May 6, 2023

Hello all,
The Red-N Weekly Cyber Security News newsletter is below the Notable Callouts as usual, where we have another week replete with a large alphabet soup of names starting with AMD, going through Zero-Day. So, let’s get to them.

Notable Callouts:

• AMD has a mess right now. They have a flaw that allows BitLocker to be bypassed. To make matters worse, their recent ransomware event has caused some rather dire warnings about being vigilant where BIOS updates come from. Further, one official BIOS release from them has caused so many issues that they’ve instructed manufacturers to stop installing it.
• Apple released their first rapid security updates, patching bugs in iPhones, iPads, and Macs.
• AvidXchange, a payment company, has been ransomwared for the second time in 2023.
• ChatGPT has confirmed a data breach happened.
• Cisco has some EOL phones with critical vulnerabilities that they will not patch. Replace them is your only option.
• Forta’s mass hack is now confirmed to have had millions of people’s data stolen.
• Fortinet has fixed two severe issues in FortiADC and FortiOS. Patch quickly. These are dangly shiny things to hackers everywhere.
• Google is rolling out passkeys to the masses in a push to eliminate passwords.
• Microsoft, our company, is forcing all links from Outlook and Teams to open in Edge, no matter what your default browser may be.
• Oracle Property Management software has a high-risk bug that needs to be patched.
• Ransomware attacks are up significantly in the first months of 2023 according to the Jerusalem Post.
• T-Mobile disclosed yet another data breach, the second of 2023.
• Zero-Day Initiative details a Microsoft DHCPv6 bug that was patched in the April Patch Tuesday release. If you haven’t applied them yet, here’s another reason to get on it.

• In Ransomware, Malware, and Vulnerabilities News, the Mirai botnet is actively exploiting the TP-link vulnerability revealed last week.
• In Other News Event of Note and Interest, Amazon books is being flooded by books entirely written by AI. And Microsoft has opened access to AI programs, including the new Bing.
• In Cyber Insurance News, Merck’s insurance carrier attempted to deny their claim due to the hostile/warlike action” exclusion clause. After many years, Merck won the $1.4 billion case.

When we were younger we were extolled to never run with scissors.

In today’s world, that may be the only semi-safe way to operate a computer – run with scissors – and cut the internet cord.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• AMD fTPM flaw that bypasses BitLocker even on modern Windows 11-supported Ryzens
• Apple releases first ‘rapid’ security fixes for iPhones, iPads and Macs
• AvidXchange suffers its second ransomware attack of 2023
• ChatGPT Confirms Data Breach, Raising Security Concerns
• Cisco phone adapters vulnerable to RCE attacks, no fix available
• Forta mass-hack, Millions of patients’ data confirmed stolen
• Fortinet fixed two severe issues in FortiADC and FortiOS
• Google’s New Passkey Login Helps You Break Free of Passwords
• Microsoft is forcing Outlook and Teams to open links in Edge, and IT admins are angry
• Oracle Property Management Software, Hotels at Risk From Bug
• Ransomware attacks are up significantly in the first months of 2023
• T-Mobile discloses second data breach since the start of 2023
• Zero Day Initiative — CVE-2023-28231: RCE in the Microsoft Windows DHCPv6 Service

Ransomware, Malware, and Vulnerabilities News

• IT giant Bitmarck shuts down customer, internal systems after cyberattack
• San Bernardino County paid $1.1 million ransom to hacker of Sheriff’s Department computers
• Samsung bans use of generative AI tools like ChatGPT after April internal data leak
• Researchers Uncover New Exploit for PaperCut Vulnerability That Can Bypass Detection
• Telcos need another $3B in Uncle Sam’s cash to remove Chinese network kit, says FCC
• Kimsuky Evolves Reconnaissance Capabilities in New Global Campaign
• ALPHV gang claims ransomware attack on Constellation Software
• Drone goggles maker claims firmware sabotaged to ‘brick’ devices
• Coming to DEF CON 31: Hacking AI models
• New White House AI Initiatives Include AI Software-Vetting Event at DEF CON
• Former Albertsons employee files class action lawsuit over data breach
• Critical Siemens RTU Vulnerability Could Allow Hackers to Destabilize Power Grid
• Akira — A new ransomware operation targeting the enterprise
• In a new hacking crime wave, more personal data is being held hostage
• Nashua School District hit by ‘sophisticated’ cyberattack
• Truman internet almost back to full capacity after “cybersecurity virus attack”
• Crooks don’t need ChatGPT to social-engineer victims, as they’re more than happy to demonstrate
• Hacked verified Facebook pages impersonating Meta are buying ads from Meta
• Hackers leak images to taunt Western Digital’s cyberattack response
• Wanted Dead or Alive: Real-Time Protection Against Lateral Movement
• New Decoy Dog Malware Toolkit Uncovered: Targeting Enterprise Networks
• New LOBSHOT malware gives hackers hidden VNC access to Windows devices
• Patch now! The Mirai IoT botnet is exploiting TP-Link routers
• Investigating ChatGPT phishing detection capabilities
• Meta finds phony ChatGPT malware running amok
• APT41’s PowerShell Backdoor Download Files From Windows
• Suffolk cyberattack: Special counsel says county didn’t have recovery plan in place
• Tennessee health system stops all operations amid cyberattack recovery
• Newark’s Ultralife takes financial hit in first quarter due to ransomware attack
• Cyber Attacks Hit in cities in Massachusetts and South Carolina
• City of Dallas hit by Royal ransomware attack impacting IT services
• Cyber attack shuts down Raleigh Housing Authority computer system
• Adna, WA School District Defrauded $346,000 in Phishing Scam
• Fake ChatGPT desktop client steals Chrome login data
• 2 Years After Colonial Pipeline, US Critical Infrastructure Still Not Ready for Ransomware
• Chinese APT Uses New ‘Stack Rumbling’ Technique to Disable Security Software
• Hackers start using double DLL sideloading to evade detection
• US Marshals Service still recovering from ransomware attack
• CISA Issues Advisory on Critical RCE Affecting ME RTU Remote Terminal Units
• Researchers Uncover New BGP Flaws in Popular Internet Routing Protocol Software
• Promising Jobs at the U.S. Postal Service, ‘US Job Services’ Leaks Customer Data
• Legitimate Software Abuse: A Disturbing Trend in Ransomware Attacks
• Kimsuky hackers use new recon tool to find security gaps
• Brightline data breach impacts 783K pediatric mental health patients
• Ransomware gang hijacks university alert system to issue threats
• Attacks increasingly use malicious HTML email attachments
• Latest Beats firmware update patches a security exploit
• FIN7 attacks vulnerable Veeam servers
• Chinese Hacker Group Earth Longzhi Resurfaces with Advanced Malware Tactics
• Meta Expunges Multiple APT, Cybercrime Groups From Facebook, Instagram
• Russian hackers use WinRAR to wipe Ukraine state agency’s data
• Pro-Russia group NoName took down website of French Senate
• Researchers Discover 3 Vulnerabilities in Microsoft Azure API Management Service
• Thermal Camera Plus Machine Learning Reads Passwords Off Keyboard Keys
• Vendor for Aetna insurance announces data breach
• Hackers Exploiting 5-year-old Unpatched Vulnerability in TBK DVR Devices
• Judge Spares Former Uber CISO Jail Time Over 2016 Data Breach Charges
• Packagist Repository Hacked: Over a Dozen PHP Packages with 500 Million Installs Compromised
• Attackers Route Malware Activity Over Popular CDNs
• Twitter says ‘security incident’ exposed private Circle tweets
• Older Americans are being targeted in a Malvertising campaign
• New Android FluHorse malware steals your passwords, 2FA codes
• New Cactus ransomware encrypts itself to evade antivirus

Other News Events of Note and Interest

• Amazon Is Being Flooded With Books Entirely Written by AI
• Gmail caught mixing ads with regular emails, annoying many on the internet
• PentestGPT – ChatGPT Powered Automated Pentesting Tool
• AMD Has Advised Motherboard Vendors to Hold Off on BIOS Based on AGESA 1.0.0.7 BIOS Firmware
• Z-Library eBook site disrupted again by FBI domain seizures
• Gmail gets blue verification checks to protect against spoofing and phishing
• Microsoft opens access to AI programs, including new Bing
• Microsoft publishes Defender guides to help clients enable key security features
• Microsoft Delivers Modern Authentication for Exchange Server
• Microsoft Teams now lets small businesses charge for appointments, webinars, and more
• OneDrive on the Web Has a New Look and a Lot More Features
• Microsoft refreshes SharePoint and OneDrive with Copilot integration
• Windows admins can now sign up for ‘known issue’ email alerts
• Microsoft says latest May 2023 Windows Autopatch update is its most “impactful”
• The NSA Is Warning AI Startups: ‘China Is Coming For You’
• Cloudflare sued by former senior accountant alleging improper bookkeeping
• Security with Intune: Endpoint Privilege Management
• Latest WingetUI gets new UI, faster loading performance, and lots more
• Apple releases new firmware for all AirPods models, MagSafe charger, and more
• Microsoft Loop Is Now Available on More Phones
• Arc Browser Review: A Plucky New Browser With Big Ideas
• HDDs typically failed in under 3 years in Backblaze study of 17,155 failed drives
• Discord is making all users pick a new username
• Understanding the risks of generative AI for better business outcomes
• Your Guide To Using Amazon’s Sidewalk Network For The Internet Of Things
• Companies Increasingly Hit With Data Breach Lawsuits
• SonicWall Hires Cisco Vet Michelle Ragusa-McBain As North America Channel Chief
• AWS Launches New Verified Access Service to Replace VPN
• FBI Focuses on Cybersecurity With $90M Budget Request
• North Korea’s ScarCruft Deploys RokRAT Malware via LNK File Infection Chains
• Google will remove secure website indicators in Chrome 117
• Practical Protection: Limiting the Damage from Local Admin Accounts
• Meet MetaGPT: It Can Create Websites, Apps, And More Based Only On Natural Language Prompts
• WordPress custom field plugin bug exposes over 1M sites to XSS attacks

Cyber Insurance News

• Merck defeats insurers in $1.4B cyberattack appeal
• ThrottleNet Reveals The Importance of Cyber Liability Insurance
• Insurtech CyberCube Supports US Risk Insurance Group in Quantifying Cyber Risk Financial Exposure
• The Devastating Business Impacts of a Cyber Breach