April 29, 2023

Hello all,
On the heels of the RSA conference, there is a significant amount of news this week with a good number of vulnerabilities and bugs being patched and holes being plugged. As usual, the Red-N Weekly Cyber Security News newsletter is below the Notable Callouts.

Notable Callouts:

• APC leads the pack with an RCE that could lead to device takeover and meltdown.
• Cisco stays in the headlines for another week, this time for an XSS zero-day bug in their Cisco Prime Collaboration Platform.
• ConnectWise’s rumored sale to Bain Capital from Toma Bravo has apparently been rejected. However, rumors still persist that a sale is being courted and is imminent.
• Illumina DNA sequencers have critical flaws that need splicing a patch in to resolve.
• Microsoft is warning about exploitation of PaperCut. Microsoft has announced that Windows 10 22H2 is the last feature release for that OS. Any new features will come to newer OS’es. Additionally, Microsoft announced that they intend to transition their 365 apps to a new domain of “cloud.microsoft”.
• NSA’s Cybersecurity Director, Rob Joyce, is warning that we need to “buckle up” for generative AI. In somewhat related news, the US Deputy Attorney General Lisa Monaco (formerly with the NSA) said that the US will be focusing more on “stifling” attacks vs. prosecution.
• PaperCut is making headlines for bad reasons. The previously announced vulnerability is now being very actively exploited. Educational institutions are at particular risk due to high adoption of this product. Guidance has been published to reveal if it has been exploited.
• Salesforce is in the news, although technically it isn’t their fault. Many public sites have been found to be misconfigured and leaking private data.
• SolarWinds (insert full body shudder here) has patched some high-severity vulnerabilities.
• TP-Link has some gear being exploited by the Mirai botnet. If you have it, patch it or replace it.
• VMware’s SLP has been shown capable of enabling massive DDoS attacks, and VMware also released patches for VMware Workstation and Fusion.
• Zyxel finishes our alphabet stew with a good number of firewall devices that are vulnerable to RCE and other bugs that need patching.

• In Ransomware, Malware, and Vulnerabilities News, a warning about Firmware becoming the next frontier for cybersecurity. It bears noting how many headlines now have “AI” or “ChatGPT” in them. There has been a major evolutionary leap made, and it is going to be interesting.
• In Other News Event of Note and Interest, speaking of AI. Microsoft has introduced a new product named Microsoft Designer.
• In Cyber Insurance News, there’s a link to an excellent article about “What MSPs Should Know about Cyber Insurance in 2023”. It is well worth reading.

It never ceases to amaze me when I read about some “creative solution” that resulted in a major failure or incident. I wonder how Artificial Intelligence will fare against natural stupidity. Perhaps we don’t have quite so much to fear from AI as we think.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• APC warns of critical unauthenticated RCE flaws in UPS software
• Zero Day Initiative — TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal
• SolarWinds Platform Update Patches High-Severity Vulnerabilities
• New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks
• VMware Response to CVE-2023-29552 – Reflective Denial-of-Service (DoS) Amplification Vulnerability in SLP
• VMware Releases Critical Patches for Workstation and Fusion Software
• CISA Warns of Critical Flaws in Illumina’s DNA Sequencing Instruments
• Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware
• Increased exploitation of PaperCut drawing blood around the Internet
• Bain Capital Eliminated As ConnectWise Moves To Next Phase Of Buyout Process: Sources
• US to focus on stifling online attacks rather than snagging criminal convictions
• NSA Cybersecurity Director Says ‘Buckle Up’ for Generative AI
• Cisco discloses XSS zero-day flaw in Cisco Prime Collaboration Deployment server management tool
• Microsoft 365 apps are moving to the cloud.microsoft domain
• Microsoft is done with major Windows 10 updates
• Many Public Salesforce Sites are Leaking Private Data
• Zyxel Firewall Devices Vulnerable to Remote Code Execution Attacks

Ransomware, Malware, and Vulnerabilities News

• Firmware Looms as the Next Frontier for Cybersecurity
• The latest Windows zero-day vulnerability allows JavaScript files to skip security warnings
• Chinese hackers outnumber FBI cyber personnel ‘by at least 50 to 1,’ Wray testifies
• Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers
• Is your bank account safe? Mass layoffs weaken cybersecurity across finance sector
• Atomic macOS Stealer Malware Can Steal Keychain Info, Files, Browser Wallets and More
• Tampa Bay, Aspen Dental latest victim in series of cyberattacks on healthcare providers
• Hackers behind 3CX breach also breached US critical infrastructure
• GitLab’s new security feature uses AI to explain vulnerabilities to developers
• List of brands used by cyber attackers in 2023 phishing campaigns
• Google Cloud Introduces Security AI Workbench for Faster Threat Detection and Analysis
• Google disrupts malware that steals sensitive data from Chrome users
• Google banned 173K developer accounts to block malware, fraud rings
• Cyberattack on US railroad company compromises critical infrastructure
• Collaboration between CISA, Cyber Command thwarted dangerous cyberattacks, officials said
• Cyberattack disrupts Lowell, MA city government, shuts down computers
• RSAC: Organizations Warned About the Latest Attack Techniques
• China’s ‘Evasive Panda’ Hijacks Software Updates to Deliver Custom Backdoor
• First Major Cyberattack Launched by Cornell Student in New York
• Tencent Cloud announces Deepfakes-as-a-Service for $145
• Git security vulnerabilities announced
• Chinese hackers launch Linux variant of PingPull malware
• 2023 Cyber Risk Summit
• Vantage Travel Experiences Data Security Incident
• Threat Actors Rapidly Adopt Web3 IPFS Technology
• Decoy Dog malware toolkit found after analyzing 70 billion DNS queries
• Tank storage company Vopak hacked, Ransomware groups report
• Cyberattack Stigma: How Delayed Reporting Causes More Damage
• San Bernardino County Sheriff’s Department shuts down internet systems following recent cyberattack
• VirusTotal now has an AI-powered malware analysis feature
• Intel CPUs vulnerable to new transient execution side-channel attack – PDF link
• Cyber Thieves Are Getting More Creative
• Critical Flaw in Inea ICS Product Exposes Industrial Organizations to Remote Attacks
• Yellow Pages Canada confirms cyber attack as Black Basta leaks data
• US Navy Contractor Fincantieri Marine Group Hit by Cyber-attack
• Scammers Impersonate Meta in Facebook Campaign With 3200 Profiles
• Industrial security vendors partner to share intelligence about critical infrastructure threats
• Android Minecraft clones with 35M downloads infect users with adware
• The New Risks ChatGPT Poses to Cybersecurity
• Deepwatch Releases 2023 Adversary Tactics and Intelligence (ATI) Annual Threat Report
• Epic Cyber Showdown: US Treasury Vs. North Korea’s Infamous Lazarus Group
• CVE-2023-27524: Insecure Default Configuration in Apache Superset Leads to Remote Code Execution
• Hickory, NC fiber optic company CommScope suffered ransomware attack
• CommScope employees left in the dark after ransomware attack
• Google warns against phishing emails mimicking YouTube channels
• AuKill tool uses BYOVD attack to disable EDR software
• Ransomware Poses Growing Threat to Five Eyes Nations
• The ‘Your computer was locked’ scam is gaining traction
• Experts released PoC for actively exploited PaperCut flaw
• Iranian cyberspies deploy new malware implant on Microsoft Exchange Servers
• RTM Locker’s First Linux Ransomware Strain Targeting NAS and ESXi Hosts
• Effects of the Hive Ransomware Group Takedown
• FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability
• Ransomware gang exploiting unpatched Veeam backup products
• ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection
• 5 ways threat actors can use ChatGPT to enhance attacks
• Hackers are breaking into AT&T email accounts to steal cryptocurrency
• Cold storage giant Americold outage caused by network breach
• Albertsons data breach: employee info stolen
• NSA’s Cybersecurity Curriculum
• Attackers are logging in instead of breaking in
• Microsoft Edge is leaking the sites you visit to Bing
• AI tools help attackers develop sophisticated phishing campaigns
• Never Connect to RDP Servers Over Untrusted Networks
• Attackers Use Containers for Profit via TrafficStealer
• A component in Huawei network appliances could be used to take down Germany’s telecoms networks
• Financial Services Firm NCR Hit by Ransomware Attack, Disrupting Aloha and Back Office Products
• Tucson, AZ District will need help, and millions of dollars, to rebound from ransomware attack
• Students’ psychological reports, abuse allegations leaked by ransomware hackers
• Accenture, IBM, Mandiant join Elite Cyber Defenders Program to secure critical infrastructure

Other News Events of Note and Interest

• The Cyber Resilience Act Threatens Open Source
• Microsoft Designer brings AI-powered graphic design to the masses
• China again signals desire to shape global IPv6 standards
• Microsoft announces Windows 11 LTSC
• Deprecation of basic authentication in Microsoft 365
• Microsoft removes LSA Protection from Windows settings to fix bug
• Microsoft fixes Outlook issue blocking access to emails, calendars
• Microsoft confirms Patch Tuesday breaks Local Account log-in on Windows 11 and 10
• Google’s cloud business turns profitable for the first time on record
• Google Authenticator finally, mercifully adds account syncing for two-factor codes
• Google will add End-to-End encryption to Google Authenticator
• Firefox 112.0.2 fixes high memory usage, broken notifications on Windows 8, more
• Windows 11 KB5025305 adds prioritized Windows updates setting
• CHIPS for America Outlines Vision for the National Semiconductor Technology Center
• Rufus 4 is out with improvements, default 64-bit executable and no Windows 7 support
• Microsoft fixes Windows LAPS legacy interop issues on Windows 11 22H2, Windows 11 21H2
• Microsoft makes Windows Server 2022 licenses a little less cynical
• How to Find a BitLocker Key and Recover Files from Encrypted Drives
• An AI Scraping Tool Is Overwhelming Websites With Traffic
• Europe wants more cities to use data center waste heating
• Shadow IT, SaaS Pose Security Liability for Enterprises
• Windows LAPS Management, Configuration and Troubleshooting Using Microsoft Intune
• How to enable or disable ChatGPT on the Windows 11 taskbar
• OneDrive Is Adding More PDF Editing Features
• Hacker Group Names Are Now Absurdly Out of Control
• SSD released that claims to have built-in ransomware prevention
• New BIOS updates attempt to keep Ryzen 7000X3D processors from frying themselves
• AMD has fixed the issue burning out Ryzen 7000 X3D CPUs
• Tip: Use Winstall and Winget to Bulk Install Apps
• 10 Cool New Cybersecurity Tools Announced At RSAC 2023
• The Needs of a Modernized SOC for Hybrid Cloud
• How to Understand and Implement CISA’s Zero Trust Maturity Model
• Microsoft Announces Windows LAPS Support for Azure AD Joined Devices
• Mozilla confirms memory leak in Firefox
• SentinelOne experiments with GPT-4 as part of new threat hunting platform
• Northern Virginia remains the world’s data center capital — here’s how it got there
• TikTok’s Virginia data centers allowed unescorted visitors, unmarked flash drives in servers, and unattended boxes of hard drives

Cyber Insurance News

• What MSPs Should Know About Cyber Insurance in 2023
• Does Cyberinsurance Cost Too Much?
• Vimeo Video – Cyberinsurance, are we there yet?
• Making Cyber Risk Insurable: Disrupting The Cyber Insurance Industry In 2023