December 21, 2024

Hello all,

Despite the upcoming winter break, the news does not sleep. There was a lot of activity in the prior week that was interesting, disturbing, and some was even delighting. So, let’s get to the cyber news.

As usual, my commentary is followed by a plethora of links to other items that are worth skimming to see if they interest you or pertain to your particular environment or of those you support.

Headline NEWS:

• Amazon made news this week when they decided to pause a $1 billion rollout of Microsoft products to their employees due to significant concerns about Microsoft’s security. Some in the industry feel it is a political marketing move to highlight AWS, others are hopeful that this push, by one of the few companies with enough clout to pull it off, can finally get Microsoft to make needed systemic changes.
• Apache Tomcat vulnerabilities have been found that enable RCE. Users are urged to upgrade to the latest versions to patch these two defects.
• Beyond Trust made public that threat actors breached some of their Remote Support SaaS instances. The actual details are a bit scant, but it appears that the intrusion was caught before anything like mass deployment of ransomware was achieved. The vendor’s investigation found a critical defect in Privileged Remote Access (PRA) and Remote Support (RS) and has issued patches. Cloud instances received these automatically, self-hosted instances are urged to update immediately.
• CAPTCHA is a security mechanism used to validate users’ online resources. Threat actors are now cleverly spoofing them and using the public’s trust of these ubiquitous tools to infect themselves with spyware and remote access tools. Please, never blindly copy and paste something from a website into your Windows “Run” line without understanding what you’re pasting in there.
• Google Chrome received an update this past week for several high-severity flaws, including the V8 JavaScript engine. Microsoft Edge also received an update for similar, since it is based on Chromium. Update your browsers to keep surfing securely.
• Sophos came in late in the week with updates for their firewall, patching a critical flaw that could allow “remote unauthenticated threat actors to perform SQL injection, remote code execution, and gain privileged SSH access to devices”. Their firewalls should update automatically, but it would be wise to check yours to ensure that it is no longer vulnerable.

In Ransomware, Malware, and Vulnerabilities News:

• Threat Actors continue to exploit gullible employees with fake tech support calls, and remote access support requests. Microsoft Teams is the latest in the news that’s being used by these dirt bags. The basics of the scam are, flood the victim with spam, call them and claim to be from “support” and that you can stop the spam, and then convince them to let you onto their system via remote access software. Once on the threat actor then loads persistent remote access software that they control, thus owning the user’s computer for further nefarious purposes. Never, accept a remote access session like that unless you’ve initiated the call to what you know is the correct phone number.

In Other News Events of Note and Interest:

• Microsoft really wants to kill passwords. Due to the ever-changing game of cat-and-mouse with threat actors, ordinary passwords have not been enough for quite some time, with Microsoft blocking 7,000 attacks on passwords per second. Multifactor authentication was supposed to be the holy grail of security, but it is now being bypassed via session token theft attacks, which increased by 146% this year. The next iteration of security is called “phishing resistant” and passkeys are the latest implementation of this FIDO2 standard. Clearly, Microsoft agrees that this solution is effective since they are actively engaged in moving over 1 billion accounts to passkey authentication via various prompts and pop-ups whenever certain logon events occur, and password changes happen. So, if you see a passkey option, it may be time to take the plunge for a more secure future.

Musings:

Christmas is only days away and cyber warriors are dreaming of extended time off away from their fickle, demanding, and needy digital charges so that they can enjoy their well-earned holiday with their families. Unfortunately, cyber evil doers are also dreaming of cyber warriors being away so they can spend time with those fickle digital charges unnoticed. Don’t let them spoil your winter break.

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Amazon refuses Microsoft 365 deployment because of lax cybersecurity
• New Apache Tomcat Vulnerabilities Let Attackers Execute Remote Code
• Beyond Trust – A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products
• BeyondTrust Patches Critical Vulnerability Discovered During Security Incident Probe
• BeyondTrust says hackers breached Remote Support SaaS instances
• From CAPTCHA to catastrophe: How fake verification pages are spreading malware
• Google Chrome 131 Update Patches High-Severity Memory Safety Bugs
• Sophos Firewall vulnerable to critical remote code execution flaw

Ransomware, Malware, and Vulnerabilities News

• DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages
• Malvertisers Fool Google With AI-Generated Decoys
• Visa: AI Helped Block 85% More Fraud on Cyber Monday
• US charges Russian-Israeli as suspected LockBit ransomware coder
• CISA has published The National Cyber Incident Response Plan (NCIRP) – 2024
• CISA Mandates Cloud Security for Federal Agencies by 2025 Under Binding Directive 25-01
• CISA Issues Best Practices to Secure Microsoft 365 Cloud Environments
• FBI spots HiatusRAT malware attacks targeting web cameras, DVRs
• FBI urges using FIDO authentication and password managers for verification
• US targets TP-Link with a potential ban on the Chinese routers
• US begins to retaliate against China over hack of telecom networks
• Costa Rica and U.S. Jointly Identify Alleged Cyber Intrusions from China
• PHP backdoor looks to be work of Chinese-linked APT group
• Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits
• New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP
• Chinese national cyber centre says US hacks stole trade secrets from tech firms
• North Korean Hackers Stole Record $1.3 Billion in Crypto in 2024
• Kaspersky reports 135% surge in interest for crypto-stealing drainers on dark web
• Study finds ‘significant uptick’ in cybersecurity disclosures to SEC
• Thousands of GPS tracking customers have info leaked following data breach
• Curl Vulnerability Let Attackers Access Sensitive Information
• Ongoing phishing attack abuses Google Calendar to bypass spam filters
• Over 25,000 SonicWall VPN Firewalls exposed to critical flaws
• Juniper warns of Mirai botnet targeting Session Smart routers with default passwords
• 1-Click RCE Attack in Kerio Control Firewall Let Attackers Take Full Control Remotely
• 2022 LastPass security breach linked to new millionaire crypto heist
• US Banks Witness 1,000% Surge in Digital Scams As JPMorgan Chase, Wells Fargo and Bank of America Customers Lose $166,000,000 on Zelle in One Year
• Japanese game and anime publisher reportedly pays $3 million ransom to Russia-linked hackers
• 390,000 WordPress accounts stolen from hackers in supply chain attack
• Massive data breach at federal credit union exposes 240,000 members
• Ascension cyberattack exposes data from 5.6M people
• HubSpot phishing targets 20,000 Microsoft Azure accounts
• New Phishing Attack Exploiting HubSpot Tools To Steal Microsoft Azure Logins
• NoviSpy Spyware Installed on Journalist’s Phone After Unlocking It With Cellebrite Tool
• New Android NoviSpy spyware linked to Qualcomm zero-day bugs
• Hacker Leaks 2.9GB of Cisco Data, covering a wide swath of their products
• Hackers Can Jailbreak Digital License Plates to Make Others Pay Their Tolls and Tickets
• Hackers Leverage Red Team Tools in RDP Attacks Via TOR & VPN for Data Exfiltration
• Hackers Exploit Microsoft Management Console to Drop Backdoor on Windows
• Hackers Exploit Microsoft Teams to Gain Remote Access to User’s System
• Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware
• Texas Tech University System data breach impacts 1.4 million patients
• Windows kernel bug now exploited in attacks to gain SYSTEM privileges
• Ransomware defenses are being weakened by outdated backup technology, limited backup data encryption, and failed data backups
• Ransomware group Brain Cipher behind RI cyberattack; claims 1 TB of data stolen
• A new ransomware regime is now targeting critical systems with weaker networks
• Ransomware Attackers Target Industries with Low Downtime Tolerance
• Krispy Kreme Hack Claimed by Play Ransomware
• Top 10 cybersecurity misconfigurations: Nail the setup to avoid attacks

Other News Events of Note and Interest

• Cool Tool: O&O ShutUp10++ 1.9.1441.422
• Cool Tool: Sysinternals Suite 2024.16.12
• Cool Tool: LibreOffice 24.8.4 Office Suite Is Now Available for Download with 55 Bug Fixes
• Cool Tool: PowerToys 0.87 is out with a new utility for Windows 10 users and a lot of improvements
• PowerToys removes fatal flaw in Workspaces feature
• I put 1-800-ChatGPT to the test — 7 practical uses for the AI
• Hundreds of websites to shut down under UK’s ‘chilling’ internet laws
• Latest VMware update is free with no license, fixes Windows 11 and Linux freezes, crashes
• ChatGPT’s AI search engine is rolling out to everyone
• GitHub launches a free version of its Copilot
• USAA Federal Savings Bank hit with cease-and-desist
• CrowdStrike moves to dismiss Delta suit, citing contract terms
• Kali Linux 2024.4 released with 14 new tools, deprecates some features
• Is this the end of Google? This new AI tool isn’t just competing, it’s winning
• How long does an SSD last? It’s a tricky question to answer
• Meta adds live AI, live translations, and Shazam to its smart glasses
• Microsoft Is Going to Delete Passwords for 1 Billion Users
• Microsoft won’t let customers opt out of passkey push
• Microsoft admits it didn’t really fix Windows Outlook 0x80049dd3 sign-in bug
• How to Use Microsoft Windows Recall
• Microsoft is still trying to make new Outlook work offline on Windows 11
• Windows 11 hidden toggle reveals how to turn on or off Administrator protection
• Microsoft blocks Windows 11 24H2 update on more PCs due to new gaming issues
• Microsoft Windows 11 24H2 breaks audio and Auto HDR, update blocked on affected PCs
• Important Changes coming to OneDrive Retention
• WordPress.org’s login screen now forces you to confirm “Pineapple is delicious on pizza.”