Hello all,
The Iran war is still dominating the news, but surprisingly, after the successful attack on Stryker Corporation, there have been no reports of other large-scale successful cyber-attacks attributed to Iranian threat actors. That’s not to say they haven’t tried, a Nuclear Reactor in Poland was apparently targeted, but the attack was prevented. Clearly, hyper-vigilance is warranted. This coming week upwards of 40,000 cyber security professionals will be gathering in San Francisco for the RSAC conference, meaning that significantly less defenders will be “minding the store”. Let’s just hope the threat actors are also attending and not scheming an attack this coming week.
This email and video commentary is from the RedDotSecurity.news website that contains a plethora of links to other items, not mentioned here, that are worth skimming to see if they interest you or pertain to your particular environment or of those you support. There is a lot more than what is provided in these opening comments. So, on to the headline news.
Headline NEWS:
- Oracle Corporation has released emergency updates for two Fusion Middleware products, their Oracle Identity Manager and Oracle Web Services Manager, to patch a low complexity remote code execution (RCE) defect that requires no authentication. Oracle strongly recommends that the critical patches be applied as soon as possible. It would be nice if they weren’t behind a paywall. But that’s Oracle’s business. Oracle declined to say if this vulnerability has been publicly exploited. In a related note, CISA has directed all federal agencies to patch a max severity Oracle Secure Firewall Management Center defect that was announced on March 4th by the vendor. If you use this, patch quickly since the FMC vulnerability has been under active exploitation by threat actors since at least January.
- Telnetd a very old file transfer process found in most Linux systems, has had a critical defect revealed that affects all versions and can enable an unauthenticated remote code execution. All versions up to 2.7 are vulnerable. Currently there is no patch. I’m not sure why anyone would be using this in 2026, but if you are, stop it, and by all means do not leave this publicly exposed on the internet! The patch isn’t expected for another week or so. Don’t leave a hole this glaring open for that long.
- Ubiquiti UniFi Network Application has a couple of critical vulnerabilities that were patched by the vendor this week. The most serious is trivial to exploit and can enable full account takeover and compromise of the Network Application or server. The fix is to update to the latest version. If you have this and it is publicly facing anywhere, patch immediately.
In Ransomware, Malware, and Vulnerabilities News:
- Intoxalock supplies breathalyzer ignition locks for vehicles in 46 states and serves approximately 150,000 drivers. This past week they were successfully attacked, and their systems taken offline. Initially, many customers were left wondering what had happened as their systems failed to work. Reaching anyone at the company was met with frustration. Finally, on Wednesday the vendor posted on their website that they are the victims of a cyberattack and are reviewing the event. The result to drivers has been that hundreds, if not thousands, of them are unable to start their cars due to their Intoxalock devices missing their required calibrations. Intoxalock has advised customers that they will be “covering costs that are a direct result of the temporary system pause.” So, there is some hope for reimbursement for those that now need to Uber, Taxi, and take public transportation, and for expenses related to having their vehicles towed. The latest post from the vendor says that appointments for calibration will remain paused until at least Sunday March 22nd.
In Other News Events of Note and Interest:
- Non-Human Workforce is a good way to describe the growing presence of AI agents and workers. An excellent article from coinfluence.com explores some of the nuances that should be considered by every enterprise that is deploying what are essentially a new type of employee. As it is currently, most organizations grant access based on the human employee’s credentials that is attempting to use the AI or is based on what is being accessed. However, as we see increasing use of autonomous AI agents that are assigned goals to accomplish instead of just specific tasks, the article rightly explores the idea of treating them as actual employees, with unique identities, privilege access restrictions across multiple systems, and clearly identifying who is responsible for their care, management, and retirement when they are no longer needed. Hopefully companies are giving serious consideration to the lifecycle and management of this growing workforce.
Musings
To my fellow cyber warriors that will be at RSAC this coming week, I hope that you have an amazing time and the systems and people that you support are safe and secure in your absence. May you, in the words of NCIS’ Dwayne Pride, “Go! Learn Things!”
Keep the shields up!
Viscount Jan Broucinek
Red Dot Security News
Headline NEWS
- Critical Out-of-Band Oracle Identity Manager and Oracle Web Services Manager Remote Code Execution Vulnerability
- Oracle pushes emergency fix for critical Identity Manager RCE flaw
- Researchers warn of unpatched, critical Telnetd flaw affecting all versions
- Ubiquiti UniFi Critical Vulnerabilities need immediate patching
- Ubiquiti rushes out emergency fix for critical bug in UniFi Network Application
- Critical Ubiquiti UniFi UniFi security flaw allows potential account hijacking
Ransomware, Malware, and Vulnerabilities News
- Good News, Government News, and Interesting
- CISA urges US orgs to secure Microsoft Intune systems after Stryker breach
- CISA flags Wing FTP Server flaw as actively exploited in attacks
- CISA orders feds to patch Zimbra XSS flaw exploited in attacks
- CISA orders feds to patch max-severity Cisco flaw by Sunday
- FCA Updates Cyber Incident and Third-Party Reporting Rules
- AI-driven fraud far more profitable, Interpol warns
- Cybercrime up 245% since the start of the Iran war
- America’s North Korean IT workers’ problem that Amazon security head said he traced by keystroke data is now ‘troubling’ Europe
- North Korean’s 100k fake IT workers net $500M a year for Kim
- FTI Consulting Study Reveals Cybersecurity Attacks Are an Increasing Threat to M&A
- Japan to allow ‘proactive cyber-defense’ from October 1st
- Europe sanctions Chinese and Iranian firms for cyberattacks
- UK: Regulation Drives Cyber Spending for Critical Infrastructure Orgs
- Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries
- ‘Operation Atlantic’: US Secret Service Teams With UK, Canada to Stop Crypto Fraud
- FBI seems to seize website tied to Iranian cyberattack on Stryker
- Vulnerabilities and Exploits
- Device Code Phishing – what is it?
- ConnectWise patches new flaw allowing ScreenConnect hijacking
- How Threat Actors Abuse Remote Management Software for Initial Access
- Fortinet patches FortiGate Firewall vulnerabilities that allowed hackers to steal enterprise credentials
- iPhone exploit DarkSword patched by Apple in iOS 26.3
- Apple warns iPhone users to update software after mass hacking campaigns
- Now You See mi: Now You’re Pwned
- Help on the line: How a Microsoft Teams support call led to compromise
- Researchers expose hack that could hand attackers full control of ship’s engine, navigation and power
- Intel has published a whole host of security vulnerabilities, with mitigations rolling out, but attackers will need local access to actually do anything
- Researchers disclose vulnerabilities in IP KVMs from four manufacturers
- Apple rolls out first ‘background security’ update for iPhones, iPads, and Macs to fix Safari bug
- Ubuntu CVE-2026-3888 Bug Lets Attackers Gain Root via systemd Cleanup Timing Exploit
- Cybercriminals scale up, government sector hit hardest
- Researcher Discovers 4th WhatsApp View Once Bypass; Meta Won’t Patch
- New ClickFix attack leverages WorkFlowy for stealthy malware delivery
- Security teams might be overlooking wider threat to Cisco SD-WAN
- Critical Microsoft SharePoint flaw now exploited in attacks
- Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover
- An AI cyberattack could trigger a satellite apocalypse in the next 2 years. Are we prepared?
- Phishing, Malware, and similar
- FBI links Signal phishing attacks to Russian intelligence services
- ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers
- FBI seeks victims of Steam games used to spread malware
- New Fake Zoom Meeting Invite Scam Spreads Malware on Windows PCs
- Robotics surgical biz Intuitive discloses phishing attack
- Robotic Surgery Giant Intuitive Discloses Cyberattack
- Hacked sites deliver Vidar infostealer to Windows users
- GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
- New font-rendering trick hides malicious commands from AI tools
- New Phishing Campaign Exploits Cisco Domains
- Fake FileZilla Downloads Lead to RAT Infections Through Stealthy Multi-Stage Loader
- Hackers Target Cybersecurity Firm Outpost24 in 7-Stage Phish
- Storm-2561 Uses Fake Fortinet, Ivanti VPN Sites to Drop Hyrax Infostealer
- EDR killers are now standard equipment in ransomware attacks
- 54 EDR Killers Use BYOVD to Exploit 34 Signed Vulnerable Drivers and Disable Security
- Iranian Botnet Exposed via Open Directory: 15-Node Relay Network and Active C2
- Widely used Trivy scanner compromised in ongoing supply-chain attack
- Eclypsium Discovers Two New Malware Variants Targeting Network Infrastructure
- Breaches, Leaks, and Ransomware
- Breathalyzer company under security breach; cars unable to move
- Cyberattack on vehicle breathalyzer company leaves drivers stranded across the US
- Stryker attack raises concerns about role of device management tool
- Stryker attack wiped tens of thousands of devices, no malware needed
- Stryker cyber attack: Employees still unable to work more than a week after hack
- Identity theft from data breaches cost Americans $20B over past decade
- Credential theft compounded in 2025, says new data from Recorded Future
- China’s biggest cybersecurity firm accidentally leaked an SSL key in a public installer
- Loblaw confirms data breach – Canadian retail giant says ‘basic customer information’ affected
- Ransomware Tactics, Techniques, and Procedures in a Shifting Threat Landscape
- More companies are paying ransoms after cyberattacks
- Less Lucrative Ransomware Market Makes Attackers Alter Methods
- Verizon retailer data breached, hackers claim
- New details released after cyberattack paralyzes Bay Area city
- Millions of ‘anonymous’ crime tips exposed in massive Crime Stoppers hack
- Ransomware gang exploits Cisco flaw in zero-day attacks since January
- Marquis says over 672,000 people had personal and financial data stolen in ransomware attack
- CarGurus data breach exposes 12.4 million user records online in hack
- LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
- 7M AI Chat Logs and Calls Exposed in Sears-Linked Data Leak
- FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops – Ctrl-Alt-Intel
- Aura confirms data breach exposing 900,000 marketing contacts
Other News Events of Note and Interest
- Google, Microsoft, Amazon, and Others Unite Under New Anti-Scam Pact
- Google Fiber will be sold to private equity firm and merge with cable company
- Firefox 149 adds built-in free VPN with 50GB monthly data
- Android’s new desktop windowing mode has changed how I use my tablet
- Google’s latest system update for Android is small, but surprisingly useful
- Tech companies are blaming massive layoffs on AI. What’s really going on?
- COBOL Is the Asbestos of Programming Languages
- Adobe settles DOJ cancellation fee lawsuit, will pay $75 million penalty
- Microsoft says buggy Samsung update trashes some Windows 11 PCs, and it’s a reminder to clean up OEM bloat
- Nvidia pushes further into the autonomous vehicle space to compete with Tesla and Waymo
- Water utilities need hands-on cybersecurity help, not just free guidance, pilot program finds
- AI, LLM’s, and Skynet
- Tech industry rallies behind Anthropic in Pentagon fight
- Gartner suggests Friday afternoon Copilot ban
- Google’s Personal Intelligence feature is expanding to all US users
- NVIDIA Ignites the Next Industrial Revolution in Knowledge Work With Open Agent Development Platform
- You’re Not Just Deploying AI. You’re Managing a Non-Human Workforce
- Meta is having trouble with rogue AI agents
- Microsoft
- Announcing PowerShell 7.6 (LTS) GA Release – PowerShell Team
- Edit with Copilot in Excel
- Microsoft teases image support in Notepad for Windows 11 ahead of roll out
- Announcing three new partners for multi-tenant management with Microsoft Intune
- Microsoft reveals details about unique Windows 11 version support
- Microsoft scales back Copilot plans on Windows 11
- Microsoft says Windows 11 will get faster as it scales back Copilot
- Microsoft stops force-installing the Microsoft 365 Copilot app
- Microsoft: Enabling Teams Meeting add-in breaks Outlook Classic
- Windows 11 25H2, 24H2 get another emergency update for broken Bluetooth
- Stop defragmenting and start living: introducing auto index compaction
- Classic Outlook crashes and opens in Safe Mode starting March 12 2026
- Microsoft: March Windows updates break Teams, OneDrive sign-ins
- Windows 11 has finally taken over
- Windows 11 KB5085516 released after KB5079473 breaks Microsoft account sign-in in popular apps