August 10, 2024

Hello all,

Welcome to the Hacker Summer Camp edition of the Red-N Security Newsletter. Thank you for your patience, our team didn’t return from Las Vegas until after midnight on Monday. And there were so many vulnerabilities and news items generated by the trifecta of Black Hat, DefCon, and BSidesLV, conferences in Las Vegas this past week that sorting them into the normal newsletter categories has been challenging. Be sure that you check out the full listing of links that we provide, otherwise you may miss something critical that applies to your environment. Without any further ado, here are our top items.

Headline NEWS:

• AMD’s Sinkclose vulnerability has existed in nearly every AMD processor made since 2006. This incredibly nasty flaw allows malicious software to be embedded in the processor where it is loaded before the operating system, rendering any anti-malware software moot. The fix involves new chip firmware provided by AMD. There are two catches. One, many of those older processors will not get updates. And two, if you do get infected via this vulnerability, the best remediation is to throw the processor away and get a new one. Yep, it is that bad!
• Google was just declared a “monopolist”. The implications of this judicial ruling are murky at the moment but could spell a death knell for Mozilla Firefox if they lose their Google subsidy for using Google as the default search engine. The majority of Mozilla’s revenue comes from this somewhat strange arrangement.
• Google Chrome had multiple highly severe vulnerabilities patched this past week. Update your browsers if you haven’t already done so.
• Kibana has a Remote Code Execution (RCE) vulnerability that requires upgrading to Kibana version 8.14.2 or 7.17.23 to mitigate.
• Microsoft has a number of items in our Headline News section. The first is dubbed MadLicense, and it affects every Windows Server version from 2000 to 2025. It is a zero-click RCE. Do not wait to investigate and remediate this! At least one Proof of Concept (PoC) exploit is already out in the wild.
• Microsoft Office has a high-severity vulnerability that can allow NTLM hashes to leak to remote attackers. Microsoft has provided some mitigation advice, but no patch yet.
• Windows Update flaw allows for updates to be uninstalled surreptitiously and then hidden so that future update scans think everything is fine. This effectively allows an attacker to downgrade/remove patches and then exploit items that were formerly patched. There is no fix from Microsoft for this potentially massive vulnerability. Microsoft has provided some guidance to possibly detect this occurring, but it is far from fully baked. This is an emerging story that definitely bears watching.
• OpenVPN was found by Microsoft to have several RCE and Local Privilege Escalation (LPE) issues. The fix is to update OpenVPN to the latest version.
• Rockwell Automation ControlLogix 1756 devices have a flaw that can allow for unauthorized commands to be sent to the controller. Updates are available.

In Ransomware, Malware, and Vulnerabilities News:

• CISA’s Jen Easterly says that cybersecurity is a software quality problem, and vulnerabilities and bugs should be labeled what they truly are – “defects”.
• The best hacks and security research from Black Hat and Def Con. This doesn’t need commentary. It is well worth reading.
• There is a LOT of content in this section that could have made the Headline News, so be sure to check the links.

In Other News Events of Note and Interest:

• Army of volunteer hackers to help protect US water and schools initiative was announced at Def Con32. It is great to see that the hacker community is coming together to show that they are a force for good.

In Cyber Insurance News:

• White House working on cyber insurance policy proposal for ‘catastrophic’ events. A proposal is expected to be ready by the end of the year.

It will be an interesting few weeks as security professionals, vendors, and administrators, vs. malicious criminals and threat actor groups race to see who wins the gold to either patch or exploit items that were discussed and detailed at the trifecta of Hacker Summer Camps. This would almost be fun if I wasn’t vested on the side of the defenders.

One final note, this week our Buffalo-Plaid Breakfast show was broadcast live from Las Vegas where we discussed Ethical Hacking and the value that the conferences bring to the security world.

Keep the shields up. They really are out to get you.

 Viscount Jan Broucinek
Red-N Weekly Cyber Security News

Headline NEWS

• AMD’s ‘Sinkclose’ vulnerability affects hundreds of millions of processors, enables data theft — AMD begins patching issue in critical chip lines, more to follow
• AMD won’t patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for ‘Sinkclose’
• Judge rules that Google ‘is a monopolist’ in US antitrust case
• Multiple Chrome Vulnerabilities Let Attackers Execute Malicious Code
• Critical Kibana Vulnerability Let Attackers Execute Arbitrary Code
• Exploitable PoC Released for CVE-2024-38077: 0-Click RCE Threatens All Windows Servers
• Microsoft discloses unpatched Office flaw that exposes NTLM hashes
• Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE
• Windows Update Flaws Allow Undetectable Downgrade Attacks
• Critical Flaw in Rockwell Automation Devices Allows Unauthorized Access 

Ransomware, Malware, and Vulnerabilities News

• CISA adds Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog
• CISA’s Jen Easterly: Cybersecurity is a software quality problem
• The best hacks and security research from Black Hat and Def Con 2024
• US offers up to $10 million reward for info on malicious Iranian cyber group
• Critical OpenSSH Vulnerability in FreeBSD Let’s Attackers Gain Root Access Remotely
• Las Vegas police issues cyber advisory with cybersecurity, hacker conventions in town
• Ransomware threats has Las Vegas Strip resort doing room inspections
• Room inspections at Resorts World confuse, annoy hacker convention attendees
• Apple Releases macOS Sonoma 14.6.1 With Bug Fixes, Security Fixes
• Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs
• RCE possible with critical Apache OFBiz zero-day
• How to ingeniously and wirelessly inject malware onto someone’s nearby Windows PC via Google’s Quick Share
• MongoDB Flaw Allows Attackers to Gain Complete Control of Windows Systems
• Hackers could exploit major 5G baseband security flaw, researchers say
• Open Source Firewall pfsense Vulnerable to Remote Code Execution Attacks
• AWS ‘Bucket Monopoly’ attacks could allow complete account takeover
• DOJ Charges Nashville Man for Helping North Koreans Get U.S. Tech Jobs
• Trump Campaign Reports Hack of Internal Communications by Iranian Phishers
• How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards
• INTERPOL recovers over $40 million stolen in a BEC attack
• Intelligence bill would elevate ransomware to a terrorist threat
• Microsoft 365 anti-phishing feature can be bypassed with CSS
• Microsoft Entra ID Vulnerability Let Attackers Gain Global Admin Access
• Illinois Tollway: Texts to I-PASS customers detailing outstanding toll amounts are a phishing scam
• 9 billion hit in one of the largest data breaches ever — full names, addresses and SSNs exposed
• 62 percent of phishing emails pass DMARC checks
• Google splats device-hijacking exploited-in-the-wild Android kernel bug among others
• Keytronic incurred approximately $17 million of expenses following ransomware attack
• OneBlood says its software systems are coming back online after last week’s cyberattack
• Magniber ransomware targets home users
• Ransomware attack paralyzes milking robots
• Stolen Columbus data leaked by ransomware group after auction gets no bids
• UK IT provider faces $7.7 million fine for 2022 ransomware breach
• Apple to Address ‘0.0.0.0’ Security Vulnerability in Safari 18
• Zero-Day IP Address Exploit Lets Hackers Attack Mac, Linux Computers
• Connecticut homebuyer loses $600K to hacker theft
• Exploit released for Cisco SSM bug allowing admin password changes
• How to Weaponize Microsoft Copilot for Cyberattackers
• 1Password vulnerability lets attackers steal Vault items
• Chameleon malware stages comeback
• USPS Text Scammers Duped His Wife, So He Hacked Their Operation
• Hijack Anti-Virus Software Using SbaProxy Hacking Tool
• ADT confirms data breach after customer info leaked on hacking forum
• Hackers Can Use HDMI Cables to Capture Your Passwords
• Researchers find insecure SSH implementations everywhere
• Russians team up with young, English-speaking hackers for cyberattacks
• Ransomware gang targets IT workers with new RAT masquerading as IP scanner
• North Korean hackers exploit VPN update flaw to install malware
• World’s largest companies at near-universal risk of supply chain breach
• Researchers Uncover Flaws in Windows Smart App Control and SmartScreen
• Hazy Issue in Entra ID Allows Privileged Users to Become Global Admins
• Hackers Leveraging OneDrive & Google Drive To Hide Malicious Traffic
• Bumble and Hinge allowed stalkers to pinpoint users’ locations down to 2 meters, researchers say
• Your victim’s Windows PC fully patched? Just force undo its updates and exploit away
• STAC6451 Hackers Attacking Microsoft SQL Servers to Compromise Organizations
• Ecovacs home robots can be hacked to spy on their owners, researchers say

Other News Events of Note and Interest

• An army of volunteer hackers to help protect American water systems, schools
• CrowdStrike president cheered after accepting ‘Epic Fail’ Pwnie award
• CrowdStrike releases root cause analysis of the global Microsoft breakdown
• Notes from Black Hat USA 2024: “I hate to report it, but the Russian underground is as strong as ever”
• The top new cybersecurity products at Black Hat USA 2024
• Cool Tool: WordStar 7, the last ever DOS version, is re-released for free
• Cool Tool: Active Directory Replication Status Replacement
• China develops world’s 1st AI chip system powered entirely by light
• Raptor Lake microcode limits Intel chips to a mere 1.55 volts to prevent CPU destruction
• Figure 02 Robot Is a Sleeker, Smarter Humanoid – IEEE Spectrum
• UN committee approves first cybercrime treaty despite widespread opposition
• Google Assistant gets a new voice as Gemini AI comes to Google Home
• Latest Google Authenticator update brings much-needed redesign and new features
• ICANN approves use of .internal domain for your network
• Shorter TLS certificate lifespans expected to complicate management efforts
• Will Google’s historic monopoly lawsuit be the death knell for Mozilla and Firefox?
• Mosquitoes can fly but they can’t hide from the Bzigo Iris
• Backblaze sees drive failure rates tick up, asks if AI can help
• Illinois changes biometric privacy law to help corporations avoid big payouts
• Point of entry: Why hackers target stolen credentials for initial access
• Microsoft Authenticator overwriting MFA accounts, locking users out
• Nvidia drivers confirmed to cause BSOD on Windows PCs without certain CPU instructions
• After Instagram, Turkey blocks access to popular VPN apps
• Copilot and Clipchamp will cozy up with this new AI video editing feature
• Microsoft Azure outage takes down services across North America
• Microsoft posts official New Outlook for Windows guide for Settings, Ribbons, and more
• Microsoft discontinues Adobe Type 1 fonts support in Windows
• KB5041979: Microsoft released new Windows 11 24H2 Recovery update
• Microsoft says Delta ignored Satya Nadella’s offer of CrowdStrike help

Cyber Insurance News

• How cyber insurance shapes risk: Ascension and the limits of lessons learned
• White House working on cyber insurance policy proposal for ‘catastrophic’ incidents
• Black Hat USA 2024: How cyber insurance is shaping cybersecurity strategies
• CrowdStrike outage to drive greater demand for cyber insurance