Hello all,
Cisco decided to grace us with a major vulnerability, SolarWinds is trying a third time to fix a defect, ransomware is severely impacting European airports, supply chain attacks on NPM packages by worms from Dune, and Windows 25H2 coming soon are just some of the items covered in the list of news items this week.
This email and video commentary is from the RedDotSecurity.news website that contains a plethora of links to other items, not mentioned here, that are worth skimming to see if they interest you or pertain to your particular environment or of those you support. There is a lot more than what is provided in these opening comments. So, on to the headline news.
Headline NEWS:
- Cisco IOS XE has a zero-day that is under active attack. By chaining two of the three recently disclosed vulnerabilities, attackers take to heart Cisco’s slogan of “Bridge to Possible” and are able to gain full remote unauthenticated access to affected devices. CISA gave Federal agencies until Friday of this past week to either update or disconnect all of their Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) software devices. Upgrade immediately.
- Libraesva ESG (Email Security Gateway) has a rather severe problem that requires immediate attention. I’ll let their security bulletin speak for itself. “Libraesva ESG is affected by a command injection flaw that can be triggered by a malicious e-mail containing a specially crafted compressed attachment, allowing potential execution of arbitrary commands as a non-privileged user…” If you are a Libraesva cloud client, the patch was automatically applied. If you self-host, check to ensure you’ve been updated, and if not, update as soon as you can.
- SolarWinds Web Help Desk is being a bit too helpful and could allow threat actors to execute remote code on vulnerable systems. This was originally patched in August 2024, and again in October 2024. And once again this month. Hopefully, they’ve actually patched this defect now. Make sure you update soon. It isn’t known to be under active exploitation yet, but historically, SolarWinds has been a popular target of threat actors.
In Ransomware, Malware, and Vulnerabilities News:
- Man arrested in UK over cyberattack that has taken down hundreds of flights at European airports, including Dublin, Heathrow, Brussels, and Berlin. Collins Aerospace’s product, MUSE, which is used by multiple airlines for cross-company check-ins and baggage drop-off reportedly suffered a ransomware attack last week, forcing airlines to use manual processes. The manufacturer is working with authorities and forensics firms to restore operations. One of my friends is vacationing in the UK, I wonder…? Nah.
In Other News Events of Note and Interest:
- IRS touts ‘major progress’ on IT modernization. Reading the article this headline references truly reinforces my assertion that if you really want to make progress, abolish this regressive entity that penalizes productivity. In this writer’s opinion, income by individuals should not be taxed. However, while this onerous agency does exist, I am certainly all for modernizing their arcane systems. But the glacial pace and monstrous costs associated with this make me believe that it will never be accomplished. Some have been underway since 2009! That’s eleven years! The systems will be obsolete before they ever come online into use. The annual exercise of American consumers reporting what they think is correct and then waiting for the Infernal Revenue Service to either agree and issue a refund due to overpayment, or acknowledge receipt of payment due to underpayment, is absurd. They know what we make. Send us a notice with the refund or a bill. Or better yet, let us keep all of our money and tax commerce, not income.
Musings:
Welcome to Pumpkin Spice season. It is that time of year where we find that scent and flavor everywhere. Starbucks, Trader Joe’s, Dunkin’, McDonalds, and more have it in abundance. It wouldn’t surprise me to see Pumpkin Spice offerings by the likes of Microsoft, Google, and Cisco. The holdouts will be Apple with iCinnamon-Spiced offerings and of course Foritnet with their own proprietary FortiSpice. No matter what your preferred seasonal flavor and scent, threat actors are not taking a break. So, enjoy your beverage of choice and…
Keep the shields up!
Viscount Jan Broucinek
Red Dot Security News
Headline NEWS
- Cisco IOS 0-Day RCE Vulnerability Actively Exploited in the Wild
- Multiple critical vulnerabilities affecting Cisco products
- CISA orders agencies to patch Cisco flaws exploited in zero-day attacks
- Hackers exploit Cisco firewall flaw, U.S. issues urgent alert
- Libraesva ESG issues emergency fix for bug exploited by state hackers
- SolarWinds Makes Third Attempt at Patching Exploited Vulnerability
- SolarWinds fixes Web Help Desk patch bypass for actively exploited flaw — again
Ransomware, Malware, and Vulnerabilities News
- Good News and Interesting
- US Secret Service Seizes 300 SIM Servers, 100K Cards Threatening US Officials Near UN
- US Secret Service dismantles imminent telecommunications threat in New York tristate area
- Canada dismantles TradeOgre exchange, seizes $40 million in crypto
- Man arrested in UK over alleged cyberattack that affected European airports
- Teen Suspect Surrenders in 2023 Las Vegas Casino Cyberattack Case
- AI Forensics Help Europol Track 51 Children in Global Online Abuse Case
- Can Cyber Privateers Help Us Combat Cybercrime?
- Cyber Threat Detection Vendors Pull Out of MITRE Evaluations Test
- SonicWall releases SMA100 firmware update to wipe rootkit malware
- Vulnerabilities and Exploits
- Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure
- Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security
- Cross-Agent Privilege Escalation: When Agents Free Each Other
- Chrome High-severity Vulnerabilities Let Attackers Access Sensitive Data and Crash System
- OnePlus phones vulnerable to SMS theft since 2021
- Chatbait Is Taking Over the Internet
- FBI Warns of Spoofed IC3 Website
- Beware of Fake Online Speedtest Application With Obfuscated JS Codes
- Hackers Exploiting Hikvision Camera Vulnerability to Access Sensitive Information
- Hackers Can Compromise Chromium Browsers in Windows by Loading Arbitrary Extensions
- ShadowLeak Exploit Exposed Gmail Data Through ChatGPT Agent
- Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models
- PyPI urges users to reset credentials after new phishing attacks
- Threat Actors Leverage Oracle Database Scheduler to Gain Access to Corporate Environments
- New EDR-Freeze tool uses Windows WER to suspend security software
- Hackers Can Bypass EDR by Downloading Malicious File as In-Memory PE Loader
- New LNK Malware Uses Windows Binaries to Bypass Security Tools and Execute Malware
- Hackers Bypassing Windows Mark of the Web Files Using LNK Stomping Attack
- American Archive of Public Broadcasting fixes bug exposing restricted media
- GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security
- Nosey Parker: Open-source tool finds sensitive information in textual data and Git history
- 2 Tbps DDoS Attack Breaks Internet With New World Record
- Operation Rewrite: Chinese-Speaking Threat Actors Deploy BadIIS in a Wide Scale SEO Poisoning Campaign
- Attackers Can Exploit WerFaultSecure.exe Tool to Steal Cached Passwords From Windows 11 24H2
- Cybersecurity Experts Say These Humanoid Robots Secretly Send Data to China and Let Hackers Take Over Your Network
- Phishing, Malware, and similar
- Deepfaked calls hit 44% of businesses in last year: Gartner
- Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network
- Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs
- LastPass: Fake password managers infect Mac users with malware
- Githubs reputation being exploited by bad actors to distribute malware
- CISA, GitHub take action after massive NPM supply chain compromise
- CISA urges orgs to review software after ‘Shai-Hulud’ supply chain compromise
- NPM package caught using QR Code to fetch cookie-stealing malware
- Unofficial Postmark MCP npm silently stole users’ emails
- Cybercriminals now have SpamGPT, an AI-powered toolkit making phishing, ransomware campaigns, and email attacks dangerously simple and efficient
- New Inboxfuscation Tool That Bypasses Microsoft Exchange Inbox Rules and Evade Detection
- Why attackers are moving beyond email-based phishing attacks
- New Botnet Leverages DNS Misconfiguration to Launch Massive Cyber Attack
- Linux Kernel ksmbd Vulnerability Allows Remote Attackers to Execute Arbitrary Code
- Iranian Hackers Use SSL.com Certs to Sign Malware
- Breaches, Leaks, and Ransomware
- CISA says hackers breached federal agency using GeoServer exploit
- CISA: Federal Agency Breached via GeoServer Bug
- Co-op says it lost $107 million after Scattered Spider attack
- Hackers claim German aviation firm FAI, leak data
- Threat Actors Breaking to Enterprise Infrastructure Within 18 Minutes From Initial Access
- Jaguar Land Rover failed to finish cyber insurance purchase
- How One Bad Password Ended a 158-Year-Old Business
- New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus
- UNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology Sectors
- Another BRICKSTORM: Stealthy Backdoor Enabling Espionage into Tech and Legal Sectors
- Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt Strike
- Beijing’s RedNovember hacked critical US, global orgs
- Telecom exec: Salt Typhoon inspiring other hackers to use unconventional techniques
- Troy Hunt: Have I Been Pwned Demos Are Now Live!
- New York Blood Center Alerts 194,000 People to Data Breach
- Automaker giant Stellantis confirms data breach after Salesforce hack
- EU cyber agency confirms ransomware attack causing airport disruptions
- Ransomware behind global airport outage, says ENISA
- Unmasking Akira: The ransomware tactics you can’t afford to ignore
- Boyd Gaming discloses data breach after suffering a cyberattack
- New ‘shinysp1d3r’ Ransomware-as-a-Service Targets VMware ESXi in Ongoing Development
- Inc Ransomware Claims 5.7 TB of Data Theft at Pennsylvania Attorney General
- Volvo North America disclosed a data breach following a ransomware attack on IT provider Miljödata
- New LockBit 5.0 Ransomware Variant Attacking Windows, Linux, and ESXi Systems
Other News Events of Note and Interest
- Cool Tool: Kali Linux 2025.3 released with 10 new tools, wifi enhancements
- Cool Tool: Rufus 4.10 is out with dark mode, new Secure Boot certificates support, and more
- Firewall upgrade at telco linked to deaths in Australia
- EU to register fingerprints, faces for short-stay visitors
- Genetic privacy erodes as millions of DNA profiles are entered into US database
- VLC update adds support for Windows 11 on Arm and Windows XP
- Chrome is Google’s first iPhone app with Liquid Glass
- Google’s Android for PC: ‘I’ve seen it, it is incredible’
- Employees learn close to nothing from phishing training, and this is why
- Trump approves TikTok deal through executive order at $14 billion
- This European military just ditched Microsoft for open-source LibreOffice
- IRS touts ‘major progress’ on IT modernization, but has yet to decommission legacy systems
- Enthusiasts bond twelve 56K modems together to set dial-up broadband records — a dozen screeching boxes achieve record 668 kbps download speeds
- AI, LLM’s, and Skynet
- Many employees are using AI to create ‘workslop’
- Google is starting to launch real-time AI voice search
- Microsoft adds Anthropic’s AI to Copilot
- Claude now available in Microsoft 365 Copilot
- Zoom launches a cross application AI notetaker, AI avatars and more in its latest update
- Nvidia to Invest Up to $100 Billion in OpenAI
- It’s surprisingly easy to stumble into a relationship with an AI chatbot
- Microsoft
- Microsoft’s AI CEO on the future of the browser
- Microsoft Edge to block malicious sideloaded extensions
- Microsoft shares temp fix for Outlook encrypted email errors
- Microsoft confirms DRM issues in Windows 11 September 2025 Update
- Windows 11 24H2 KB5068221 fixes problems with Office apps
- Microsoft fixes Windows 11 bug that froze PC when signing in, and more
- Microsoft lifts Windows 11 update block after face detection fix
- Windows 11’s new-look Start menu is a big upgrade. Let’s dive in
- Microsoft releases the final Windows 10 22H2 preview update
- Download official Windows 11 version 25H2 RTM ISOs here
- How to download and install Windows 11 version 25H2