August 19, 2023

Hello all,

I anticipated a slew of vulnerability and exploit reveals to be published last week. While there was a smattering, the floodgates opened this week as the various attendees and reporters of Black Hat, DefCon, and BSidesLV have now returned to their lairs and have had opportunity to digest and subsequently disseminate their observations. And while many good guys and malevolent individuals were temporarily busy in Las Vegas, others were hard at work fixing, patching, cracking, and attacking. So, there is also plenty of news below not related to the trifecta of hacker Valhallas.

As usual, the complete Red-N Weekly Cyber Security News newsletter report is below the Notable Callouts. Don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

• AMD’s newly patched vulnerability had to be patched again as the first was not completely effective.
• Atlassian has released a security update for their Confluence Server and Data Center. Jira anyone?
• Cisco has released advisories and patches for a number of their products, including one you don’t hear about having issues too often, ClamAV.
• Cloudflare has released their 2023 Phishing Threats Report. They identified that email phishing is the main way that dirtbags get in. There is a lot of good information in this report, both in their blog posting and the downloadable PDF.
• Ivanti, makers of the Avalanche MDM has critical security vulnerabilities that should be immediately patched if you use this.
• Juniper has released advisories and patches for multiple vulnerabilities that allow for RCE in their Juno OS.
• Microsoft has released Edge for Business to general availability (GA). It should start appearing on systems this week. It will be triggered when a login to an Entra ID (formerly Azure AD) account is made. The browser will then enact Business mode, with a new icon and a banner letting users know what has happened.
• OpenNMS is a tools used for monitoring local and distributed networks. It has a bug that allows for stealing of data and DDoS. Patch quickly if you use this.
• Pinellas County Florida Schools warned parents about “Saturn – Time Together” an app that students to manage schedules that apparently anyone can access and pretend they are a student. The makers have responded, we will need to wait and see if their mitigations are effective enough to satisfy the school district.
• Play Ransomware dirtbags are targeting Managed Service Providers (MSPs) and the Remote Monitoring and Management (RMM) tools that they use. Breaching an MSP is the holy grail of attacks as MSPs can have hundreds of clients with thousands of computers under god-like remote management. Stay vigilant.

• In Ransomware, Malware, and Vulnerabilities News, there there are several links to items, some of which are rather large announcements, from Black Hat and DefCon.
  
  A US Lawmaker was recently contacted about his email having been compromised in the Chinese hack on Microsoft a few months ago. This indicates that notification, or discovery is still ongoing and may be for some time to come.
  
  Cl0p Ransomware group has now dumped all of their non-paying “clients” data stolen via the MOVEit attack onto the clearnet.
  
  Mooveit Software, not to be confused with the one above, has been shown to have vulnerabilities that allow for free subway rides. If only the other MOVEit attack was so benign.

• In Other News Events of Note and Interest, in a rather large boon for cyber security, major vendors are collaborating on an open-source cybersecurity framework that will allow for interoperability.
  
  

  Google will soon release an Android feature that will allow you to see if unknown Bluetooth devices are accompanying you, exposing if someone has slipped a tracker on you.

  It is still strange to me to hear the words Microsoft SQL Server and Linux together, but that is the reality now, and Microsoft just put SQL 2022 preview out for RHEL 9 and Ubuntu 22.04.

• In Cyber Insurance News, worries mount that the new SEC rules (summarized in a table on page 13 of their new regulation) will create insurability issues, and the implications for board members that are expected to comply.

With how hot it is this summer, it is good to be in the computer industry. I can always come up with an excuse to have to check on the servers in a server room – which are nearly ubiquitously kept at the temperature of a morgue. Just chillin’ with my data. Stay frosty!

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• AMD Zen 1 Vulnerability Not Properly Fixed, Second Pass Issued
• Atlassian Releases Security Update for Confluence Server and Data Center
• Cisco Releases Security Advisories for Multiple Products
• Cloudflare released their 2023 Phishing Threats Report
• Email phishing still the main way in for hackers: report
• Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations
• Juniper Releases Security Advisory for Multiple Vulnerabilities in Junos OS allowing RCE
• Microsoft Edge for Business shipped to general availability on August 17
• Patch Now: OpenNMS Bug Steals Data, Triggers Denial of Service
• Pinellas County Schools warns parents of popular app with privacy concerns
• ‘Play’ Ransomware Group Targeting MSPs Worldwide in New Campaign

Ransomware, Malware, and Vulnerabilities News

• Cybersecurity News from Black Hat and DefCon
• US lawmaker says FBI notified him of email breach linked to Microsoft cloud hack
• Microsoft Cloud Security Woes Inspire DHS Security Review
• ‘DoubleDrive’ attack turns Microsoft OneDrive into ransomware
• Cl0p dumps all MOVEit victim data on clearnet, threat insiders talk ransom strategy
• Iagona ScrutisWeb Vulnerabilities Could Expose ATMs to Remote Hacking
• Exploitation of Citrix ShareFile Vulnerability Spikes as CISA Issues Warning
• Don’t just patch your Citrix gear, check for intrusion: Two bugs exploited in wild
• Triple Extortion Ransomware and the Cybercrime Supply Chain
• Hackers use VPN provider’s code certificate to sign malware
• AMD and Intel CPU security bugs bring Linux patches
• AMD Inception: Bug fix hurts Ryzen photo editing performance
• All recent AMD CPUs are affected by the ‘Inception’ vulnerability
• Security firm shows how hackers can spoof Airplane Mode and take over an iPhone
• io confirms breach after hacker steals data of 760K users
• Clorox says certain business operations disrupted in cyber attack
• Nearly 90% of malicious emails manage to get past SPF, DKIM, or DMARC
• Tesla data breach affects 75,735 people, state attorney general announces
• Ransomware Surges With 1500 Confirmed Victims This Year
• Hackers ask $120,000 for access to multi-billion auction house
• Interpol Shuts Down Phishing Service ’16shops’
• LinkedIn Accounts Under Attack
• How FraudGPT presages the future of weaponized AI
• Major U.S. energy org targeted in QR code phishing attack
• Last Week In Security: It’s Con Season
• APTs use of lesser-known TTPs are no less of a headache
• Experts Uncover Weaknesses in PowerShell Gallery Enabling Supply Chain Attacks
• Mac malware can easily bypass Apple’s Background Task Manager
• Macs are getting compromised to act as proxy exit nodes
• QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord
• Multiple Flaws Found in the Avada WordPress Theme and Plugin
• Ford Says Wi-Fi Vulnerability Not a Safety Risk to Vehicles
• Don’t expect quick fixes in ‘red-teaming’ of AI models. Security was an afterthought
• CISA expects upcoming industry rules to show ‘scope and scale’ of ransomware problem
• CISA publishes plan for remote monitoring tools after nation-state, ransomware exploitation
• Incident response lessons learned from the Russian attack on Viasat
• Monti ransomware targets VMware ESXi servers with new Linux locker
• Steam Deck Gets Belated Zenbleed Patch For AMD’s Vulnerability
• Almost 2,000 Citrix NetScaler servers backdoored in hacking campaign
• Indicators of Compromise Scanner for Citrix ADC Zero-Day – Mandiant tool
• North Korean Hackers Suspected in New Wave of Malicious npm Packages
• Researchers discover vulnerabilities in Moovit software allowing free subway rides
• WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams
• 30% of phishing threats involve newly registered domains
• What would an OT cyberattack really cost your organization?
• Phishing Operators Make Ready Use of Abandoned Websites for Bait
• So much for CAPTCHA then – bots can complete them quicker than humans
• Suburban DC school district responds to cyberattack
• Cleveland, TN City Schools hit by Ransomware attack Tuesday
• Cyberattack keeps hospitals’ computers offline for weeks
• Raccoon Stealer malware returns with new stealthier version
• Cybercriminals Abusing Cloudflare R2 for Hosting Phishing Pages
• WinRAR flaw lets hackers run programs when you open RAR archives
• TunnelCrack vulnerabilities in VPN clients

Other News Events of Note and Interest

• Black Hat 2023: Used Correctly, Generative AI is a Boon for Cybersecurity
• Black Hat: Splunk, AWS, IBM Security & Others Launch Open Source Cybersecurity Framework
• DEF CON: Hackers try to crack chatbots from OpenAI, Google, Microsoft
• Google Introduces First Quantum Resilient FIDO2 Security Key Implementation
• Following Pushback, Zoom Says It Won’t Use Customer Data to Train AI Models
• Canadian government seeks input on voluntary code of practice for generative AI
• Sites scramble to block ChatGPT web crawler after instructions emerge
• What DARPA wants, DARPA gets: A non-hacky way to fix bugs in legacy binaries
• What’s New in the NIST Cybersecurity Framework 2.0
• AMD gets serious on fixing Windows driver timeout error (TDR), black screens, with new tool
• Addigy releases comprehensive, one-click compliance and conditional access for macOS devices
• Cisco addresses SASE integration issues by rolling management into Meraki console
• Proton Sentinel wants to keep your accounts extra safe from marauding cybercriminals
• Google Chrome will summarize entire articles for you with built-in generative AI
• US task force to look into how military could use generative AI
• Product showcase: Free email security test by ImmuniWeb Community Edition
• Detect a creep’s unwanted Bluetooth tracker with Google’s new safety feature
• Microsoft pulls computer-generated article that recommended tourists visit the Ottawa Food Bank
• Hotmail email delivery fails after Microsoft misconfigures DNS
• Microsoft SQL Server 2022 preview mode is available for RHEL 9 and Ubuntu 22.04
• Microsoft Windows 11 August 2023 Update finally fixes SSD slowdown for many users
• Microsoft Windows 11 KB5029263 is causing issues for some users
• Microsoft is working on a redesigned home page for PowerToys
• How to Move Outlook’s Toolbar From the Side to the Bottom
• Two areas where the chatbot Claude outshines ChatGPT
• Are browser-stored passwords secure?

Cyber Insurance News

• SEC cyber rule opens can of worms over insurance coverage
• Cyberattack Rule Raises Insurance Risks for Corporate Officers
• Cybersecurity Insurance Market worth $17.6 billion by 2028
• Insurance brokerage firm HUB has reported a cyber breach