December 28, 2024

Hello all,

The end is near! No, not of the world, but of the year. And what a year it has been! There are over half a dozen links that herald and decry the past year in the cyberverse as it relates to security and gains made by both defenders and adversaries. As expected, the final couple of weeks of 2024 are not going down quietly. Threat Actors are busy attempting to steal their holiday bonuses, with quite a few organizations falling prey to exfiltration of data and encrypting ransomware. So, do not let your guard down in the final few hours of this year’s countdown. Onward to news of the week.

As usual, my commentary is followed by a plethora of links to other items that are worth skimming to see if they interest you or pertain to your particular environment or of those you support.

Headline NEWS:

• Adobe released a patch for a critical defect in ColdFusion. Even worse, a Proof of Concept (PoC) exploit is out in the wild already. If you use this, patch immediately.
• Apache proffered up patches for critical defects in three different products, MINA, HugeGraph, and Traffic Control. Organizations are urged to patch immediately since threat actors are sure to exploit these quickly.
• FTC, after saying that they’d “deceived customers” with claims of adequate security, has ordered “Marriott International, Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC to implement a comprehensive information security program to settle charges that the companies failed to implement reasonable data security, which led to three large data breaches affecting more than 344 million customers worldwide.” The 16-page ruling has a lot of provisions for them to follow for the next 20 years!
• Node.js systeminformation package has been shown to be vulnerable to a Remote Code Execution (RCE) flaw. A PoC already exists, so developers would be wise to quickly update to the latest version to mitigate this defect.
• Palo Alto Networks firewalls have a Denial of Service (DoS) defect that can be triggered if DNS Security logging is enabled. The defect enables an attacker to cause the firewall to go into maintenance mode, necessitating manual intervention to restore service. An update patch is now available to fix this flaw, as is a workaround of turning off the DNS Security logging function. This is under active exploitation, so if you use Palo Alto, address yours quickly if you don’t want yours locked up.
• Webmin is a system administration tool used on Linux systems. A new defect has been found that “could allow attackers to seize control of servers”. If you use Webmin, please update yours to version 2.111 or later to fix this flaw.

In Ransomware, Malware, and Vulnerabilities News:

• Data Leaks and Breaches have a number of links in this week’s news. If it seems to you like there are more of these than in the past, there are. It is due to legislation that mandates reporting. Many of these violations of the public’s trust that would have flown under the radar before, are now exposed via regulatory filings. The resulting lawsuits are often company-ending in the litigation costs and judgements rendered. It is vital to be proactive in your security. If your company makes it into the news, it likely won’t be around next year. Statistics show that 60% of small businesses shut down within six months of a cyber attack.

In Other News Events of Note and Interest:

• xAI is about to get a 150-Megawatt power boost. Up until now, Memphis Light, Gas & Water (MLGW) was only able to provide 8MW of power, meaning that Musk’s company had to improvise and run their own generators to make up the difference. It takes a tremendous amount of power to bring the 100,000 GPUs of the Gigafactory of Compute to life – 155MW to be exact. MLGW has upgraded their infrastructure, prompting TVA to grant the extra power. I guess we now know where SkyNet will become self-aware.

Musings:

The internet is sort of like a Secret Santa gift exchange. Sometimes when you go to a website you find the most delightful surprises, what you want, what you need, what brings you joy, and what brings you amusement. Other times, you end up with a fruitcake, a Swiffer, a promotional swag regift, a $10 coupon off the price of a new Tesla, or a nasty virus from being near someone who was harboring an infection. Practice safe computing, and may your surprises be pleasant ones.

See you next year and keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Adobe warns of critical ColdFusion bug with PoC exploit code
• Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS
• Apache warns of critical flaws in MINA, HugeGraph, Traffic Control
• FTC orders Marriott and Starwood to implement strict data security
• Node.js “systeminformation” Vulnerability Exposes Millions of Systems to RCE Attacks
• Hackers exploit DoS flaw to disable Palo Alto Networks firewalls
• CVE-2024-12828 (CVSS 9.9): Webmin Vulnerability Leaves a Million Servers Exposed to RCE 

Ransomware, Malware, and Vulnerabilities News

• 2024 SOC Year in Review: Key Cyber Threat Trends and Mitigations
• Quantum Computing Advances in 2024 Put Security In Spotlight
• CISA’s 2024 Review Highlights Major Efforts in Cybersecurity Industry
• Top 10 Cyber Law Enforcement Operations of 2024
• Top 7 zero-day exploitation trends of 2024
• The Worst Hacks of 2024
• Record-breaking ransoms and breaches: A timeline of ransomware in 2024
• AI impersonators will wreak havoc in 2025. Here’s what to look for
• NSA Cybersecurity Advisories & Guidance
• What Should You Do When You Receive a Data Breach Notice?
• White House links ninth telecom breach to Chinese hackers
• Chinese hackers used broad telco access to geolocate millions of Americans and record phone calls
• CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation
• FBI and Other Federal Agencies Identify Hacker Behind $308,000,000 Hack of DMM Crypto Exchange
• G-Door Vulnerability Lets Hackers Bypass Microsoft 365 Security With Google Docs
• Cybersecurity firm’s Chrome extension hijacked to steal users’ data
• Researchers Uncover PyPI Packages Stealing Keystrokes and Hijacking Social Accounts
• IBM AIX Vulnerability Let Attackers Trigger DoS Condition
• US court finds spyware maker NSO liable for WhatsApp hacks
• TrueNAS device vulnerabilities exposed during hacking competition
• European Space Agency’s official store hacked to steal payment cards
• SRP Federal Credit Union announces data breach to 240,000-plus people
• Regional Care, Inc. Data Breach Exposes Personal Information of over 225,000
• Data leak at VW subsidiary affects 800,000 electric cars
• Duke Energy data breach impacts customer information
• DDoS Attacks Surge as Africa Expands Its Digital Footprint
• Iran’s Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao Malware
• LockBit ransomware gang teases February 2025 return
• JAL’s systems back to normal after cyberattack delayed flights
• Pittsburgh transit agency victim of ransomware attack
• Cyber attack on Italy’s Foreign Ministry, airports claimed by pro-Russian hacker group
• Clop ransomware is now extorting 66 Cleo data-theft victims
• Clop ransomware lists Cleo cyberattack victims
• Atos Says Ransomware Group Claims It Compromised a Database
• OilRig Hackers Exploiting Windows Kernel 0-day to Attack Organizations
• Wood County, OH pays $1.5 million to resolve ransomware attack
• New ‘OtterCookie’ malware used to backdoor devs in fake job offers
• Dark Web cybercriminals are buying up ID to bypass KYC methods
• The Elusive Crime Boss Linked to Billion-Dollar ‘Pig Butchering’ Scams
• Interlock ransomware attacks highlight need for greater security standards on critical infrastructure
• How to know if a USB cable is hiding malicious hacker hardware
• New Sophisticated Attack Weaponizes Windows Defender to Bypass EDR 

Other News Events of Note and Interest

• Cool Tool:Notepad++ 8.7.5
• Cool Tool: Logging Made Easy, from CISA
• When It Comes To DOS, Don’t Forget DR-DOS
• The U.S. Will Start Manufacturing Advanced Chips
• The second shoe is about to drop on a big DoD cybersecurity program
• Meta’s ‘software update issue’ has been breaking Quest headsets for weeks
• FTC launches probe of Microsoft over bundling
• Sweeping Vietnam internet law comes into force
• Apple pulls remaining Lightning-based devices from European stores
• Relive surfing the original internet with new emulator — 34 years later
• Elon Musk’s xAI supercomputer gets 150MW power boost
• Apple stepping in to defend Google in antitrust case which seeks to separate Chrome browser
• NVIDIA Pushes Out GeForce “Driver Hotfix” & Disables Game Filter Option In “NVIDIA App”, Resolving Performance Issues
• New Intel Mesa Driver Patches Implement AV1 Decode For Vulkan Video
• ChatGPT access has recovered after an outage Thursday afternoon
• OpenAI’s ChatGPT recovers after being hit with outages. Here’s what to know.
• OpenAI confirms plans to become a for-profit company
• Nonprofit group joins Elon Musk’s effort to block OpenAI’s for-profit transition
• What All of the Markings on SD microSD and microSDXC Cards Mean
• How to use the Windows Memory Diagnostic Tool on Windows 11
• Microsoft’s First Generative AI Certificate Is Available for Free
• How to Use Controlled Folder Access in Windows 11 to Protect Your Data
• Microsoft adding PST features support to New Outlook for Windows and Mac in early 2025
• Microsoft confirms Windows 11 KB5044284 / KB5046617 can’t install new updates
• A Windows 11 Bug Stops Users from Installing Security Updates: How to Fix it
• Windows 11 bug causes recent clean installs to fail at installing newer security updates
• Microsoft posts official uninstall and recovery guide for botched Windows 11/10 update