August 2, 2025 - Red Dot Security

Header image for the Red Dot Weekly Cyber Security News https://reddotsecurity.news

Hello all,

Most of last week was quiet with a steady rumble of Microsoft sourced phishing emails growing in popularity, and then toward the latter part of the week Arctic Wolf and Huntress warned about a concerning increase in successful attacks against SonicWall firewalls. More on that in a moment. Meanwhile, this coming week starts “Hacker Summer Camp” in Las Vegas. Tens of thousands of security professionals, malicious actors, threat hunters, criminals, wanna-be hackers, and the just plain curious, will descend on the trifecta of Blackhat, BSidesLV, and DefCon. The good news is that thousands of malicious actors will be occupied and not attacking our networks this coming week. The bad news is that thousands of defenders will be occupied and will not be defending our networks this coming week either. It’ll be an interesting time for sure.

Headline NEWS:

Insurance won’t cover $5M in City of Hamilton claims for cyberattack. This article should hopefully serve as a very poignant reminder that if you tell an insurance company that your company is doing a required action, it better be in place and documented. Hamilton was to have implemented Multifactor Authentication (MFA/2FA) for their systems but instead procrastinated. Threat actors, taking advantage of the situation, ransomwared them. Since the city wasn’t doing what they said they would, their insurance company denied their claim. That means that the citizens of Hamilton are on the hook for the $18.4 million dollars, and growing, recovery cost. Ouch.
Ransomware group FunkSec has released a decryptor free to the public. If you have files encrypted by the group, you’re welcome? I guess.
SonicWall firewall devices have been hit in a recent rash of Akira ransomware attacks. It is unknown how the threat actors are gaining access currently. Both Arctic Wolf and Huntress are concerned that there may be a zero-day vulnerability within the SSL-VPN since that has been under the threat actor microscope lately. SonicWall has said that they are investigating but have no additional information at this time. Arctic Wolf and Huntress are recommending that the SSL-VPN portion of the firewalls be restricted or turned off if possible until root-cause is identified. If not possible, ensure that Botnet Protection is on, MFA is enabled, and unused accounts are removed. And if there is any suspicion of leakage, immediately reset user passwords.
Critical Salesforce Tableau defects allow bad guys to achieve Remote Code Execution (RCE). The vulnerabilities are in multiple modules, and via multiple vectors, so updating to the latest version is the only mitigating action. Update quickly.

In Ransomware, Malware, and Vulnerabilities News:

Microsoft Exchange Online aka Microsoft 365 email has seen a dramatic rise in Direct-Send spam, phishing, and malware email messages which bypass third-party email gateways and filtering. This novel technique does a very nice job of making it appear as though emails come from within your organization, or that of a trusted partner. Proofpoint has noted this recent rise and has published guidance for detection and has pointed organizations toward setting a newly created Microsoft function named “reject direct send”, which is designed to combat this scourge.
Ransomware Gang uses Chatbot to Negotiate is a somewhat scary headline. Having been privy to the goings-on with numerous ransomware negotiations, this seems like it will make the process significantly more difficult for the good guys, especially if the chatbot is backed by a decent, evil AI engine. Theoretically, it could have scoured all exfiltrated information, publicly available data, and knows exactly what a company can afford, where the skeletons are hiding, and where to apply pressure in just the right ways to extract the maximum ransom payment. And it is unfeeling, has no compassion, and not even a hint of human ethics to cause it to take pity on a company or individual. Yeah, this is scary, and I don’t like where it is heading.

In Other News Events of Note and Interest:

Peacocks Have Lasers in their Tails. How can you not love a headline like that?! Forget the fictional Sharks with Lasers, this is real! LASER is an acronym for Light Amplification by Stimulated Emission of Radiation. Researchers at Florida Polytechnic University and Youngstown State University had heard that Peacock feathers had unusual light refracting properties. So, they investigated and found that the eyespots on the fowl’s tails have the ability to align light waves amplifying them, producing the effect of a yellow-green laser. Cool!

Musings:

This next week I’ll have the privilege of reporting from both Blackhat and DefCon. It will be a fascinating foray into the minds and actions of some of the tech world’s brightest and most creative individuals. Expect that there will be incoming reveals of vulnerabilities, hacks, and terrifyingly close calls that were averted by the vigilance of some random defender who was just doing his job and got curious.

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Like this: