September 23, 2023

Hello all,

After the flurry of vulnerability announcements and patch releases last week, this one has been a welcome respite, unless you have any of the affected products in our Notable Callouts.

This week, Microsoft will be introducing a goodly number of product changes, updates, and new items. Many are listed in our Other News and Events of Interest section, and I’m sure a few more will sneak in during the releases and reveals.

As usual, the complete Red-N Weekly Cyber Security News newsletter report is below the Notable Callouts. Don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

• Apple leads the headline news with emergency updates to fix 3 new zero days that were under active exploitation. Pretty much everything currently supported was patched. So, if you have iFruit, update it ASAP.
• Atlassian, makers of Confluence, Jira Service Manager, Bamboo Server, and more have released patches for several of their products. If you use Atlassian items, check for updates. In a related note, the Internet Consortium has released updates for Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite.
• TransUnion, the credit agency, was hacked by dirtbags known as USDoD, who have now leaked a trove a highly sensitive information pilfered from their victim. If you haven’t yet put restrictions on your credit data at the 3 major agencies, this should serve as a wakeup call to do so before other scumbags start utilizing the stolen data.
• Fortinet, has released the patch-of-the-month, or is it week? It seems that they have more than their fair share of vulnerabilities and exploits. But perhaps that is simply due to Fortinet’s large base, making them a desirable target. Thankfully, Fortinet does release patches and updates quickly when bad things are found. Now if only those that own and manage the devices would apply those updates in a timely manner…
• Nagios makes IT Infrastructure monitoring software. Four vulnerabilities were patched recently. If you use this, don’t wait for it to be exploited, patch now.
• Siemens Automation License Manager (ALM) has two zero-day Remote Code Execution flaws that were recently patched. Siemens also released mitigation and hardening guidance.
• Trend Micro, in a slightly different flavor of hole, had to release an update to their endpoint protection to address a zero-day (meaning it is being exploited in the wild) flaw in a third-party uninstaller that allowed for RCE. A number of Trend products were impacted. Check for updates and apply them quickly. “Customers are strongly encouraged to update to the latest versions as soon as possible.”

In Ransomware, Malware, and Vulnerabilities News:

• MGM Resorts have gotten their casino operations back online after being down for 10 days, losing an estimated $8.4 million per day. As of this writing, the Hotel portion of the business, including online reservations, was still down.
• OT and ICS (including IoT) attacks are increasing rapidly. It should come as no surprise that Threat Actors are pivoting to attacking Operational Technology, Industrial Control Systems, and Internet of Things devices at an accelerated pace. Defenders are getting better at patching holes and mitigating vulnerabilities in your typical items such as software and network devices. However, OT, ICS, and IoT, are often neglected by manufacturers after they are released and they seldom receive any patches or updates, and thus vulnerabilities are left unpatched for months or years. And, due to the cost of replacing those items, sometimes ranging in the millions of dollars, that is often not an option.

In Other News Events of Note and Interest:

• ConnectWise has said that “An IPO is an option” that could come in their future.
• Passkeys are rapidly taking over. There are several announcements in this section about this technology. Microsoft has announced that the next release of Windows 11, expected this coming week, will include passkey functionality.
• Linux has given up on 6 years of support for their LTS (Long Term Servicing) versions of the kernel, saying that it is too much work. That can only be a boon for Google that announced last week that beginning in 2024 Chromebooks would receive support for 10 years.

In Cyber Insurance News:

• A report on how the investigation portion of a Cyber Incident is now as costly, if not more so, than the actual ransom demand and mitigation process.

In the paraphrased words of Paul Revere, “AI is coming! AI is coming!”. Microsoft is about to unleash AI on the masses this coming week, and will now have it baked into Windows 11 23H2. Be it for evil or good, Pandora is out of her box, and just like trying to get toothpaste back into the tube, it is not going to happen. AI is here to stay. Learn all you can about it so that AI serves you, and not the other way around.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Apple emergency updates fix 3 new zero-days exploited in attacks
• Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
• High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
• FBI hacker USDoD leaks highly sensitive TransUnion data
• Fortinet Patches High-Severity Vulnerabilities in FortiOS, FortiProxy, FortiWeb Products
• Critical Security Flaws Exposed in Nagios XI Network Monitoring Software
• Siemens ALM 0-Day Vulnerabilities Posed Full Remote Takeover Risk
• Trend Micro fixes endpoint protection zero-day used in attacks

Ransomware, Malware, and Vulnerabilities News

• Clorox products in short supply after cyberattack
• Mullvad VPN Warns of Critical Firewall Flaw in Apple’s MacOS Sonoma
• One of the FBI’s most wanted hackers is trolling the U.S. government
• Microsoft leaks 38TB of private data via unsecured Azure storage
• 6 Actions CEOs Must Take During a Cyberattack
• Government of Bermuda links cyberattack to Russian hackers
• How social engineering takes advantage of your kindness
• China Accuses U.S. of Hacking Huawei Servers Since 2009
• Who’s Behind the 8Base Ransomware Website?
• Bumblebee malware returns in new attacks abusing WebDAV folders
• ‘Gold Melody’ Access Broker Plays on Unpatched Servers’ Strings
• Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
• Dallas says Royal ransomware breached its network using stolen account
• FCC plays whack-a-mole with telcos accused of profiting from robocalls
• International Criminal Court says it’s been hacked. What we know so far
• T-Mobile security breach sees data revealed to other customers
• LockBit Is Using RMMs to Spread Its Ransomware
• Thousands of Juniper devices vulnerable to unauthenticated RCE flaw
• Fileless Remote Code Execution on Juniper Firewalls
• Chinese hackers have unleashed a never-before-seen Linux backdoor
• FBI director urges private sector to lend help in cyber intelligence
• MGM to lose up to $8.4 million each day as it resolves cyberattack
• MGM Restores Casino Operations 10 Days After Cyberattack
• MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents
• Marvell disputes claim Cavium backdoored chips for Uncle Sam
• GitLab urges users to install security updates for critical pipeline flaw
• Compromised Free Download Manager website was delivering malware for years
• Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT
• Akira Ransomware Mutates to Target Linux Systems, Adds TTPs
• Air Canada says hackers accessed limited employee records during cyberattack
• NY college forced to invest $3.5 million in cybersecurity after breach affecting 200,000
• Pizza Hut Australia hack: data breach exposes customer information and order details
• Cadence Bank responds to significant cybersecurity breach affecting user data
• Finnish Authorities Dismantle Notorious PIILOPUOTI Dark Web Drug Marketplace
• Car Cybersecurity Study Shows Drop in Critical Vulnerabilities Over Past Decade
• Cyberattack on Kansas town affects email, phone, payment systems
• Recently patched Apple, Chrome zero-days exploited in spyware attacks
• P2PInfect botnet activity surges 600x with stealthier malware variants
• Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents
• Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit
• Rising OT/ICS cybersecurity incidents reveal alarming trend
• Hotel hackers redirect guests to fake Booking.com to steal cards
• CISA’s catalog of must-patch vulnerabilities crosses the 1,000 bug mark after 2 years
• Key findings from the CISA 2022 Top Routinely Exploited Vulnerabilities report
• Deadglyph: New Advanced Backdoor with Distinctive Malware Tactics
• AI voice cloning scams on the rise, expert warns
• Nigerian man pleads guilty to attempted $6 million BEC email heist

Other News Events of Note and Interest

• ConnectWise’s Jason Magee: An ‘IPO Is An Option’
• Agri-Trak is helping farms replace pen and paper with digital tools to track labor and production
• DuckDuckGo CEO says Google kills competition through phone deals that make it hard for users to switch search engines
• Australia’s new cybersecurity strategy to build 6 “cyber shields” around the country
• US cyber giant CrowdStrike snaps up Israeli-founded cloud security startup Bionic
• European cyber insurance startup Stoïk raises $10.7 million and expands to Germany
• Cisco spends $28B on data cruncher Splunk in cybersecurity push
• Oracle CloudWorld 2023: Ellison Calls AI ‘A Revolution’ In Keynote
• Cato Networks, valued at $3B, lands $238M ahead of its anticipated IPO
• CERN swaps out databases to feed its petabyte-a-day habit
• Oracle brings generative AI to healthcare: Clinical Digital Assistant
• 1Password’s passkey support is now generally available
• vSphere 8 Update 2 Now Available – VMware vSphere Blog
• Cobalt Strike 4.9: Take Me To Your Loader
• How to Get Your Board on Board With Cybersecurity
• California passes bill to set up one-stop data deletion shop
• Elon Musk says X will charge users ‘a small monthly payment’ to use its service
• Encrypted email provider Proton has built its own CAPTCHA service
• 10 useful Windows command line prompts you should try
• Google Domains has stopped selling domains
• The UK passes massive online safety bill
• Apple Releases iOS 17
• Yubico Goes Public
• Microsoft Copilot rolls out with Windows 11 23H2 update
• Windows 11 gains support for managing passkeys
• What are passkeys? The life-changing magic of going passwordless
• PowerToys to get a redesigned Color Picker, here is an early look
• Microsoft PowerToys 0.73.0: A Breakdown of the New Crop And Lock App
• 18 free Microsoft Azure cybersecurity resources you should check out
• Retirement of Exchange Web Services in Exchange Online
• How Microsoft Stopped Basic Authentication for Exchange Online
• Microsoft 365 Lighthouse Gets Alerts and Notifications
• Microsoft releases firmware update for all Surface devices
• Microsoft Edge is losing tablet-friendly “Web Select” feature
• Microsoft highlights new Bing Chat features added last week
• Microsoft Paint finally gets support for layers and transparency
• Windows Server 2012 hits end of support in October
• Windows adds Google tricks like motion photo and text recognition
• Windows 11 KB5030219 trashes PCs, gaming performance issues affect Starfield
• Windows 11 update reportedly causes havoc, from gaming glitches to boot failures
• Intel releases new Wi-Fi and Bluetooth drivers for Windows 11 to fix connectivity loss issues
• How to download official Windows 11 23H2 ISO file
• Windows 365 Boot and Windows 365 Switch enter general availablity on September 26
• 10 years on, the Internet Archive now offers over 250,000 emulated games and programs
• Linux gives up on 6-year LTS kernels, says they’re too much work

Cyber Insurance News

• Expensive Investigations Drive Surging Data Breach Costs
• US cyber insurance claims spike amid ransomware, funds transfer fraud, BEC attacks