Hello all,
Lots of items this week, read on.
As usual, the complete the Red-N Weekly Cyber Security News newsletter report is below the Notable Callouts. Don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.
Notable Callouts:
- Cisco has patched some switches and firewalls that can subject them to DoS attacks. Check the article to determine if your devices are vulnerable and have a patch available.
- CloudNordic and Azero Cloud, a Danish hosting company, have experienced a devastating ransomware attack. They have posted online, “…the majority of our customers have thus lost all data with us”. In reading their “What happened” on their public notice, it is painfully obvious that they missed the “1” in the 321-backup scheme. They didn’t have cold backups. This unfathomable loss underscores the criticality of clients understanding the “Shared Responsibility Model” that most hosting companies have. You are responsible for your data, that host is only responsible for their infrastructure.
- Generative AI, not a company per-se, but a category, is being identified as “fueling a significant rise in cyberattacks.” The article goes on to discuss ransomware and cyber security team stress.
- Google just announced that they will soon require two administrators to sign off on any critical changes to Google Workspace. If you don’t have a second admin, it is high-time to follow Google’s recommendations and get another one set up. The process to recover an admin account is lengthy and onerous.
- Ivanti keeps making news. Another new zero-day for their MobileIron MDM was revealed and patched this week. Update fast.
- Tesla announced that a May data breach was caused by two former employees. As nearly everyone in IT knows, the human element is the weakest link in security.
- TP-Link smart bulbs have been shown to have a security threat that allows for exposure of credentials, takeover of the app, and potentially stealing Wi-Fi secrets.
- Western Digital has been in the news quite a bit lately due to their SSDs failing prematurely. They have just released firmware updates that are supposed to address the failings. If you have any of the affected drives, update quickly before yours becomes a victim.
- WinRAR has been in the news for the past two weeks for a high severity vulnerability that could allow code to execute when files are opened. Update to the latest version to mitigate this flaw.
- Highlights in Ransomware, Malware, and Vulnerabilities News
- Some wonk found a way to bypass Bitlocker using a Logical Analyzer. Fortunately, it is somewhat motherboard specific, but there it is, the path used can definitely be exploited if someone is determined. Physical access is key.
- Speaking of Physical Access, we often forget that losing an unencrypted drive with PII, PKI, or HIPAA data is a breach. A NJ hospital just sent breach notices to patients because of a missing drive.
The Cuba Ransomware group is actively exploiting a Veeam bug that had a patch and mitigation released months ago. If only someone had warned them to patch. Oh wait, they did…
- Highlights in Other News Events of Note and Interest
- The SEC’s new rules regarding incident notification requirements and more for public companies are now out. There is an excellent article that describes the requirements and potential problems.
- 28 years ago last week Windows 95 took the industry by storm and things have never been the same.
- Highlights in Cyber Insurance News
- A good report from Forrester describing the state of Cyber Insurance in 2023.
In light of the CloudNordic news, please ensure that you have working backups of your important data that are secured. It would be a real shame to be aware and still unprotected. If you’re reading this, there is no excuse for major data loss.
Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News
Headline NEWS
- Cisco Patches Vulnerabilities Exposing Switches, Firewalls to DoS Attacks
- Criminals go full Viking on CloudNordic, wipe all servers and customer data
- Generative AI fueling significant rise in cyberattacks
- Google Workspace will require two admins to sign off on critical changes
- Ivanti warns of new actively exploited MobileIron zero-day bug
- Tesla says two ex-employees behind May data breach
- Dark Day For Smart Light Bulbs As Researchers Discover TP-Link Security Threat
- Western Digital Releases Firmware Updates for Afflicted SanDisk SSDs
- High severity vuln in WinRAR could allow code to run when files are opened
Ransomware, Malware, and Vulnerabilities News
- Bypassing Bitlocker With A Logic Analyzer
- Cuba ransomware uses Veeam exploit against critical U.S. organizations
- FBI warns of patched Barracuda ESG appliances still being hacked
- Akira Ransomware Targeting VPNs without Multi-Factor Authentication
- HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack
- Microsoft, Intel confirm “Downfall” of 7th, 8th, 9th, 10th, 11th Gen CPUs, firmware fix available
- Lazarus Group’s infrastructure reuse leads to discovery of new malware
- Palo Alto’s 134-slide presentation reveals the insides of the global cyber market
- Link to Palo Alto’s PDF of their presentation, if you’re interested
- Post-Quantum Cryptography: CISA, NIST, and NSA Recommendations
- Sneaky Amazon Google ad leads to Microsoft support scam
- Crozer Health says it is recovering from ransomware attack
- Energy One Investigates Cyberattack
- Critical Adobe ColdFusion Flaw Added to CISA’s Exploited Vulnerability Catalog
- Prolific ransomware gang takes credit for Seiko data breach
- Health Data Breach Lawsuits Surge as Cyberattacks Keep Climbing
- J. hospital warning patients after possible data breach
- Major Mississippi hospital system takes services offline after cyberattack
- Rhysida ransomware claims recent attack on Prospect Medical, leaks stolen data
- CharterCARE Computers Back Online After Ransomware Attack
- Cyberattack on NorCal MLS System Drags on for 19th Day
- New Variant of XLoader macOS Malware Disguised as ‘OfficeNote’ Productivity App
- New “Whiffy Recon” Malware Triangulates Infected Device Location via Wi-Fi Every Minute
- Flax Typhoon using legitimate software to quietly access Taiwanese organizations
- North Korea’s Lazarus Group hits organizations with two new RATs
- MOVEit, the biggest hack of the year, by the numbers
- Microsoft signing keys keep getting hijacked, to the delight of Chinese threat actors
- Renegade certificate removed from Windows. Then it returns. Microsoft stays silent
- DarkGate reloaded via malvertising and SEO poisoning campaigns
- Hacker steals contact details of Bern Siwtzerland police force
- S. Space Companies Becoming Prime Targets for Foreign Malware
- Scraped data of 2.6 million Duolingo users released on hacking forum
- Spacecolon Toolset Fuels Global Surge in Scarab Ransomware Attacks
- Discord starts notifying users affected by March data breach
- From Conti to Akira | Decoding the Latest Linux & ESXi Ransomware Families
- Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders
- Ransomware With an Identity Crisis Targets Small Businesses, Individuals
- LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants
- Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack
- What the Hive Ransomware Case Says About RaaS and Cryptocurrency
- Over 3,000 Openfire servers vulnerable to takover attacks
- Leaseweb is restoring ‘critical’ systems after security breach
- How NightOwl for Mac Added a Botnet
- Ransomware Reaches New Heights
Other News Events of Note and Interest
- Balancing risk and compliance: implications of the SEC’s new cybersecurity regulations
- Google, Amazon, Nvidia, and others put $235 million into Hugging Face
- AI-generated art cannot be copyrighted, rules a US Federal Judge
- Ideogram launches AI image generator with impressive typography
- 28 years ago, Windows 95 was the start of a new era
- Apple security updates could be banned by British government
- Software Makers May Face Greater Liability in Wake of MOVEit Lawsuit
- Kali Linux 2023.3 released with 9 new tools, internal changes
- SpaceX working with Cloudflare to speed up Starlink service
- Microsoft explains why it pushed buggy Windows kernel patch after an earlier warning
- Microsoft releases new free Windows 11 virtual machines with the August 2023 update
- SentinelOne looking into potential sale after becoming takeover target
- Cybersecurity startup Wiz considers potential bid for SentinelOne
- Microsoft Loop to Become Enabled By Default for More Customers
- Microsoft makes some certification exams open book
- Microsoft is bringing Python to Excel
- Microsoft improves Windows Update on Windows 11, Windows 10 via Health Tools
- Microsoft Windows 11 gets new policies for controlling optional feature updates
- Microsoft improves Windows 11 setup, WinRE with “critical” dynamic update
- Microsoft Windows 10 KB5029331 fixes major bugs: Group policy, high CPU, BitLocker, virtual print
- Microsoft Edge for Business finally arrived on Stable channel in v. 116
- Edge Briefcase Icon: Microsoft Edge For Business Explained
- Microsoft investigates Windows (KB5029351, KB5029331) Unsupported Processor BSOD crashes
- How to Effectively Use Microsoft 365 Admin Center Reports?
- Security Onion 2.4: Free, open platform for defenders gets huge update
- Ventoy 1.0.95 is out with fixes and some enhancements
- Netgear Launches First Professional Router To Compete In SMB Networking Space
- Dropbox Unlimited Storage Ends After Google Change
Cyber Insurance News
Cyber Insurance News