December 14, 2024

Hello all,

Patch Tuesday didn’t disappoint this past week. Hundreds of flaws, defects, and vulnerabilities had fixes proffered by their respective vendors and developers as holiday gifts to already overworked defenders. According to Tenable, Microsoft alone has lobbed 1,009 security bugs at us so far this year – and the year is not over yet! That number is just a tad less than 2023’s total of 1,063. I thought things were supposed to be getting better? A guy can hope, right?  Onward to other cyber news of the past week.

As usual, my commentary is followed by a plethora of links to other items that are worth skimming to see if they interest you or pertain to your particular environment or of those you support.

Headline NEWS:

• Adobe, which has significantly less products than Microsoft, managed to publish patches for more than double Microsoft’s count, coming in at 160 defect fixes for December. Some are pretty severe, so update soon.
• Apache issued patches for a Remote Code Execution (RCE) flaw in Struts 2 back in November. Time was given to patch before fully disclosing the details. They are now public, and it is as bad as it gets. If you use this and haven’t patched yet, you’re probably compromised.
• Cleo makers of Harmony, VLTrader, and LexiCom, filesharing and integration software used by thousands of businesses worldwide, were the subject of a zero-day exploitation this past week. Huntress Labs detected the attacks on their clients and helped Cleo in developing a fix that is now available. This flaw can lead to RCE, so don’t delay in patching.
• Dell has several high severity defects that received patches this past week. The highest of which received a 10 on the Common Vulnerability Scoring System (CVSS) meaning that it can be exploited like a hot knife through butter.
• Google didn’t want to be left out, so they patched some serious defects in their Chrome browser, leading other Chromium-based browsers to do likewise shortly thereafter. If you haven’t updated your browser yet, please do so that you don’t become a holiday statistic.
• Ivanti, that name gives me the heebie jeebies, has released patches for newly found defects. Thankfully they are not known to be actively exploited – yet. Patch soon.
• Microsoft, as mentioned before, has unleashed their December Patch Tuesday horde of fixes. This time around there were 72 of them with only one known zero-day patch in the lot, for the Common Log File System. That’s not to say that there are no more zero-days, just there are no more patches from Microsoft for them. There’s an NTLM one that won’t receive a patch until April 2025.
• OpenWrt is a very capable open-source router and firewall software that can be flashed onto a large number of vendor’s products. A defect was found that carries a CVSS score of 9.3 out of a maximum of 10. A new update is available, so patch yours if you have this.
• QNAP has released updates to fix multiple flaws found in Pwn2Own and some from other sources. If you use QNAP, update soon to keep yours safe.

In Ransomware, Malware, and Vulnerabilities News:

• Krispy Kreme was hit by a cyberattack. While ransomware has not been officially confirmed, based on publicly available data, that is likely the case. Where will this madness end? Attacking those delicious, sweet, puffy, delectable morsels of heaven-sent manna is going too far! It is time to send in the Navy Seals to hunt down the perpetrators and dip them in hot donut glaze!

In Other News Events of Note and Interest:

• Microsoft is trying a new LLM based email client, and if you have the chops, you could earn some holiday jingle. “Microsoft is offering $10k prize for hackers who can exploit vulnerabilities in its LLM.”

Musings:

While the never-ending game of whack-a-mole with patches and fixes for defects, bugs, and vulnerabilities continues to ramp up, there is hope on the horizon. The drumbeat of AI has been steadily increasing this past year and it is now the heartbeat of most of the tech industry’s glimmering halls and also that of threat actor dank sewers. On the defender’s front, we’re starting to see the fruits of that labor with AI finding and mitigating defects in software, actively defending against attacks, and even reading through all email to stop phishing and worse with greater than 99% efficacy. The next year should be amazing! Naturally the underbelly of society will continue to advance their AI skills as well, but I am optimistic for the future – provided AI doesn’t decide we are all the problem.

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Adobe Patches Over 160 Vulnerabilities Across 16 Products
• Apache issues patches for critical Struts 2 RCE bug
• Threat Advisory: Oh No Cleo! Cleo Software Actively Being Exploited in the Wild
• Cleo patches zero-day exploited by ransomware gang
• CISA confirms critical Cleo bug exploitation in ransomware attacks
• Dell Power Manager Vulnerability Let Attackers Execute Malicious Code
• Dell Product Vulnerabilities Let Attackers Compromise Affected Systems
• Chrome Security Update, Patch for 3 High-severity Vulnerabilities
• Ivanti warns of maximum severity CSA auth bypass vulnerability
• Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities
• Microsoft holds last Patch Tuesday of the year with 72 gifts for admins
• Patch Tuesday, December 2024 Edition
• Microsoft Ships Urgent Patch for Exploited Windows CLFS Zero-Day
• Microsoft NTLM Zero-Day to Remain Unpatched Until April
• Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection
• Multiple QNAP Vulnerabilities Let Remote Attackers Compromise System Remotely 

Ransomware, Malware, and Vulnerabilities News

• Operation PowerOFF shuts down 27 DDoS-for-hire platforms
• Spain busts voice phishing ring for defrauding 10,000 bank customers
• Germany blocks BadBox malware loaded on 30,000 Android devices
• 796 arrests in massive EU action against organised crime
• DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years
• FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized
• Thousands of children exposed in major data breach — including names, addresses and social security numbers
• US Banks Witness 1,000% Surge in Digital Scams As JPMorgan Chase, Wells Fargo and Bank of America Customers Lose $166,000,000 on Zelle in One Year
• Data breach at Senior Dating website spills info of 765,000 users
• CISA warns water facilities to secure HMI systems exposed online
• Citrix NetScaler Devices Under Attack, Brute-force Attacks Exploiting Zero-days
• Citrix shares mitigations for ongoing Netscaler password spray attacks
• Critical Windows Zero-Day Vulnerability Exploited in the Wild
• Critical Windows UI Automation Vulnerability Let Hackers Bypass EDR
• Windows Remote Desktop Services Vulnerability Let Attackers Execute Remote Code
• Microsoft Recall is capturing screenshots of sensitive information like credit card and social security numbers
• Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online
• Radiant Capital Hack: How Hackers Used a PDF to Steal $50 Million
• WAF Vulnerability in Akamai, Cloudflare, and Imperva Affected 40% of Fortune 100 Companies
• Popular Python AI library hacked to deliver malware
• New stealthy Pumakit Linux rootkit malware spotted in the wild
• Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS
• ‘BadRAM’ exploit: Security flaw in computer memory leads to worldwide fixes
• New BadRAM Attack Exploits AMD SEV Protections, Threatens Cloud Security
• Panic at the Cisco tech, thanks to ancient IOS syntax helper that outsmarted itself
• ZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 Comms
• Kaspersky warns of a surge in potentially malicious apps posing as VPNs
• How Cryptocurrency Turns to Cash in Russian Banks
• Rockwell Automation Vulnerabilities Let Attackers Execute Remote Code
• OpenWrt orders router firmware updates after supply chain attack scare
• Open source malware up 200% since 2023
• Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket
• Cybercrime Gangs Steal 1,000s of AWS Credentials
• Ongoing Phishing and Malware Campaigns in December 2024
• Akira and RansomHub Surge as Ransomware Claims Reach All-Time High
• Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering
• China’s Salt Typhoon recorded top American officials’ calls, says White House
• US sanctions Chinese firm for hacking firewalls in ransomware attacks
• Chinese cybersecurity firm facing US sanctions over alleged ransomware attacks
• US offers $10 million reward for Chinese hackers
• US Updates a Science and Technology Pact With China to Reflect Growing Rivalry and Security Threats
• How China’s Cyberespionage Has Changed
• Romanian energy supplier Electrica hit by ransomware attack
• Ransomware attack hits leading heart surgery device maker
• Krispy Kreme hit by cyberattack, disrupting delivery of online doughnut orders
• Auto parts giant LKQ says cyberattack disrupted Canadian business unit
• Japanese game and anime publisher reportedly pays $3 million ransom to Russia-linked hackers
• Hackers ask for cryptocurrency in apparent ransomware attack on Rutherford County, TN Schools
• Ransomware detected on Wood County, OH government computer network
• RI computer network hit by major cyberattack, forcing public benefits system shutdown
• WPForms bug allows Stripe refunds on millions of WordPress sites
• 390,000 WordPress accounts stolen from hackers in supply chain attack 

Other News Events of Note and Interest

• Top cybersecurity books for your holiday gift list
• Snowflake Will Make MFA Mandatory Next Year
• You could soon need a VPN to use TikTok in the US
• TikTok denied emergency request to stop ban from taking effect
• HDMI 2.2 to debut at CES 2025 —new standard brings higher resolutions, refresh rates, and bandwidth
• AI is moving undercover at work in 2025, according to Deloitte’s Tech Trends report
• Android XR is Google’s new operating system for headsets and smart glasses
• Google unveils AI coding assistant ‘Jules,’ promising autonomous bug fixes and faster development cycles
• Google unveils Project Mariner: AI agents to use the web for you
• ChatGPT now understands real-time video, seven months after OpenAI first demoed it
• TSMC’s test run of 2nm chips results in a yield just short of what’s acceptable for mass production
• Russia Tests Cutting Off Access to Global Web, and VPNs Can’t Get Around It
• Uncovering Attacker’s Infrastructure & Tactics Via Passive DNS
• Amazon pauses $1bn Microsoft 365 rollout following Russian security concerns
• Classic Outlook gets an official ‘death date’ and users are urged to switch
• Microsoft launches Phi-4, a new generative AI model, in research preview
• Microsoft challenges you to hack its LLM email service
• Microsoft 365 outage takes down Office web apps, admin center
• Microsoft rolls out Recall for Intel, AMD-based Copilot+ PCs
• Microsoft To Supercharge Teams Comms With Native SMS Messaging
• Microsoft’s Recall AI is creepy, clever, and compelling
• Windows 11 KB5048667 & KB5048685 cumulative updates released
• Windows 10 KB5048652 update fixes new motherboard activation bug
• Windows 11 24H2 strikes again – Outlook might not start with Google Workspace Sync running
• Microsoft lifts Windows 11 24H2 block on PCs with USB scanners
• Microsoft enforces defenses preventing NTLM relay attacks
• Microsoft begins removing NTLM on Windows 11 24H2, Server 2025 already
• Quick Share for Windows gets improved visibility settings