August 31, 2024 - Red Dot Security

Hello all,

For those is the USA, I pray that you’ve returned from the long holiday weekend refreshed and did not discover a poorly written note on your computers advising you that your company has been subjected to a post-paid pen test. Sadly, ransomware and extortion are continuing to grow. As one group either retires or gets shut down, another one quickly sprouts up from the severed stump. In some ways it is like the mythical Hydra, each time a head is cut off, two more grow. A large number of links this week discuss ransomware, and naturally we also have the usual vulnerability defect reveals, patch notifications and just plain interesting items, and so onward.

Headline NEWS:

AVTECH AVM1203 is a security camera system that isn’t secure. It has been shown to have an unpatchable zero-day vulnerability that allows the Mirai botnet to infest it and claim it for nefarious purposes. If you have these in use anywhere, replace them.
Cisco patched defects in their NX-OS based Nexus 3000, 7000, and 9000 series switches. Interestingly, on the heels of the devastating Microsoft IPv6 zero-day from earlier in the month, Cisco’s patch also dealt with issues in IPv6. Also patched were privilege escalation issues and issues with their APIC and the Cloud Network Controller.
City of Columbus, OH has obtained an injunction against a researcher who proved that they were lying when they asserted to the public that their recent Rhysida ransomware attack didn’t exfiltrate any usable data. The researcher showed reporters huge troves of information that the city asserted was corrupted and unusable. In response the city is suing to silence him and is asking for damages. Talk about killing the messenger. Wow! Needless to say, the Electronic Frontier Foundation (EFF) has taken an interest in the case.
Google Chrome has the zero-day vulnerabilities coming in hot and heavy. The tenth for the year was unveiled this past week. If you haven’t updated your browser yet, do so soon since this is already being used by the bad guys.
Microsoft Windows Downdate still doesn’t have a fully functional patch. The proof-of-concept (PoC) code is publicly available. This thing is truly horrible if used on your systems. It can uninstall your patches and convince your system that it is fully patched, leaving it wide open for exploitation. Come on Microsoft, you’ve known everything about it since February.
Microsoft IPv6 had a zero-click defect patched in this month’s Patch Tuesday release. If you haven’t applied it yet, do it now. The PoC is out for this thing. If you are not using IPv6 in your networks, turn it off.
SonicWall is warning of a critical access control defect in SonicOS. It affects Gen 5 – 7 firewalls. Patch as soon as you are able. Mitigation advice, until you can patch, is that you “restrict firewall management access to trusted sources or disable WAN management access from the internet.” This advice is something that should always be in place anyway. No mission-critical device should be able to be managed from an untrusted source. Note, several other SonicWall updates have come out recently. It would behoove you to quickly update to the latest firmware and follow remediation guidance by the vendor.

In Ransomware, Malware, and Vulnerabilities News:

The United States Marshals Service has denied that a newly published leak by Hunters International ransomware criminal group is new. The published data has been examined and it appears to be from leaks that happened in 2023. Does anyone else find it a bit more than merely disturbing that US Government databases are being exposed and exfiltrated by evil people for their malicious purposes? I mean, that is literally their job, “National governments are responsible for maintaining internal and external security and stability.” I’m not feeling very secure.
BlackSuite Ransomware deployed after 15 days from initial access, is an interesting read in that it shows the patience and thoroughness of this particular group. They took their time to find high-value targets, compromise as much as possible, establish multiple layers of persistence, exfiltrate data, and finally to deploy encrypting payload. For a good conversation on the topic of ransomware, check out this past Friday’s Buffalo-Plaid Breakfast

In Other News Events of Note and Interest:

AnandTech has published their last review. It was founded by a then 14-year-old Anand Lal Shimpi in 1997 and had consistently reported on chips, CPUs, and PC components until now. No specific reason was given for stopping publication, but the market is rapidly shifting from long thoroughly written reviews to visual content, soundbites, and AI summaries. The AnandTech archives and forum will remain open for as long as Shimpi can keep it going.
Human Brain Organoid Bioprocessors now available to rent. Does nobody watch Sci-Fi? In all seriousness, the reality of this technology is astounding in the raw processing power and potential, and it will be fascinating to watch it evolve. But, as with any revolutionary technology, caution is warranted lest it evolve a tad too much an gets out of the box it is being kept in.

In Cyber Insurance News:

A crack in the cyber insurance armour “Cyber outages like Crowdstrike reveal gaps in traditional insurance, stressing the need for better operational disruption coverage”. It questions the common coverage limits that so many policies have of $1 million. With how interconnected we are, and with costs escalating at an exponential rate, many now believe that that limit is insufficient.

Musings:
AI has hit a bit of a plateau. Large Language Model (LLM) based AI and others such as Natural Language Processing, Deep Learning, and more, are now on a gradual iterative growth path. Their databases have pretty much consumed all easily accessible content that exists on the internet, so there isn’t much more to ingest. New progress will come in how what is known is combined and evaluated, and obviously in how the AI interacts with the human. Our current state is that we now have very efficient Artificial Narrow Intelligence (ANI) capabilities in our various AI servants. And these capabilities will become ubiquitous in our computing world as efforts to improve them continue. All of this concentrated effort has brought us to the cusp of the next punctuated leap in AI evolution, with some claiming that it already exists in laboratory environments. It is Artificial General Intelligence (AGI). This AI type is one that has the same reasoning capability as a human. Whether that produces a self-aware AI is the unknown mystery and is both the holy grail and the stuff of science fiction nightmares. However, if it does succeed, we will then have Artificial SuperIntelligence (ASI). Hopefully, it will be benevolent, and it will want to protect its parents and not supplant them.

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Cyber Insurance News

Like this: