November 23, 2024 - Red Dot Security

Hello all,

I was rather pleased to notice that there are at least twelve links in this week’s edition that talk about wins by the defenders, and even some by our AI friends. Some of the larger news items to note are a tsunami of announcements from Microsoft from their Ignite Conference, a large percentage of which were AI and AI adjacent. Also, despite not making national headlines as often lately, ransomware groups continued to proliferate. More and more of the various evil groups are resorting to data theft and subsequent extortion instead of taking the extra step of encrypting. However, there are still plenty that do encrypt and cause massive havoc on the lives of those affected. I highly suggest that you ensure you’re following the advice in the “Five backup lessons learned from the UnitedHealth ransomware attack”. Heeding the recommendations may save your business. There’s a lot to read, so onward.

As usual, my commentary is followed by a plethora of links to other items that are worth skimming to see if they interest you or pertain to your particular environment or of those you support.

Headline NEWS:

Apple starts the list, urging consumers to patch their macOS and iFruit things immediately due to two actively exploited zero-days
Fortinet is still in the news with their VPN under active attack for what appears to be an unpatched flaw despite having ample time to fix it. “In July 2024, Volexity identified exploitation of a zero-day credential disclosure vulnerability in Fortinet’s Windows VPN client that allowed credentials to be stolen from the memory of the client’s process.” If you’re using Fortinet’s VPN, contact your vendor for guidance ASAP.
Google Chrome received updates this past week for yet more defects in the V8 JavaScript engine and a few other items. Has anyone tried changing the sparkplugs? This thing does not appear to be firing on all cylinders.
Kubernetes has a critical flaw that can allow a dirtbag to “execute arbitrary commands beyond container boundaries.” The fix is to upgrade to the latest versions.
Palo Alto, like Fortinet, remains in the news for not so good reasons. Yet more vulnerabilities were identified in their Expedition firewall interface, “making this the tool’s fourth vulnerability under active attack identified in just the past week.” Patch immediately and ensure that management is not exposed to the public internet.
QNAP released firmware to address multiple vulnerabilities. Unfortunately, this cure was worse than the disease in that after applying the patch many users found that they couldn’t access their NAS devices any longer. QNAP has pulled the patch for now. There is no word on when a new update will be made available.
Zohocorp ManageEngine has a critical defect in ADAudit Plus. Users are urged to apply the appropriate service pack to mitigate a “SQL injection vulnerability (which) could allow an authenticated attacker to execute custom queries and gain unauthorized access to database table entries.”

In Ransomware, Malware, and Vulnerabilities News:

China is in the news for a positive reason this week. The Middle Kingdom turned Sauron’s Eye toward Myanmar after noticing that many Chinese citizens were victims of telecom fraud. They are reported to have worked with Myanmar’s authorities and have “wiped-out” all large-scale telecom fraud centers. I’m not sure quite what that means, but I’m sure it isn’t good for the perpetrators.
Russian Spies Jumped from One Network to Another via Wi-Fi is something that cyber defenders have long postulated and experimented with, and now we see it exploited in a real attack. In essence, you compromise someone’s network that is physically near to your intended target. Via a compromised device on network one, you establish a Wi-Fi connection to the nearby network two, attacking and infiltrating it via network one. Evil on a genius level that is very difficult to track and attribute.

In Other News Events of Note and Interest:

Microsoft blew up the news with announcements, reveals, and teases at their Ignite Conference this past week. AI was the big headline, with AI Agents for anything and everything you can think of doing and more. Quite a few other innovations and planned changes were made public, so be sure to check out the links.

Musings:

This coming week marks the Thanksgiving Holiday in the United States, and many companies will be taking extended breaks, and will have reduced staff. While traditionally, these holidays are often “read-only”, meaning no major changes being mad. Due to the likely reduced demand on technician time, I suggest that this would be a good opportunity to go through the various checkboxes to ensure that backups are correct, and following the principle of 3-2-1. And it wouldn’t hurt to check if your DR plans are up-to-date while you’re at it. Remember, the bad guys don’t take this holiday off.

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Like this: