August 12, 2023

Hello all,

Reporting live from DefCon 31 in Las Vegas is proving to be very challenging due to the need for heightened security. But, as you can see, the Red-N Security news has emerged victorious! The trifecta of Hacking Boot Camps is producing a plethora of announcements about vulnerabilities and flaws. Thankfully, most have already received mitigations and these are just announcements. Many of this week’s news items that mention patches were uncovered as a result of some of the conference presenters’ efforts, and they they shared from the stage, in gory detail, the inner workings of what they’d found. Alas, some have not been patched – yet.

As usual, the complete the Red-N Weekly Cyber Security News newsletter report is below the Notable Callouts. Don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

• Adobe has released patches for a good number of products. Check and update.
• AMD Zen CPU’s have a weakness that allows data stealing.
• Google has a couple of headline items, the first is that they will be releasing weekly updates to Chrome, and they have revealed a zero-day vulnerability in their Pixel 6 phones, urging users to turn off the 2G functionality.
• Intel, not wanting to lag behind AMD has a similar flaw that allows information theft. Unfortunately, the patch can reduce performance of the processor nearly in half.
• Microsoft Patch Tuesday was this Tuesday. There were 87 bugs fixed, with at least two zero-days. Windows 11 had 27 fixes. A rather unusual entry is that they released a kernel mitigation that has the potential to break Windows. Initially it was to be turned off by default. Instead it is now on by default. And Visual Studio has a bug that lets extensions steal passwords.
• PaperCut had a vulnerability show up late last week, so we’re repeating the warning again this week. Patch before you’re exploited.
• Zoom fixed over a dozen flaws with their latest update. So, update quickly.
• In Ransomware, Malware, and Vulnerabilities News, Microsoft has finally patched the Office zero-day from last month.CISA has added a Microsoft .NET vulnerability to their Known Exploited Vulnerabilities Catalog.

• In Other News Events of Note and Interest, two reports about the trio of security conferences underway in Las Vegas, NV.Microsoft will start enforcing DMARC policy in Exchange Online.

The attackers do not sleep, and if they do, it is in a time zone opposite yours. So, make sure you keep your shields up 24/7.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Adobe released a number of product updates to address vulnerabilities
• New Inception attack leaks sensitive data from all AMD Zen CPUs
• Google Chrome switching to weekly security patch updates
• Google details 0-click bug in Pixel 6 modem: Advises users to disable 2G
• ‘Downfall’ Bug in Billions of Intel CPUs Reveals Major Design Flaw
• Microsoft August 2023 Patch Tuesday warns of 2 zero-days, 87 flaws
• Microsoft Windows 11 KB5029263 cumulative update released with 27 fixes
• Microsoft makes potentially-breaking Windows kernel patch default after an earlier warning
• Microsoft Visual Studio Code flaw lets extensions steal passwords
• PaperCut fixes bug that can lead to RCE, patch quickly!
• Zoom fixed over a dozen vulnerabilities

Ransomware, Malware, and Vulnerabilities News

• CISA Sounds the Alarm on UEFI Security
• CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation
• Hackers launch cyberattacks against US satellite, requested by Pentagon
• Intel’s Downfall Mitigations Drop Performance Up to 39%, Tests Show
• Microsoft (Finally) Patches Exploited Office Zero-Days
• Microsoft OneDrive a willing and eager ‘ransomware double agent’
• Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying
• US Dept. of the Interior Employees Use Accounts That Are Easily Hacked
• North Korean hackers breached top Russian missile maker
• Technical Summary of Observed Citrix CVE-2023-3519 Incidents
• Ransomware victim numbers surge as attackers target zero-day vulnerabilities
• Hackers increasingly abuse Cloudflare Tunnels for stealthy connections
• New Python URL Parsing Flaw Could Enable Command Execution Attacks
• LockBit posts Siemens company Varian to its victim blog
• Lapsus$ hackers took SIM-swapping attacks to the next level
• Dark Web Threat Actors Targeting macOS
• Mallox Ransomware Group Revamps Malware Variants, Evasion Tactics
• Russian Hacktivists Overwhelm Spanish Sites With DDoS
• QakBot Malware Operators Expand C2 Network with 15 New Servers
• Japan Declines to Confirm Major China Cyberattack on Defense Network
• Interpol takes down 16shop phishing-as-a-service platform
• Raft of TETRA Zero-Day Vulnerabilities Endanger Industrial Communications
• Attacker Breakout Time Shrinks Again, Underscoring Need for Automation
• Cloud Account Takeover Campaign Leveraging EvilProxy Targets Top-Level Executives
• Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits
• Windows Defender-Pretender Attack Dismantles Flagship Microsoft EDR
• China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign
• Outlaw AI chatbots make cybercrime easier and more frequent
• Russian cyberspies defeat Microsoft number-matching 2FA policy with fake Teams messages
• A Pain in the NAS: Exploiting Cloud Connectivity to PWN your NAS: Synology DS920+ Edition
• Widespread file exposure possible with Western Digital, Synology NAS flaws
• Dying SanDisk SSDs serve a painful reminder about storage reliability
• Gafgyt malware exploits five-years-old flaw in EoL Zyxel router
• Cloudflare Tunnel increasingly abused by cybercriminals
• Potent Trojans Targeting MacOS Users
• ANSI escape sequence risks
• Dell Compellent hardcoded key exposes VMware vCenter admin creds
• Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization
• CISA: New Whirlpool backdoor used in Barracuda ESG hacks
• Rhysida ransomware behind recent attacks on healthcare
• Thousands of banking records exposed after Alberta dental benefits administrator hacked

Other News Events of Note and Interest

• It’s that time of the year again: The trinity of infosec conferences
• Legions of DEF CON hackers will attack generative AI models
• Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116
• CISA Outlines Plan to Get Ahead of Cyberthreat Groups
• CISA to focus on greater accountability across the cybersecurity ecosystem
• Microsoft shuts down Cortana app on Windows 11
• Microsoft Entra ID Conditional Access Gets Protected Actions Support
• Microsoft Entra ID to Deliver MFA Text Messages via WhatsApp
• Microsoft removes several Intel CPUs from Windows 11 official supported processor list
• Microsoft adds new AMD Ryzen CPUs to Windows 11 supported list
• Microsoft Edge for Business will officially launch with Edge 116 Stable next week
• Microsoft might soon block force-installing Windows 11 on unsupported CPUs via bypass
• Microsoft Releases New Windows 365 Enterprise Features
• Microsoft Store gets a new badge to indicate system components in Windows 11 and 10
• Microsoft’s Patch Tuesday finally fixes the Intel DirectX bug it caused nine months ago
• The new Microsoft Teams app may start rolling out for general availability in October
• Microsoft Brings Bing AI to More Browsers
• Exchange Online Enforces Sender DMARC Policy
• Using short-lived certificates to protect TLS secrets
• Slack Announces a Major Redesign
• NIST Drafts Major Update to Its Widely Used Cybersecurity Framework
• Most businesses to ban ChatGPT, generative AI apps on work devices
• Budget constraints threaten cybersecurity in government bodies
• Zoom CISO Michael Adams discusses cybersecurity threats, solutions, and the future
• Continuous Security Validation with Penetration Testing as a Service (PTaaS)
• CISCO Launches a FREE 120-Hour Ethical Hacking Training
• Deleted User Accounts and Microsoft 365 Licenses
• Selling Software to the US Government? Know Security Attestation First
• IBM launches open-source detection and response framework for MFT attacks
• ChatGPT answers more than half of software engineering questions incorrectly

Cyber Insurance News

• Cyber Insurer Resilience Secures $100 Million in Funding
• 10 Key Controls to Show Your Organization Is Worthy of Cyber Insurance