August 5, 2023

Hello all,

It has been a surprisingly busy week as far as news items are concerned. The next two weeks should prove to be even busier. Hacker Summer Camp starts next week in Las Vegas, NV. There are three separate events attracting an estimated 45,000 hackers, crackers, phreaks, geeks, nerds, criminal overlords, and cyber people of all ranks, skill sets, colors, abilities, sizes, and nationalities. There will be numerous product announcements, vulnerability reveals, and tools demonstrated for use by good guys, and bad guys. And, if that wasn’t enough, Tuesday is Patch Tuesday. Buckle up, it looks like it will be a bumpy ride.

As usual, the complete the Red-N Weekly Cyber Security News newsletter report is below the Notable Callouts. Don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters. 

Notable Callouts:

• Apple users have a new malware to worry about. It is a hidden VNC server that is apparently trivial to install. The latest MacOS’s are protected, but older versions are vulnerable.
• AWS has unveiled an AI to assist doctors. While I can see the benefits, I do ask that they please, please check what the AI is recommending. I do not want to lose body parts due to a hallucinating AI.
• Backblaze, in addition to being a rather inexpensive data hosting company, puts out regular reports on the statistics for hard drives and SSD drives they use. The Q2 HDD data is now available. There are some clear winners and losers. If you’re looking to purchase storage, it is worth checking their reports.
• Burger King, that’s a name you don’t expect to see in a Cybersecurity focused newsletter. Due to an error in a webserver for job applicants, there were publicly exposed passwords available.
• Citrix ShareFile has made a patch available for an RCE, but apparently not everyone has gotten the message. Attackers have started to exploit unpatched systems.
• Cloudzy, such an innocent sounding name, is a US internet hosting provider that has been proven to enable a large portion of cyber-criminal activity and may be linked to a NSO in Iran.
• Google is pitching a new method to authenticate devices that connect. Their plan has come under intense backlash by experts and companies that make Chromium based browsers.
• Ivanti has another zero day that has been found. Patch quickly.
• Linus Torvads, in what is a somewhat surprising move, has called for turning off AMD’s “stupid” fTPM due to numerous errors with attempted fixes, and errors still persisting.
• Milesight Industrial Routers recently underwent intense scrutiny. They were shown to have dozens of RCEs. If you use these, check for updates and mitigation advice immediately.
• PaperCut has a new high-severity vulnerability that’s been patched. If you or your customers have a version lower than 22.1.3, patch quickly.
• Tenable, maker of the Nessus scanner, has had their CEO, Amit Yoran, accuse Microsoft of negligence and “a culture which denies the criticality of vulnerabilities.” Apparently, the public calling out had some efficacy as Microsoft promptly fixed the vulnerability that triggered the outburst.
• VMware released patches for multiple vulnerabilities in their Horizon Server product.

• In Ransomware, Malware, and Vulnerabilities News, 67% of data breaches start with a single click. That statistic should send shudders through every security defender.
  
  The aforementioned Microsoft vulnerability called out by Amit Yoran and Microsoft’s response is in this section this week.
  
  ICS/OT systems are increasingly showing up in the news as attackers are shifting to what they know are likely to be unpatched and largely unmonitored systems.

• In Other News Events of Note and Interest, the White House has released a cybersecurity workforce and education plan that is worth perusing.
  
  Google will start deleting inactive accounts in December.
  
  Firefox version 116 has dropped support for Windows 7, 8, and macOS 10.1.

• In Cyber Insurance News, a report that Cyber Insurance is NOT fueling the ransomware epidemic.

With the trifecta of Hacker Summer Camps (Blackhat, BSidesLV, and DefCon) coming up, batten the hatches, shore up the lines, and prepare for some rough seas soon. Lots of folks on both sides of the security divide will be newly armed for combat.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Apple Users Open to Remote Control via Tricky macOS Malware
• AWS unveils new generative AI tool for doctors
• Backblaze Drive Stats for Q2 2023
• Burger King forgets to put a password on their systems
• Experts warn attackers started exploiting Citrix ShareFile RCE flaw
• Cloudzy, US internet hosting company appears to facilitate global cybercrime
• New Google Chrome browser security plan slammed by experts
• Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081)
• Linus Torvalds Is Tired of AMD’s ‘Stupid’ fTPM Errors
• Milesight Industrial Router shown to have dozens of RCE vulnerabilities
• PaperCut Software found to have a new high-severity flaw
• Tenable CEO accuses Microsoft of negligence in addressing security flaw
• VMware Horizon Server has multiple vulnerabilities that need patching

Ransomware, Malware, and Vulnerabilities News

• CISA Sounds the Alarm on UEFI Security
• 67% of data breaches start with a single click
• Ransomware attacks have doubled thanks to AI
• Global ransomware attacks at an all-time high and the US is the primary target
• US is number one for ransomware attacks, 7x more than the next country
• Microsoft Fixes Azure Flaw in the Wake of Withering Criticism
• Security Hole in Minecraft Mods Lets Hackers Take Control
• Akira Ransomware Expands to Linux with In-built Tor Website
• Ninja Forms Version 3.6.26 Patches Multiple High Severity Security Vulnerabilities
• Major Cybersecurity Agencies Collaborate to Unveil 2022’s Most Exploited Vulnerabilities
• New Microsoft Azure AD CTS feature can be abused for lateral movement
• ‘DarkBERT’ GPT-Based Malware Trains Up on the Entire Dark Web
• Chrome malware Rilide targets enterprise users via PowerPoint guides
• Hackers can abuse Microsoft Office executables to download malware
• Hawaii’s Gemini North Observatory Suspended After Cyberattack
• Clop ransomware now uses torrents to leak data and evade takedowns
• Piles of Unpatched IoT, OT Devices Attract ICS Cyberattacks
• Israel’s largest oil refinery website offline after DDoS attack
• Fruity Trojan Uses Deceptive Software Installers to Spread Remcos RAT
• Officials found suspected Chinese malware hidden in various US military systems
• Pentagon investigating Air Force engineer’s ‘critical compromise’ of communications
• Free Airline Miles, Hotel Points, and User Data Put at Risk by Flaws in Points Platform
• Researchers Discover Bypass for Recently Patched Critical Ivanti EPMM Vulnerability
• AVRecon Botnet Leveraging Compromised Routers to Fuel Illegal Proxy Service
• Microsoft downplays damaging report on Chinese hacking its own engineers vetted
• New P2PInfect Worm Targets Redis Servers with Undocumented Breach Methods
• New NodeStealer Targeting Facebook Business Accounts and Crypto Wallets
• Hackers exploited Salesforce zero-day in Facebook phishing attack
• Hackers continue to distribute malware through hacked verified pages on Facebook
• Cyberattack disrupts hospital computer systems across US, hindering services
• Marine industry giant Brunswick Corporation lost $85 million in cyberattack
• SpecterOps Updates BloodHound Active Directory Mapping Tool
• FBI investigation reveals that it was unknowingly using NSO-backed spyware
• Hackers steal Signal, WhatsApp user data with fake Android chat app
• Hackers manage to unlock Tesla software-locked features worth up to $15,000
• Ransomware Attacks on Industrial Organizations Doubled in Past Year
• Air-Gapped ICS Systems Targeted by Sophisticated Malware
• Threat actors abuse Google AMP for evasive phishing attacks
• Canon warns of Wi-Fi security risks when discarding inkjet printers
• Cisco adds new ransomware recovery capabilities to XDR solution
• CISA: ‘Submarine’ Backdoor Torpedoes Barracuda Email Security
• Russian hackers target govt orgs in Microsoft Teams phishing attacks
• US, Norway say hackers have been exploiting Ivanti zero-day since April
• Over 640 Citrix servers backdoored with web shells in ongoing attacks
• VMware ESXi Servers Face New Threat from Abyss Locker
• New LLM-based SOC tool to help automate security response
• Firefox fixes a flurry of flaws in the first of two releases this month
• New acoustic attack steals data from keystrokes with 95% accuracy
• SSH is the service most targeted by cloud attackers
• Satellites easier to hack than a Windows device
• Teach a Man to Phish and He’s Set for Life
• Phishing scams love mimicking Microsoft
• Been Hacked? These are Your Next Steps
• The race against time in ransomware attacks
• Better Business Bureau warns of ‘Say Yes’ phone scam
• Old-school hacktivism is back because it never went away

Other News Events of Note and Interest

• How CISOs can engage the C-suite and Board to manage and address cyber risk
• Riding the vCISO Wave: How to Provide vCISO Services
• Colleges are now teaching courses on how to use ChatGPT effectively
• White House releases cybersecurity workforce and education plan
• CISA Guide to Harden Cisco Firewalls
• VPNs remain a risky gamble for remote access
• Google Chrome is Ditching the Downloads Bar
• Microsoft Loop is now in the Microsoft Store
• Microsoft Describes Microsoft 365 Backup and Archive
• Microsoft 365 Backup – Is Your Cloud Data Secure?
• Microsoft 365 Gets Simplified Sharing Experience
• Microsoft Word for Web Is Now Closer to the Desktop Apps
• Microsoft fixes WSUS servers not pushing Windows 11 22H2 updates
• Microsoft confirms it’s killing TLS 1.0 and 1.1 on next-gen Windows 11
• Microsoft Entra ID Introduces Strict Location Enforcement
• Microsoft shares fix for Outlook asking to reopen closed windows
• Microsoft accidentally leaks internal tool that can enable hidden Windows 11 features
• Microsoft Revises Cloud Licensing Policies to Let Customers Run Office on AWS
• ‘Update and Shutdown’ command is bugging out on Windows, annoying users
• Microsoft Solution Providers Weigh In On M365 Copilot Price Tag
• Stability AI releases Stable Diffusion XL, its next-gen image synthesis model
• Google warns again it will start deleting inactive accounts in December
• Lumen shakes up telecom industry with Network-as-a-Service offering
• Intel releases a new Wi-Fi driver for Windows 10 and 11 with fixes and speed improvements
• AI on AI action: Googler uses GPT-4 chatbot to defeat image classifier’s guardian
• US government outlines National Cyber Workforce and Education Strategy
• Firefox 116 drops Windows 7 and 8, as well as macOS 10.1
• Avaya reseller pleads guilty to role in $88m licensing scam
• How I recovered ‘irreplaceable’ photos off an SD card for free

Cyber Insurance News

• Cyber-Insurance Underwriting Is Still Stuck in the Dark Ages
• Cyber insurance is not fueling the ransomware epidemic, says new analysis
• MOVEit attacks provide key lessons for cyber re/insurance industry