December 7, 2024

Hello all,

It has been a busy week with security related news. The Chinese hack into telecommunication providers continues to dominate, with government agencies urging everyone to use encrypted messaging and communication apps and processes due to the depth and breadth of ongoing Chinese espionage. Whitehouse Deputy National Security Adviser, Anne Neuberger, announced that at least 8 different carriers and over a dozen nations have been successfully spied on by China. What I find particularly intriguing about this latest news-cycle’s proclamations is that this is not novel or new. China has been actively and aggressively spying on everyone for decades. All the more reason to remain vigilant. There are a good number of links to articles for further reading on this topic in our Ransomware, Malware, and Vulnerabilities News section.

In the same section, toward the top, there are quite a few links to articles about wins by the good guys! My favorite is about the AI granny named Daisy, who engages scammers to keep them busy so that they can’t be trying to scam someone else while they’re “conversing” with her. Very nice BT!

This coming week we have Patch Tuesday to look forward to, hoping that the various defect, flaw, bug, and vulnerability fixes proffered by the scores of companies that adhere to this release schedule are stable and the cure isn’t worse than the disease. We’ll see soon. Onward to other cyber news of the past week.

As usual, my commentary is followed by a plethora of links to other items that are worth skimming to see if they interest you or pertain to your particular environment or of those you support.

Headline NEWS:

• IO-Data routers UD-LT1 and UD-LT1/EX LTE have flaws that are being actively exploited. IO-Data has a patch out for one of the three flaws and expects the other two to be patched by December 18th. In the meanwhile, if you have these industrial routers in use, contact your support to determine how to mitigate.
• SailPoint’s IAM has a massive flaw in versions below 8.4p2, 8.3p5, and 8.2p8 respectively. This is trivial to exploit, so don’t wait to patch.
• SonicWALL has released patches for 6 defects in their SMA100 SSL-VPN Secure Access Gateway. They have been fixed in firmware version 10.2.1.14-75sv and higher. Currently, there is no evidence of active exploitation, don’t wait until you’re a victim. Patch soon.
• TikTok has not gotten the reprieve they were hoping for, as the US Court of Appeals for the District of Columbia Circuit has rejected their plea. The January 19, 2025 deadline is looming large. For their part, Byte-Dance has vowed to appeal to the Supreme Court. So, the fat-lady singing video hasn’t been posted yet.
• Veeam is warning about two defects in their Veeam Service Provider Console. Customers are urged to patch to the latest cumulative update to address these. Threat actors are quick to jump on Veeam flaws, so don’t wait.

In Ransomware, Malware, and Vulnerabilities News:

• National Public Data, which was responsible for a massive breach of millions of people’s private information, is no longer in business. Their bankruptcy filing was rejected due to no reasonable hope of reorganization amidst the onslaught of lawsuits and regulatory inquiries and demands.
• New Windows Zero-Day exposes NTLM credentials does not have an official patch yet. Hopefully, Microsoft will release one on Tuesday. Details of how this defect works are being mostly kept under wraps, but from the buzz, it doesn’t seem too complicated. 0Patch, which puts out unofficial patches, found the defect and does have a mitigation available.

In Other News Events of Note and Interest:

• EU proposal to scan all your WhatsApp chats is comically timely in light of the Chinese hacking of telcos and the subsequent calls by US authorities for everyone to switch to encrypted messaging apps, such as WhatsApp. The EU’s proposal needs to be soundly killed off. If any one entity has the ability to decrypt, then it is only a matter of time before it leaks to the ravenous hordes of nefarious criminals.

Musings:

Microsoft has just released a new AI agent into testing named “Copilot Vision” that can read your screen along with you, discuss issues you may be having, understand the context of what you’re doing and offer advice… Nice try Microsoft, but I have Facebook, they’ve got you beat. I only need to think about something, not even say it out loud, and I’ll start seeing helpful advertisements and memes related to my most inmost musings in my Facebook newsfeed. I doubt if even Elon Musk’s upcoming Neuralink brain-implant chip can top that!

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Japan warns of IO-Data zero-day router flaws exploited in attacks
• Perfect 10 directory traversal vuln hits SailPoint’s IAM solution
• SonicWall Patches 6 Vulnerabilities in Secure Access Gateway
• US appeals court upholds TikTok law forcing its sale
• US officials urge Americans to use encrypted apps amid cyberattack
• Veeam warns of critical RCE bug in Service Provider Console
• Veeam Urges Updates After Discovering Critical Vulnerability 

Ransomware, Malware, and Vulnerabilities News

• Interpol nabs thousands, seizes millions in global cybercrime-busting op
• INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million
• African Law Enforcement Nabs 1,000+ Cybercrime Suspects
• Fraudulent shopping sites tied to cybercrime marketplace taken offline
• US arrests Scattered Spider suspect linked to telecom hacks
• CISA Releases Updated Security Capabilities Catalog TIC 3.0
• CISA Adds Critical Flaws to Known Exploited Vulnerabilities
• CISA Releases Multiple ICS Advisories Detailing Exploits & Vulnerabilities
• Russian government confirms rare criminal charges against ransomware hacker
• AI Granny and Her Cat Fluffy Go After Phone Spammers
• FBI warning, Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud
• Police crack encrypted messaging service used by criminals, Europol says
• Encrypted Chat Service Seized, 2.3M+ Messages Deciphered
• AWS launches an incident response service to combat cybersecurity threats
• A New Phone Scanner That Detects Spyware Has Already Found 7 Pegasus Infections
• Axiado claims its chip can prevent cyberattacks
• Apple Safari Remote Code Execution Vulnerability Exploited In The Wild
• New Windows zero-day exposes NTLM credentials, gets unofficial patch
• Critical MediaTek Bluetooth Chipset Vulnerabilities Impacted 1.5 Billion+ Android Users
• The Exploit for the RCE on Palo Alto Firewalls is now Online!
• US updates telco security guidance after mass Chinese hack
• FBI, CISA urge Americans to use secure messaging apps in wake of massive cyberattack
• iOS-Android Texting Is at Risk, as FBI Warns About Massive Cyberattack
• Chinese espionage campaign scooped up data on thousands of US mobile phone users, sources say
• White House says at least 8 US telecom firms, dozens of nations impacted by China hacking campaign
• Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers
• How China’s cyberespionage has changed
• Microsoft: Another Chinese cyberspy crew targeting US critical orgs ‘as of yesterday’
• China’s Intelligence Footprint in Cuba: New Evidence and Implications for U.S. Security
• Nation-State Actors Ramp Up Cyberattacks
• Russian hackers hijack Pakistani hackers’ servers for their own attacks
• A bootloader vulnerability in Cisco NX-OS affects 100+ switches
• PoC Exploit Released for Windows Task Scheduler Zero-day Flaw, Exploited in Wild
• Exploit released for critical WhatsUp Gold RCE flaw, patch now
• Mitel MiCollab zero-day flaw gets proof-of-concept exploit
• Researchers Uncover Backdoor in Solana’s Popular Web3.js npm Library
• Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability
• Cloudflare’s developer domains increasingly abused by threat actors
• Russia’s ‘BlueAlpha’ APT Hides in Cloudflare Tunnels
• Data on 760K workers from Xerox, Nokia, BofA, Morgan Stanley and more dumped online
• MOVEit breach chaos continues, data on hundreds of thousands leaked from Nokia, Morgan Stanley
• Hackers Claim Breakthrough in Microsoft Software Activation Methods
• Hackers are pivoting from data breaches to business shutdowns
• New England Grocers Coping With Cyber Attack
• A cyberattack forced WUTH to postpone medical operations
• British hospitals hit by cyberattacks still battling to get systems back online
• Cyber attack leaves West Texas city offline for 3 weeks
• RomCom Exploits Zero Days In Recent Backdoor Campaigns
• Rockstar 2FA: Phishing-as-a-Service Attack Microsoft 365 Accounts Via AiTM Attacks
• Microsoft 365 credentials stolen via adversary-in-the-middle campaign
• Why Phishers Love New TLDs Like .shop, .top and .xyz
• Three Brothers Bakery looking to recover from social media hack
• Hackers steal nearly $1M from Marin County Housing Authority, ‘the money was gone immediately’
• $600,000 Drained From Woman’s Bank Accounts As Morgan Stanley, JPMorgan Chase Issue Repeated Warnings To Customer
• Black Basta Ransomware Leverages Microsoft Teams to Deliver Malware
• Zyxel Firewalls Exploited in Helldown Ransomware Attacks
• Hackers Actively Deploying Zyxel Firewall Flaw To Deploy Ransomware
• Vodka maker Stoli says August ransomware attack contributed to bankruptcy filing
• Company Behind Massive Social Security Number Leak Shuts Down
• How Russia-Linked Ransomware Hackers Bled This Small Company Dry
• Retail outages drag into second week after Blue Yonder ransomware attack
• Blue Yonder moves closer to full recovery after November ransomware attack
• Blue Yonder SaaS giant breached by Termite ransomware gang
• BT Investigating Hack After Ransomware Group Claims Theft of Sensitive Data
• Costa Rica state energy company calls in US experts to help with ransomware attack
• Energy Sector Contractor ENGlobal Targeted in Ransomware Attack
• Deloitte Hacked – Brain Cipher Ransomware Group Allegedly Stolen 1 TB of Data
• Ransomware gang claims Deloitte UK
• Deloitte Data Breach – Company Denied Saying, “Only Single Client System Affected”
• DaMAgeCard: A New Attack Exploits SD Cards to Compromise System Memory 

Other News Events of Note and Interest

• Cool Tool: GIMP 3.0 – the open-source image editing is about to hit a major release
• Cool Tool: WSCC – Windows System Control Center 10.0.0.3
• Cool Tool: Pale Moon 33.5.0 Web Browser
• Anticipating Change: Key Cybersecurity Trends To Watch In 2025
• Apple takes over third-party Apple Passwords autofill extension for Firefox
• A Kid Made $50,000 Dumping Crypto He’d Created. Then Came the Backlash
• The EU proposal to scan all your WhatsApp chats is back on the agenda
• com says typos giving strangers access to private trip info is not a bug
• Six password takeaways from the updated NIST cybersecurity framework
• China bans exports to US of gallium, germanium, antimony in response to chip sanctions
• Why does the name ‘David Mayer’ crash ChatGPT? Digital privacy requests may be at fault
• Does Your Company Need a Virtual CISO?
• Oracle’s Java price hikes push CIOs to brew new licensing strategies
• Just say no to JavaScript
• Another cloud provider bails on VMware after receiving a 900-percent price hike
• Company claims 1,000 percent price hike drove it from VMware to open source rival
• Broadcom reverses controversial plan in effort to cull VMware migrations
• FTC bans data brokers from selling Americans’ sensitive location data
• Microchip Says It Will Shut Arizona Plant
• Companies refile expired domain clawback lawsuit against GoDaddy
• Mozilla Formally Unveils its Rawr-Some New Logo
• Security Pros Positive About GenAI in Cyber
• GenAI comes for jobs once considered ‘safe’ from automation
• AT&T Rolls Out Free ‘Internet Backup’ Wireless Service for Fiber Customers
• Nvidia bids goodbye to GeForce Experience — Nvidia App officially replaces it in the latest driver update
• Notepad Is Being “Upgraded” With AI—Here’s How To Restore the Old Version
• Fed up with hearing about Windows 10 support ending next year? Bad news – Microsoft has stepped up its Windows 11 upgrade campaign
• 7 surprisingly practical ways to use ChatGPT’s free voice wizard
• How to create free AI images with Microsoft Designer
• Microsoft overcharging rival cloud firms’ customers, UK lawsuit says
• Microsoft 365 Copilot Reloaded With Enhanced AI Capabilities
• Microsoft moves to stop M365 Copilot from ‘oversharing’ data
• Microsoft’s AI ‘Agents’ Aim to Take over Many Human Duties
• Microsoft’s new Copilot Vision feature one-ups ChatGPT. Here’s how to access it
• Microsoft Boosts Device Security With Windows Resiliency Initiative
• Microsoft says TPM 2.0 is “a necessity for a secure and future-proof Windows 11”
• Microsoft details how to install Windows 11 on unsupported PC not meeting requirements
• Microsoft Ignite: Redefining email security with LLMs to tackle a new era of social engineering
• Microsoft confirms Windows 11 24H2 now rolling out to more PCs despite major issues
• Microsoft’s WSL 2 looks like it could be getting even stronger with official support from Fedora