June 14, 2025

Header image for the Red Dot Weekly Cyber Security News https://reddotsecurity.news

Hello all,

As expected, Microsoft and a cadre of other vendors unleashed updates this past week. I shouldn’t be surprised that the quantity appears to be increasing, but I am. With the concerted push for the past few years on zero-trust, and memory safe software, shouldn’t the defects be decreasing? Microsoft, for their part, plugged two zero-day defects, one of which was already under active exploitation. Our Headline News section will get into a few more details and list some other vendors. With the non-tech news of national and world events chronicling significant unrest, expect that threat actors will be taking advantage and launching fresh click-bait, phishing, and malware attacks. Definitely keep the shields up.

As usual, my commentary is followed by a plethora of links to other items that are worth skimming to see if they interest you or pertain to your particular environment or of those you support. There is a lot more than what is provided in these opening comments, just scroll down a bit.

Headline NEWS:

  • Google Chrome patched several more vulnerabilities this week. You know the drill by now, close and reopen your browser, or go to help and about to check for updates. And expect that Chromium browsers, such as Microsoft Edge, will be updating shortly as well.
  • Fortinet has revealed several high-severity vulnerabilities in FortiManager, FortiAnalyzer, FortiAnalyzer-BigData, FortiOS SSL-VPN web-mode, FortiClientEMS, FortiClient for Windows, FortiPAM, FortiSRA, FortiSASE, FortiPortal, FortiProxy, and FortiWeb. Basically, if you have anything Fortinet, look for updates and apply them quickly as this vendor is a favorite of enterprising threat actors.
  • Ivanti has unleashed fixes for three defects in their Workspace Control product. To quote their announcement, “Ivanti has released updates for Ivanti Workspace Control which address three high severity vulnerabilities. Successful exploitation could lead to credential compromise…” You’d think they would have found all of these things by now, since they’ve been doing code review for the past couple of years. Thankfully, there are no reports of active exploitation of these vulnerabilities yet.
  • Microsoft Patch Tuesday provided 66 defect fixes with at least one actively exploited zero-day receiving a patch. There are some doozies in the list of defects such as a Windows SMB Client Elevation vulnerability, Remote Desktop, Netlogon, windows Cryptographic services, and a goodly number in the Office suite. Needless to say, vet these quickly and apply them as soon as you can. If you’re interested in an excellent review of the history of Microsoft vulnerabilities, check out the Beyond Trust report link in our Ransomware, Malware, and Vulnerabilities section.
  • Salesforce has had five zero-days revealed, along with quite a few misconfiguration issues that can lead to data leakage and compromise. The zero-days were fixed by Salesforce, but the misconfiguration issues, which apparently are rather common, need to be fixed at the client end. If you use any of the Salesforce Industry Cloud offerings, you should immediately check the link for details on how to fix the holes.
  • SAP has patched 14 defects that span a wide range of their products. Some of the flaws that were plugged are rated critical, such at in NetWeaver, so again, vet and apply quickly.

In Ransomware, Malware, and Vulnerabilities News:

  • INTERPOL, working with 26 different countries as part of Operation Secure, just took down over 20,000 IP addresses and domains, along with 41 servers and over 100GB of data. This operation took down 79% of the malicious infrastructure and saw the arrests of 32 individuals linked to the criminal network. Score a nice win for the good guys!
  • Supply Chain Attacks have massive downline impacts, as can be witnessed by the recent successful ransomware event at United Natural Foods, a distributor to over 30,000 stores and supermarkets in the USA and Canada. Whole Foods, UFC, Safeway, Central Co-op, and more are all experiencing product shortages. Trucks are sitting idle since they are not able to receive orders and fulfill deliveries. Fuel for those trucks will not be purchased, Farmers that have produce piling up cannot get it to market, and the list goes on. We need to realize that these type of supply-chain attacks have far-reaching impacts that, if not remedied quickly, can have devastating economic impacts.

In Other News Events of Note and Interest:

  • Denmark and German state dumping Microsoft. Citing “Digital Sovereignty” as the reasoning, a desire to not be dependent upon foreign countries or powers for their computing and technological needs, The Danish government and the German state of Schleswig-Holstein have said that they will transition from Microsoft to Linux and Libre Office, joining France’s gendarmerie, and India’s defense ministry. These moves are part of a growing trend and echoes the European Commission (EC) call to take action to reduce the region’s reliance on foreign-owned digital services and infrastructure. If this continues, it could be an interesting time for Big Redmond.

Musings:

This weekend my wife and I took a train trip for a mini vacation. While on the train, I noticed that I was able to see the screen of the gentleman seated alone in front of me. I clearly saw his name (I’ll call him Carlos) in about 24-point type in an Outlook email signature. He was working on replies to emails, financial spreadsheets, forecasts, and a PowerPoint presentation that dealt with recent sales visits. At one point he took a phone call and got up to go to the restroom at the front of the train car. He left his computer open, screen on, and unlocked. I kept looking at my watch to see how long he was away and completely out of sight of his computer. He was gone for over five minutes. When Carlos returned, I waited until his phone call ended and then I moved one seat forward and introduced myself to him, calling him by name. I explained that I work in cyber security and told him how I knew his name. Then I explained that in the time that he was gone, had I been a threat actor, I would have had more than ample time to install a malicious keylogger that would have compromised his computer and subsequently his entire company. He was very appreciative and said that he’d share what he’d just learned with his colleagues. I then showed him how to set up Dynamic Lock on this computer so that when he leaves its proximity it automatically locks the screen. As Cyber Matt Lee says, #LockItUp. Doing my part to keep the world a bit safer.

Visc. Jan Broucinek

Keep the shields up.

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

 

Tags
Share this with: