attack haunts self-driving cars by making them ignore road signs
• Hackers exploit LiteSpeed Cache flaw to create WordPress admins

Headline NEWS

• Cool Tool: This new tool gives you total control over Windows 11’s ads
• Cool Tool: Sandboxie 1.13.7 Plus / Classic 5.68.7
• Cool Tool: Nmap 7.95 released: New OS and service detection signatures
• Yubico bolsters security with updated YubiKey 5 series devices
• Report: AMD will not support Windows 10 on your next-gen Ryzen 8050/9000 PC
• US official says Chinese seizure of TSMC in Taiwan would be ‘absolutely devastating’
• Google is changing how you set up 2FA
• What Is Pretexting in Cyber Security?
• Phishing scams playbook: Adapting to keep up with malicious AI
• Cybersecurity Races to Unmask New Wave of AI Deepfakes
• AT&T Splits Cybersecurity Services Business, Launches LevelBlue
• Google Debuts New Security Products, Hyping AI and Mandiant Expertise
• Upgrading to Windows 11 is a whole lot faster and easier now
• Exchange Server SE set to debut just before 2019 version breathes its last
• Microsoft Edge will save memory on Windows by auto-discarding sleeping tabs
• Microsoft Edge experiment blocks access to settings if Windows 11 is not activated
• VMware security advisories now behind bureaucratic Broadcom barricade

Cyber Insurance News

• RSAC 2024: Top cyber insurance trends, traps and advice
• Cybersecurity Festival 2024: Four ways to cut your cyber insurance premiums
• AI devours data but likely won’t eat insurance brokers