April 15, 2023

Hello all,

This past week has brought a tsunami of vulnerability fixes and patches. Many of these are for zero-days, so patch quickly! The Red-N Weekly Cyber Security News newsletter is below the Notable Callouts as usual.

Notable Callouts:

• Apple, last week they patched their new and current items. This week they patched older hardware. Update your fruit devices.
• Adobe has patched a huge amount of their products this week. Some holes are being actively exploited and are trivial to use. Patch ASAP.
• Microsoft Patch Tuesday was unleased upon us with 97 (or more) items that were fixed or remediated. There were several zero-day exploits patched, so don’t delay in applying the updates. Microsoft also reported a new attack that uses Azure AD Connect. And they shared guidance on how to detect BlackLotus’ UEFI bootkit.
• SAP has released two patches for critical flaws.
• Fortinet didn’t want to feel left out so they patched a large number of products as well.
• Google said, “But wait, there’s more!” and released a patch for a zero-day being exploited in Chrome, the first for them for 2023.
• Hikvision the camera company didn’t want to miss the party, so they also patched a critical flaw.
• Siemens and Schneider Electric both addressed dozens of vulnerabilities in their Industrial Control Products.
• ManageEngine patched a critical Command injection vulnerability.
• And finally, for those in the MSP space, there are rumblings that ConnectWise may be purchased soon by a new private equity firm.

• In Ransomware, Malware, and Vulnerabilities News, the headlining item is the AI-created malware that required almost no coding skills by the human instructing the AI. Speaking of AI, a linked report in this section shows how quickly passwords can be defeated.
• In Other News Event of Note and Interest, Microsoft Exchange 2013 has reached End of Support. If you’re still using it, stop! Upgrade to a newer version or migrate to the cloud. In an annoying trend, Microsoft is rolling advertisements to the Start Menu in Windows 11. And Patch Tuesday’s updates brought a built-in LAPS (Local Administrator Password Solution) natively to Windows 10 and 11.

One observation that I’ve made over the years is that as an industry we tend to focus on the new and shiny, the high-tech, and the fancy, but often ignore the simple, mundane, and easy while looking for a solution. Think low tech. Don’t spend hours searching for a new printer driver, bus conflict, or protocol error when the issue is a paper jam.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Microsoft Reports New Attack Using Azure AD Connect
• Apple Releases iOS 15.7.5, macOS 11.7.6 and macOS 12.6.5 with Security Improvements
• Adobe Plugs Gaping Security Holes in Reader, Acrobat
• Microsoft’s April 2023 Patch Tuesday Addresses 97 CVEs (CVE-2023-28252)
• SAP releases security updates for two critical-severity flaws
• Fortinet Patches Critical Vulnerability in Data Analytics Solution
• Google Chrome emergency update fixes first zero-day of 2023
• Critical Vulnerability in Hikvision Storage Solutions Exposes Video Security Data
• ICS Patch Tuesday: Siemens, Schneider Electric Address Dozens of Vulnerabilities
• Windows Common Log File System zero-day vulnerability exploited in ransomware attacks
• ManageEngine ADManager Plus CVE-2023-29084 Command injection
• Microsoft shares guidance to detect BlackLotus UEFI bootkit attacks
• ConnectWise Mulls Sale To Private Equity

Ransomware, Malware, and Vulnerabilities News

• AI-created malware sends shockwaves through cybersecurity world
• Over 20,000 Iowa Medicaid Members Affected By Data Breach
• Hackers start abusing Action1 RMM in ransomware attacks
• Zero-day vulnerability in Common Log File System
• Use Your Own Domain for Microsoft 365 Service Messages
• Google, CISA Warn of Android Flaw After Reports of Chinese App Zero-Day Exploitation
• MSI Confirms Cyberattack After Fresh Demand From Ransomware Group
• 83% of organizations paid up in ransomware attacks
• Super-Yacht Specialist Lürssen in Dry Dock After Ransomware Attack
• Money Ransomware: The Latest Double Extortion Group
• Uber data targeted in breach of third-party law firm
• Tasmanian data breach: schoolchildren’s information among 16,000 documents leaked on dark web
• HUNTSVILLE, AL, Crestwood Medical Center informs patients of data security incident
• A Chippewa County, WI government office is notifying residents of a data breach
• Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land
• Illinois hospital forced into EHR downtime after cyberattack
• Black Basta ransomware group extorts Capita with stolen customer data, Capita fumble response
• Researchers Uncover Thriving Phishing Kit Market on Telegram Channels
• Authentic-looking emails about your accounts are probably from scammers
• KFC, Pizza Hut owner discloses data breach after ransomware attack
• Data of 30 million WordPress users leaked by top cloud accounting firm
• Re-Imagining Ransomware Protection with VMware Ransomware Recovery
• How LockBit Changed Cybersecurity Forever
• Hackers claim vast access to Western Digital systems
• Western Digital My Cloud is still down, but now allows for Local Access for user files
• How people respond to ransomware attacks
• New Ultrasonic Acoustic Attack Targeting Microphones and Voice Assistants
• How much to infect Android phones via Google Play store? How about $20k
• Microsoft seemingly pushes buggy Secure Boot update again on Windows 11, Windows 10
• Latitude Financial Refuses to Pay Ransom
• New study shows how scary fast today’s AI is at cracking passwords
• 2023 MSP threat report from ConnectWise
• 3CX Security Update 11 April 2023
• North Korean Hackers Uncovered as Mastermind in 3CX Supply Chain Attack
• US cyber chiefs warn AI will help crooks, China develop nastier cyberattacks faster
• Crypto phishing attacks up by 40% in one year
• Don’t use public phone charging stations
• Hacked sites caught spreading malware via fake Chrome updates
• Russian Hacker Group Zarya Hit Canadian Pipeline
• Windows admins warned to patch critical MSMQ QueueJumper bug
• iPhones hacked via invisible calendar invites to drop QuaDream spyware
• Ex-Conti and FIN7 Actors Collaborate with New Domino Backdoor
• Kodi discloses data breach after forum database for sale online
• New Mirai Variant Employs Uncommon Tactics to Distribute Malware
• Israeli Irrigation Water Controllers & Postal Service Breached
• Experts explain why data breaches are becoming common at schools
• Wisconsin, Data breach at Elmbrook School District exposes personal information
• Microsoft Warns About New Mercury Attacks on Hybrid Environments
• Spyware Offered to Cyberattackers via PyPI Python Repository
• DDoS attacks shifting to VPS infrastructure for increased power
• Alabama schools see increase in ransomware, phishing attacks
• NCR suffers Aloha POS outage after BlackCat ransomware attack
• Rochester Public Schools, MN confirm data breach

Other News Events of Note and Interest

• Microsoft Exchange Server 2013 Reaches End of Support
• Use Your Own Domain for Microsoft 365 Service Messages
• ChatGPT is coming directly to Windows 11 — no browser required
• Microsoft is Slowly Rolling Out Ads in Windows 11 Start Menu
• Microsoft shares fix for Outlook issue blocking access to emails
• New Windows LAPS is now a built-in feature, available via latest Patch Tuesday
• New Built-in LAPs Client For Windows 11 And 10 | Conflict With Old Version Of LAPs
• Montana TikTok ban is first passed by any US state
• Phishing attack targets accountants as Tax Day approaches
• Microsoft updates third-phase Windows DC hardening roadmap for Kerberos security flaw
• Microsoft Bing introduces ChatGPT answers in search results
• Prepare now for Microsoft Teams Free (Classic) shutting down April 12
• As AI weaponry enters the arms race, America is feeling very, very afraid
• Breached shutdown sparks migration to ARES data leak forums
• US Cyber Command requests nearly $90M for offensive platform
• Discord’s upping its puny file upload size limit for all users
• com can’t send/receive mails, due to reaching Microsoft’s OneDrive file limit
• Just because on-prem is cheaper doesn’t make the cloud a money pit
• Wireshark 4.0.5 Released – What’s New!
• Microsoft is bringing its AI Copilot to OneNote
• Python head hisses at looming Euro cybersecurity rules
• Introducing the “Browser essentials” feature in Microsoft Edge
• Microsoft PowerToys adds Windows Registry preview feature
• How to think like a hacker: Essential offensive skills for cybersecurity professionals
• How machine learning can help crack the IT security problem
• Microsoft is making it easier to terminate unresponsive apps in Windows 11 with new End Task option
• The Smithsonian Puts 4.5 Million High-Res Images Online and Into the Public Domain
• Ambient computing is coming; security teams may not be ready
• Mozilla Firefox 112 Web Browser Is Now Available for Download
• You Should Be Browsing the Web in Split-Screen
• You’re Not Alone: Windows 11 Is Randomly Opening File Explorer
• How to Use Apple’s New All-In-One Password Manager
• 40% of IT security pros told not to report data loss
• Patch Tuesday Brings New Features to Windows 11
• SharePoint Permission Levels and Best Practices in Microsoft 365
• LinkedIn gets a free verified badge that lets you prove where you work

Cyber Insurance News

• Coalition Touts New AI Tools for Cyber Insurance
• US Cyber Insurers See Favorable Premium Growth, Results in 2023
• What Is Personal Cyber Insurance—and Should You Buy It?
• Corvus Insurance launches Cyber & Tech E&O program with Core Specialty
• Top 10 Cybersecurity Trends for 2023: From Zero Trust to Cyber Insurance
• The Hanover Cyber Risk Management Program for Commercial Lines Cyber Customers
• Cyber Insurance Companies Adapt to the Security Crisis