June 7, 2025

Hello all,

With the Patch Tuesday onslaught coming next week, I was happy to see that this was another somewhat quiet week as far as vulnerabilities and zero-day reveals are concerned. Last month I was quite wrong in my prediction of fewer vulnerabilities coming out, so this month, I’ll just wait and see, with no assumptions or expectations. Despite fewer new vulnerabilities and defects being unveiled this week, threat actors still had plenty of old ones that are out there unpatched that are being exploited. Yes, we defenders have an unending task. But, if we don’t do it, who will?

As usual, the RedDotSecurity.news website contains this commentary and a plethora of links to other items that are not in this video and that are worth skimming to see if they interest you or pertain to your particular environment or of those you support. There is a lot more than just what was said here.

Headline NEWS:

• Cisco is warning of a critical authentication bypass defects in their Identity Services Engine (ISE). This is used in Cloud environments such as AWS, Azure, and Oracle. There is some mitigation guidance, which is rather harsh since it performs a factory reset. A wiser route might be to apply the available patches – quickly.
• CISA noticed that ConnectWise ScreenConnect released patches for a defect in April and has updated their KEV (Known Exploited Vulnerabilities) catalog to include this patch. Any ConnectWise hosted ScreenConnect instances were patched by them when they first found the issue. If you self-host ScreenConnect and haven’t patched, do so quickly, and follow the vendor’s guidance on how to check for exploitation.
• Google Chrome was found to have yet another defect in their V8 JavaScript engine, which required an emergency patch. This zero-day was already under active exploitation, so make sure you check your Chromium based browsers for updates, and check Node.js since it also uses the V8 JavaScript engine. Additionally, there were two other flaws in Chrome that were patched with this latest update. If you aren’t restarting your Chrome browser at least once a week, which initiates an update cycle, you should consider adding that as a regular part of your weekly maintenance. These defect updates seem to be arriving weekly now.
• Hewlett Packard Enterprise (HPE) has released updates to address eight vulnerabilities in their StoreOnce disk-based backup and deduplication solution. The defects are rated critical, with upgrading to version 4.3.11 or higher being the fix. Prioritize this update, if threat actors get into your backup infrastructure, it is game over as they can corrupt, or even delete your backups, leaving you no recourse other than to pay a ransom that may or may not provide a reliable ransomware decryptor to get your data back.

In Ransomware, Malware, and Vulnerabilities News:

• Feds Take Down Virus Scanner Used by Hackers to Refine Their Malware. If you’re an enterprising threat actor and you want to ensure that your latest version of evil software will get past the defenses of your victims, you test it against the defenses. But that takes a lot of time, unless you submit to VirusTotal. However, you then have a new problem as you’ve just given defenders a copy of your evil payload. No, instead you’d subscribe to a service that tested against different anti-malware vendors and then gave you the results so you could tweak until nothing amiss was seen. The US Justice Department, along with Dutch and Finnish authorities have taken down just such a service, and they’ve seized a trove of information about the subscribers. Score a nice win for the good guys!

In Other News Events of Note and Interest:

• Kali GPT- AI Assistant That Transforms Penetration Testing on Kali Linux. This feels like an amazing transformative moment, but it is also fraught with danger. Kali Linux has long been the staple of penetration testers and hackers alike, providing over 600 pre-installed tools that can be used by defenders and threat actors. One limiting factor has been the complexity of use since most of the tools involve command-line controls. All that has changed with Kali-GPT. Now you can ask the AI and it will assist you in getting the results you need. And herein lies the problem. This is hosted by OpenAI. And they were just ordered by the US District Court of New York to “preserve and segregate all output log data that would otherwise be deleted on a going forward basis until further order of the Court (in essence, the output log data that OpenAI has been destroying), whether such data might be deleted at a user’s request or because of “numerous privacy laws and regulations” that might require OpenAI to do so.” Yep, anything you tell OpenAI is to be logged, whether you want that to happen or not. With the amount of potentially damaging information that a legitimate penetration tester might input into Kali-GPT, this could be disastrous if a threat actor were to obtain it. If you’re considering using this new tool, be very mindful of what information you share.
• AI in general. There are a lot of articles linked this week about AI, the impact of AI, how to deploy it safely, the timelines to milestones, and a very lengthy PDF presentation about AI from the legendary Bond report and more. Lots of good stuff here.

Musings:

Lately it feels as though doing much of anything on the internet is like driving down a highway in a Mad Maxx post-apocalyptic world. You need to be armored, drive fast, don’t pick up strangers, occasionally fight off raiders that want to disable you and steal your stuff, or that want to do you physical harm. And once you reach your destination, you have to hope that it hasn’t been taken over by marauders intent on malfeasance. To gain entry you often must prove your intent with several forms of interrogation, are you human, do you have multifactor, accept our cookies, pay for access, and more. Do I really want to get to that site that badly? Maybe I’ll just go to my bookshelf and pick up a nice physical hardbound book to read instead.

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI
• CISA warns of ConnectWise ScreenConnect bug exploited in attacks
• CISA Warns of Chrome 0-Day Vulnerability Exploited in the Wild to Execute Arbitrary Code
• New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch
• New Chrome flaw leaks sensitive information across websites – your data could already be in the wrong hands
• Hewlett Packard Enterprise warns of critical StoreOnce auth bypass 

Ransomware, Malware, and Vulnerabilities News

• FBI: Play ransomware breached 900 victims, including critical orgs
• Feds Seize BidenCash Carding Market and Its Crypto Profits
• Feds Take Down Virus Scanner Used by Hackers to Refine Their Malware
• ViLE gang members sentenced for DEA portal breach, extortion
• US Government seizes approximately 145 criminal marketplace domains
• Police arrests 20 suspects for distributing child sexual abuse content
• Vulnerability Explorer – Wazuh CTI provides access to a comprehensive database of vulnerabilities
• US govt login portal could be one cyberattack away from collapse, say auditors
• Lumma infostealer takedown may have inflicted only a flesh wound as crew keeps pinching and selling data
• Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code
• Exploitation Risk Grows for Critical Cisco Bug
• Critical Fortinet flaws now exploited in Qilin ransomware attacks
• Asus responds to concerns over 9,000+ routers compromised by botnet — firmware updates and factory reset can purge routers of persistent backdoor
• Researchers catch Meta apps abusing Android to track sensitive browsing history
• Custom Active Directory Client-Side Extensions Enable Stealthy Corporate Backdoors
• Android malware Crocodilus adds fake contacts to spoof trusted callers
• MediaTek Vulnerabilities Let Attackers Escalate Privileges Without User Interaction
• Realtek Bluetooth Driver Flaw Allows Attackers to Delete Any File on Windows Systems
• Critical Linux Vulnerabilities Expose Password Hashes on Millions of Linux Systems Worldwide
• Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU
• Wireshark Vulnerability Enables DoS Attack Through Malicious Packet Injection
• IBM QRadar Vulnerabilities Let Attackers Access Sensitive Configuration Files
• Google Chrome to distrust Chunghwa Telecom, Netlock certificates in August
• Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials
• Hackers can abuse Chrome to spy on users
• Samsung sends out public safety alert urging Galaxy users to enable new security features
• Millions of low-cost Android devices turn home networks into crime platforms
• Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas
• ‘Forest Blizzard’ vs ‘Fancy Bear’ – cyber companies hope to untangle weird hacker nicknames
• Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack
• New PumaBot Botnet Targets Linux IoT Devices to Steal SSH Credentials and Mine Crypto
• Hackers Weaponized Free SSH Client Putty to Attack Windows Systems With Malware
• Hackers are hijacking your typos to plant stealthy malware – and even the best antivirus might not catch it
• Hacker targets other hackers and gamers with backdoored GitHub code
• MainStreet reports third-party breach of bank customer data
• Vanta bug exposed customers’ data to other customers
• The North Face warns customers of April credential stuffing attack
• Crims stole 40,000 people’s data from our network, admits publisher Lee Enterprises
• 50,000+ Azure AD Users Access Token Exposed From Unauthenticated API Endpoint
• Over 8M records with US patients’ data leaked
• Old AT&T data leak repackaged to link SSNs, DOBs to 49M phone numbers
• ‘Russian Market’ emerges as a go-to shop for stolen credentials
• How illicit markets fueled by data breaches sell your personal information to criminals
• Over 4 billion user records leaked in “largest breach ever” – here’s what you need to know
• ConnectWise CEO: MSPs Essential As Cybercrime Economy Skyrockets
• Fake IT support calls hit 20 orgs, end in stolen Salesforce data and extortion
• Chinese Hacked US Telecom a Year Before Known Wireless Breaches
• China accuses Taiwan of running five feeble APT gangs, with US help
• China issues warrants for alleged Taiwanese hackers and bans a business for pro-independence links
• Iranian APT ‘BladedFeline’ Hides in Network for 8 Years
• Australia Begins New Ransomware Payment Disclosure Rules
• Cybersecurity investigators worry ransomware attacks may worsen as young, Western hackers work with Russians
• Tax resolution firm Optima Tax Relief hit by ransomware, data leaked
• Victoria’s Secret says it will postpone earnings report after recent security breach
• Bonuses for Lexington-Richland School District Five employees delayed due to cyberattack, district says
• City of Abilene confirms ransom demanded after hackers steal 477Gs of data
• Ransomware gang claims responsibility for Kettering Health hack
• Interlock Ransomware Deploys New NodeSnake RAT in UK Attacks
• US offers $10M for tips on state hackers tied to RedLine malware
• Threat Group Assessment: Muddled Libra (Updated May 16, 2025) 

Other News Events of Note and Interest

• Cool Tool: Adobe finally releases Photoshop for Android, and it’s free (for now)
• Cool Tool?: Kali GPT- AI Assistant That Transforms Penetration Testing on Kali Linux
• Wireshark Certified Analyst – Official Certification for Network Professionals
• Infrared contact lens enables humans to see in dark
• The greatest DOS games that defined the golden generation of DOS gaming
• 1960s tech used to produce 30TB tapes you can use right now
• Is Dark Mode Better for Your Eyes? Pros, Cons, and Expert Insights
• Infosec Europe 2025: we’re live at the show, and here’s everything we’ve seen
• EMR-ISAC Shuts Down: What Happens Now?
• Cops want Apple, Google to kill stolen phones remotely – so why won’t they?
• IBM Cloud login breaks for second time this week and Big Blue isn’t saying why
• OpenAI slams court order to save all ChatGPT logs, including deleted chats
• Reality check: Microsoft Azure CTO pushes back on AI vibe coding hype, sees ‘upper limit’
• Mistral releases a vibe coding client, Mistral Code
• Anthropic Researchers Warn That Humans Could End Up Being “Meat Robots” Controlled by AI
• ChatGPT rolls out Memory upgrade for free users
• Bond report on AI Trends – PDF
• It’s not your imagination: AI is speeding up the pace of change
• Why I have slightly longer timelines than some of my guests
• I asked ChatGPT to draw a bird a year ago, then did the same thing today. You won’t believe the difference!
• How to deploy AI safely | Microsoft Security Blog
• Is a quantum-cryptography apocalypse imminent?
• U.S. Defense Intelligence Flags Rivals’ Growing Military Use of Quantum Tech
• ISP settles with record labels that demanded mass termination of Internet users
• Broadcom ends business with VMware’s lowest-tier channel partners
• Microsoft shares script to restore inetpub folder you shouldn’t delete
• Microsoft offers free security support to governments
• Microsoft unit in Russia will reportedly file for bankruptcy
• Microsoft Bing gets a free Sora-powered AI video generator
• Create videos with your words for free – Introducing Bing Video
• Microsoft confirms Windows Outlook breaks in many ways after major Calendar feature upgrade
• New Outlook for Windows gets a major boost with June 2025 Update
• Microsoft issues out-of-band patches for Windows 11 startup failure
• Microsoft warns new Windows 11/10 installation ISO downloads must have this Defender update
• Microsoft makes it easier to find PC specs in Windows 11 Settings
• Microsoft is adding a simpler text editor than Notepad to Windows 11 soon
• Windows 11 gets emergency KB5062170 patch to fix errors when installing recent updates
• Windows 11 build 26120.4230 gets new Quick machine recovery in the Settings app