June 17, 2023 June 17, 2023

Hello all,

The Red-N Weekly Cyber Security News newsletter is below the Notable Callouts as usual and can be found online as well at https://red-n-security.com.

I thought Patch Tuesday would be the big news item, but Amazon AWS took a major dump this past week and took good chunks of the internet with it for several hours. I tried to ask Alexa what was going on, but alas, she was down too. I breathed a sigh of relief when all was resolved several hours later and the digital apocalypse was averted yet again.

Notable Callouts:

Amazon – when AWS has issues, it gets noticed quickly. It is amazing how much of our day-to-day lives depend on this cloud megastructure – maybe too much.
Fortinet showed up in our Red-N-Security Newsletter last week as a late breaking item for their SSL-VPN Remote Code Execution bug. This week they announced that the RCE may have been exploited by threat actors prior to being patched. We generally call that a zero-day Fortinet, just sayin’.
Microsoft, on the other hand, did not have any zero-days disclosed in their Patch Tuesday releases this past week. There were 78 bugs, including 38 RCEs, so do patch as soon as you vet that they are safe in your network. There were goodies for Exchange, SharePoint, and Office in the releases.
Microsoft, in this past week’s Patch Tuesday rolled out the third phase of Netlogon and Kerberos hardening that was announced in November 2022. If you experience login and authentication issues after patching, check the logs for these patch enforcement items as a possible issue. Changes and hardening will continue until January 2024.
SAP also released patches for some high-severity vulnerabilities.
MOVEit continues to make headlines with victims cropping up worldwide, Cl0P is now releasing names of extorted companies, and this week – a third vulnerability. If you have this, turn off http and https access immediately until a new patch is made available to address this third hole.
Verizon, the phone giant, publishes a yearly data breach report. We’ve linked this week to a fascinating article that cites the top 10 cybersecurity findings in the 2023 report.
Windows 11 has a rather strange bug in Patch Tuesday’s KB5027231 where if you have Malwarebytes installed, Google Chrome won’t work. This reminds me of the 1980’s slogan attributed tongue-in-cheek to Microsoft, “Word’s not done until Lotus won’t run.” Malwarebytes has subsequently released a patch to fix this issue.

In Ransomware, Malware, and Vulnerabilities News, JPL, yes, that JPL! (NASA’s Jet Propulsion Laboratory), has created the world’s largest archive of PDF files to aid in malware research. And an Illinois Hospital is closing, citing, in part, a ransomware incident as cause for their inability to continue to do business.
In Other News Events of Note and Interest, an excellent article that lists 14 shocking data loss and disaster recovery statistics, such as average downtime being 16.2 days to recover from ransomware. Also, Cyber security favorite, Have I been Pwned has undergone a major update. Check out Troy Hunt’s blog post for more. Finally, Microsoft revealed, that Yes, they were in fact under attack two weeks ago, and that is what disrupted several large portions of their network.

In Cyber Insurance News, Premiums are surging by up to 50%. And AWS has announced that their customers can get cyber insurance in as little as two days via their partner program.

The internet is like a delicious looking cookie that you just dropped on the floor. As you swiftly pluck it from the linoleum, you mentally contemplate the pathogen count. Do you trust the 5-second-rule? Do you throw it away and get another? Do you trust your immune system to protect you? How much harm could it be? After all, it is just one little cookie, right Do you click the link?

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Cyber Insurance News