June 1, 2024

Hello all,

We’ve got stuff from Amazon to Zscaler this week consisting of some amazing new things, some seriously bad things, and a couple of massive wins for the good guys making worldwide cyber headlines, so read on.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

• Amazon has been talking about Project Kuiper, their space-based internet, for a number of years, and they are finally nearing reality. Amazon recently conducted successful tests of their LEOS (Low Earth Orbiting Satellites) and are now ramping up production. They expect to have the first commercial deployments this year. Look out StarLink, you’ve got competition coming!
• Check Point has made emergency hotfixes available for a zero-day in their Check Point Security Gateways with remote Access VPN or Mobile Access Software Blades A good number of their products are affected, so make it a point to check immediately to see if yours has updates or guidance available.
• Cisco has released updates for a high-severity flaw in the web-based management interface of the Cisco Firepower Management Center. There are no workarounds for this, so if you’re running affected hardware, update quickly.
• Fortinet patched a maximum severity RCE a few months ago. Well, this week an exploit was unleashed, much to the delight of evil people, that allows an attacker to execute commands as root on any Internet-exposed and unpatched FortiSIEM If you’ve been waiting to apply the update, now’s your time.
• Google really wants you to receive their malware laden, typo-squatted, and compromised web advertisements. Starting this coming week, Google will switch from Manifest V2 to V3 extensions in Chrome. One of the major changes is ‘limitations around ‘content filtering,’ aka the APIs ad blockers and anti-tracking extensions”. Google further says (Manifest V2) extensions will start to be disabled in “the coming months.”
• Ticketmaster has had a massive breach happen via a third-party vendor. 500 million users’ data has been put up for sale by dirtbags. The number is staggering, the entire population of the United States is only 333 million.
• TP-Link released an update to fix a maximum severity vulnerability in their Archer C5400X gaming router. It impacts all versions of the router firmware including and prior to 1_1.1.6. It has been patched in version 1_1.1.7 released on May 24, 2024. Patch now. And if you own older TP-Link routers that are no longer receiving firmware updates, unplug them as soon as humanly possible. There are numerous flaws in their older gear that will not receive patches.
• Zscaler Client Connector has a Privilege Escalation vulnerability that needs to be patched. By chaining several vulnerabilities together researchers have been able to elevate to NT AUTHORITY\SYSTEM on Windows. Upgrade to the latest version to mitigate.

In Ransomware, Malware, and Vulnerabilities News:

• US and international authorities from several countries made a number of arrests, sanctioned others, and took down the “world’s largest botnet” and cybercrime domains that enabled fraud, ransomware, and more. There are seven linked articles in this section that provide fascinating details. This international action is a major win for the good guys!
• AI Deepfakes are on the rise. Two links talk about this disturbing trend. The first is regarding how trivial it now is to create convincing deepfakes of politicians’ voices. The second is from Google highlighting how quickly AI-generated misinformation is proliferating. It will be a fun election cycle in the USA this year.

In Other News Events of Note and Interest:

• AMD will pay you up to $30,000 if you find a juicy enough vulnerability in their stuff and responsibly report it to them via their new public Bug-Bounty program. Get cracking!
• World’s first bioprocessor uses 16 human brain organoids… do these people not watch sci-fi shows? I think I’ve seen how this plays out and I didn’t like it.

In Cyber Insurance News:

• Personal cyber insurance is apparently a desirable emerging product. Being in this industry, I can see that, provided the cost is right. I do what I know I should to protect myself and my home network, but should some determined malfeasant individual break in, it would be nice to have an additional layer of covering available to me.

June 1 marks the official start of Hurricane Season! I can almost hear the collective groan of those responsible for ensuring uptime for their cyber operations. In Florida, it is particularly poignant because we have such a massive amount of business lining the vulnerable coastline. So, IT Admins, Managers, CISOs, Board Members, etc., do you know where your Incident Response (IR), Business Continuity (BC), and Disaster Recovery (DR) plans are located? If they even exist, would they still be accessible to you if the entire network was down, your office washed 100 yards offshore into the Atlantic Ocean? Did you know that you should have three plans? Let me explain. Your IR plan covers what do you do in preparation, and when the event happens. It is your playbook, so you are not scrambling on your worst day ever. Your BC plan is what to do to keep your business alive, alternate locations, communication plans, hierarchical structure, etc., while the provisions of your DR plan come to play to recover and rebuild. Your BC plan must contain your various contingencies to keep things alive and functioning until the “R” in DR is completed. Many businesses miss this vital plan. Now is the time to ensure you have these and they are up-to-date, and to ensure that they will be accessible if your business isn’t.

And remember, keep the shields up. They really are out to get you.

Visc. Jan Broucinek
Red-N Weekly Cyber Security News

Headline NEWS

• Amazon’s New Home Internet Service Is One Step Closer to Reality As Mass Production Starts
• Check Point releases emergency fix for VPN zero-day exploited in attacks
• High-severity flaw affects Cisco Firepower Management Center
• Exploit released for maximum severity Fortinet RCE bug, patch now
• Google Chrome’s plan to limit ad blocking extensions kicks off next week
• Ticketmaster breached — data of over 500 million users allegedly put up for sale online
• TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks
• Zscaler Client Connector Zero-interaction Privilege Escalation Vulnerability

Ransomware, Malware, and Vulnerabilities News

• Amid funding cuts, backlog of unanalyzed vulnerabilities in gov’t database is growing
• Microsoft Security Takes Another Beating as Google Cloud Showcases Microsoft’s Vulnerabilities
• CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw
• FBI Dismantles World’s Largest Botnet Leased Out to Cybercriminals for Hacks
• Four arrested in international anti-malware sweep
• US arrests man allegedly behind enormous botnet that enabled cyberattacks and fraud
• Authorities arrest man allegedly running ‘likely world’s largest ever’ cybercrime botnet
• US govt sanctions cybercrime gang behind massive 911 S5 botnet
• Europol and US seize website domains, luxury goods in $6bn cybercrime bust
• Cops Swarm Global Cybercrime Botnet Infrastructure in 2 Massive Ops
• How the DOJ is using a Civil War-era law to enforce corporate cybersecurity
• Graceland Auction Sale Scam: Dark Web Identity Thief Claims Credit
• BreachForums returns just weeks after FBI-led takedown
• Spyware maker pcTattletale shutters after data breach
• Kaspersky releases free tool that scans Linux for known threats
• LightSpy: Implant for macOS
• Discord facing deluge of malicious links
• Hackers hijack Arc browser Windows launch with malvertising campaign
• Distribution of Malware Under the Guise of MS Office Cracked Versions (XMRig, OrcusRAT, etc.)
• Deepfake scams have looted millions. Experts warn it could get worse
• Audio deepfakes of politicians are cheap and easy to make
• Google research shows the fast rise of AI-generated misinformation
• Hackers target Check Point VPNs to breach enterprise networks
• Saving Country Music Suffers Cyberattack Over Morgan Wallen Article
• Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique
• Okta warns of credential stuffing attacks targeting its CORS feature
• Mystery malware destroys 600,000 routers from a single ISP during 72-hour span
• Google won’t comment on a potentially massive leak of its search algorithm documentation
• RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability
• Arctic Wolf: BEC Now Top Method of Cyber Attack on Business
• Free Piano phish targets American university students, staff
• Cybercriminals pose as “helpful” Stack Overflow users to push malware
• Millions of Alibaba-owned marketplace users exposed
• Rock band’s hidden hacking-themed website gets hacked
• Default Passwords Jeopardize Water Infrastructure
• New ATM Malware family emerged in the threat landscape
• Internet Archive is Under DDoS Attack For Several Hours
• Snowflake account hacks linked to Santander, Ticketmaster breaches
• First American December data breach impacts 44,000 people
• Third-party software supply chain threats continue to plague CISOs
• Sav-Rx discloses data breach impacting 2.8 million Americans
• Cencora data breach puts patient data at risk
• New Meterpreter Backdoor Hides Malicious Codes Within the Image
• New Nork-ish cyberespionage outfit uncovered after three years
• Christie’s confirms breach after RansomHub threatens to leak data
• ‘ShrinkLocker’ ransomware uses BitLocker against you
• Major Russian delivery company down for three days due to cyberattack
• Microsoft Uncovers ‘Moonstone Sleet’ — New North Korean Hacker Group
• Important details about CIRCIA ransomware reporting
• BlackSuit Claims Dozens of Victims With Ransomware
• Michigan Center Line schools suffer ransomware attack, classes resume Wednesday
• Seattle Public Library Website and Ebook Lending Are Down Following Ransomware Attack
• Ransomware operators shift tactics as law enforcement disruptions increase
• Ransomware Gang Threatens to Leak Data on Christie’s Clients After Major Hack
• Ransomware attack hits medical device manufacturer LivaNova
• Hackers phish finance orgs using trojanized Minesweeper clone
• UAC Bypass: 3 Methods Used Malware In Windows 11 in 2024
• Windows 10 PLUGScheduler Flaw Allows Privilege Escalation
• Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
• WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites

Other News Events of Note and Interest

• Cool Tool: ProGrade Digital’s Refresh Pro Software Is Now Free Forever
• AMD willing to pay you up to $30k via its new bug bounty program
• Polygon Technology Pays $2M Bug Bounty to Protect $850M Crypto Fund
• You can now edit RCS chats in Android Messages
• The SEC’s New Take on Cybersecurity Risk Management
• Senate chairman wants new White House-led panel to streamline federal cyber rules
• TikTok is suing the US government, arguing ban is unconstitutional
• NIST Launches ARIA, a New Program to Advance Sociotechnical Testing and Evaluation for AI
• How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet
• Basalt plans to ‘hack’ a defunct satellite to install its space-specific OS
• Federal cyber workforce needs telework flexibilities, OPM director says
• Banks don’t want to inspect your home office, so they’re forcing employees to be in office
• World’s first bioprocessor uses 16 human brain organoids for ‘a million times less power’ consumption than a digital chip
• Microsoft Edge Is Getting Faster
• New Microsoft Teams App Gets “Notify When Available” Feature
• Microsoft Teams adds a group chat feature that Google Meet and Zoom have had for ages
• Microsoft Outlook Can Now Send Text Messages on Android
• Windows 11 just took copying and pasting to the next level
• Microsoft shot real lasers through a window to make Windows 10’s wallpaper
• Hands on with Windows 11 Recall AI: Snappy performance, works without internet
• Windows 10 KB5037849 update released with 9 changes or fixes
• Windows 11 KB5037853 update fixes File Explorer issues, 20 bugs
• Windows 11 24H2 breaks connection to some third-party NAS with SMB
• WordPress Releases Way To Build Sites On A Windows Desktop

Cyber Insurance News

• Personal cyber insurance is the most desirable emerging product
• Warren Buffett and Berkshire Hathaway’s top insurance executive Ajit Jain recently warned of the potential for “huge losses” in cybersecurity insurance
• How to Choose the Best Insurance For Your Small Business
• Three scenarios in which a business will be glad they have cyber insurance