April 1, 2023

Hello all,
The Red-N Weekly Cyber Security News newsletter is below the Notable Callouts as usual.

Notable Callouts:

• 3CX is leading the news everywhere this week. Apparently, nation-state actors have managed to alter 3CX’s desktop software, weaponizing it for nefarious purposes. This one may have long-lasting effects for those affected. 3CX’s guidance currently is for customers to uninstall the desktop app and use the web version. Even after uninstalling, what was potentially left behind?
• In a moment of happier news, Microsoft has made available a newer, faster, more efficient version of Microsoft Teams.
• Google Chrome has received an update for multiple high-risk vulnerabilities. Patch now.
• The GoAnywhere zero-day that was patched recently is still claiming victims, those who are just now finding what the bad guys did are working to clean up, and those who didn’t get the message to patch are still being infected.
• Apple released patches for just about everything they make. Update now.
• IBM Aspera Faspex software, which uses their proprietary FASP—short for Fast, Adaptive, and Secure Protocol, has a critical vulnerability that is being exploited by threat actors.
• Proposed US legislation named, “Restricting the Emergence of Security Threats that Risk Information and Communications Technology (RESTRICT)”, to deal with things like TikTok has language in it that would potentially criminalize use of VPNs. This is definitely one to watch.
• QNAP is warning customers to patch. They have a Linux Sudo vulnerability that could allow bypass and privilege escalation.
• We’d mentioned this a few months ago, and now it is here. In new spending legislation due to take effect on Wednesday, the FDA is requiring medical device manufacturers to prove they have a cybersecurity plan prior to being permitted to sell their products.
• In Ransomware, Malware, and Vulnerabilities News, Microsoft has unveiled more ChatGPT powered products. Security Copilot is touted to be a boon for overworked security teams to produce correlated actionable intel into potential threats.
• In Other News Events of Note and Interest, some wonk managed to marry his 1984 IBM PC to ChatGPT via MS-DOS.
• In Cyber Insurance News, Lloyds of London is fighting with insurers over ‘state-backed’ cyber attacks. Many policies have similar exclusion language, but how do you define it. And even more so, how do you prove it?

If someone from the 1950s time traveled into the future and suddenly appeared today, what would be the most challenging thing to explain about modern life?

One answer: “I possess a device in my pocket that is capable of accessing the entirety of information known to man. I use it to look at pictures of cats and get into arguments with strangers.”

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Hackers compromise 3CX desktop app in a supply chain attack
• The new Microsoft Teams is here with big performance improvements and UI changes
• Google Chrome users urged to update after multiple high-risk bugs exposed
• GoAnywhere Zero-Day Attack Hits Major Orgs
• Apple patches everything, including a zero-day fix for iOS 15 users
• Ransomware crooks are exploiting IBM file exchange bug with a 9.8 severity
• VPN Users Could Face Decades in Jail Under New RESTRICT Act
• QNAP warns customers to patch Linux Sudo flaw in NAS devices
• Medical device makers must now prove cybersecurity to FDA

Ransomware, Malware, and Vulnerabilities News

• 10-year-old Windows bug with ‘opt-in’ fix exploited in 3CX attack
• Fake ransomware gang targets U.S. orgs with empty data leak threats
• Ransomware attacks up sharply in February
• Microsoft’s ‘Security Copilot’ Sics ChatGPT on Security Breaches
• Microsoft reminds of third-phase Windows DC hardening regarding Kerberos security flaw
• The “Acropalypse” has been canceled: Microsoft updates Windows 10 and 11 snipping tools
• OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident
• Phishing Emails Up a Whopping 569% in 2022
• Opti9 launches Observr ransomware detection and managed services for Veeam
• Microsoft exploit could control Bing search results and Office 365 data
• Mirai Hackers Use Golang to Create a Bigger, Badder DDoS Botnet
• Twitter Source Code Leaked and Shared Online, Giving Hackers Access to User Data
• Samsung will patch the last dangerous Exynos modem vulnerability in April
• Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor
• Microsoft Patches ‘Dangerous’ RCE Flaw in Azure Cloud Service
• Google Links More iOS, Android Zero-Day Exploits to Spyware Vendors
• NullMixer Polymorphic Malware Variant Infects 8K Targets in Just a Month
• Hackers exploit WordPress plugin flaw that gives full control of millions of sites
• San Antonio’s OLLU hit by cyberattack
• Google discloses CentOS Linux kernel vulnerabilities following failure to issue timely fixes
• Ubuntu 22.10 Users Get New Linux Kernel Security Update, 9 Vulnerabilities Patched
• FBI: Business email compromise tactics used to defraud U.S. vendors
• Russia’s Rostec allegedly can de-anonymize Telegram users
• US to adopt new restrictions on using commercial spyware
• Android app from China executed 0-day exploit on millions of devices
• Microsoft CVE-2023-21746 Exploit: obtaining SYSTEM Access using LocalPotato NTLM
• Realtek and Cacti flaws now actively exploited by malware botnets
• Where SSO Falls Short in Protecting SaaS
• BMW France claimed as Play ransomware victim
• Crown Resorts says ransomware group claims accessing some of its files
• Vumacam hit with ransomware attack
• Apple fixes recently disclosed WebKit zero-day on older iPhones
• DISH slapped with multiple lawsuits after ransomware cyber attack
• Even with defense tools, CISOs say cyberattacks are ‘inevitable’
• New MacStealer macOS malware steals passwords from iCloud Keychain
• ‘Vulkan files’ leak reveals Putin’s global and domestic cyberwarfare tactics
• New IcedID variants shift from bank fraud to malware delivery
• Rhadamanthys: The “Everything Bagel” Infostealer
• Lumen Faces 2 Ransomware Attacks, Working With Experts To Evaluate And Minimize Impact
• Breaking the Mold: Pen Testing Solutions That Challenge the Status Quo
• Cybercriminals targeting U.S. on behalf of North Korea
• WiFi protocol flaw allows attackers to hijack network traffic
• Earth Preta’s Cyberespionage Campaign Hits Over 200
• DDoS DNS attacks are old-school, unsophisticated … and they’re back
• Florida principal resigns after sending $100K to scammer posing as Elon Musk
• Toyota scrambles to patch customer data leak
• Data stolen from Florida sheriff’s office leaked by LockBit ransomware group
• Microsoft Defender mistakenly tagging URLs as malicious
• Trend Micro Uncovers Yet Another X.Org Server Vulnerability: CVE-2023-1393
• PA’s Community Health Systems Data Breach
• Newton Kansas Schools cancels classes for Thursday due to ‘network security incident’
• Google reveals two global spyware campaigns targeting Apple and Android devices
• US, partner countries call for controls to counter misuse of spyware
• 15 million public-facing services vulnerable to CISA KEV flaws
• German Police Raid DDoS-Friendly Host ‘FlyHosting’
• Dangerous misconceptions about emerging cyber threats
• Cyber Police of Ukraine Busted Phishing Gang Responsible for $4.33 Million Scam

Other News Events of Note and Interest

• Air Force CROWS wants to expand cyber defenses within Space Force
• Google halts purge of legacy ad blockers and other Chrome Extensions, again
• Google says Microsoft cloud practices are anti-competitive
• Intune Advanced App And Vulnerability Management For 3rd Party Patch Management From Microsoft
• Managing security in the cloud through Microsoft Intune
• Practical Issues Around the Implementation of Microsoft 365 Copilot
• France bans ‘recreational’ use of TikTok, Twitter, Instagram
• Alongside Windows 11 TPM, Secure Boot, MSA removal, Rufus now adds BitLocker disable option
• As Rufus removes Windows 7 ISO support, alternative Ventoy adds support for 1100+ ISOs
• Cardano Creator Says US Government Waging War on Crypto, Urges Industry Leaders To Step Up
• MS-DOS ChatGPT Client Arrives for 1984 IBM PC
• More Changes in Microsoft 365 as Azure AD moves to Entra
• Google Chrome users with thousands of bookmarks are facing sync issues
• Dragos’ Lee calls upon CISA to enforce cybersecurity requirements, as industrial cyber threat landscape shifts irreversibly
• FBI Spent Tens of Thousands of Dollars on Bulk Data Collection
• How To Use Microsoft’s Bing Image Creator (Prompt Examples)
• Windows 11 KB5023778 update adds promotions to the Start menu
• E-book library app OverDrive is shutting down on May 1st
• The complete guide to RDP with Security Keys
• Amazon opens its low-bandwidth, long-range Sidewalk network to developers
• In Sudden Alarm, Tech Doyens Call for a Pause on ChatGPT
• DarkBit puts data from Israel’s Technion university on sale
• Is cloud repatriation part of your multicloud strategy?
• How to use Memory Saver to boost Chrome performance

Cyber Insurance News

• Lloyd’s war underwriters reserve cash for Black Sea claims
• Organizations Consider Self-Insurance to Manage Risk
• Lloyd’s of London battles insurers over ‘state-backed’ cyber attacks
• Marsh brokerage program lowers threshold for cyber insurance coverage
• The Dangers of Dialogue: Ransomware Attackers Want to See Your Cyber Insurance Policy
• The top cyber insurance companies in the US
• What Small Businesses Need to Know About Cyber Insurance