December 16, 2023

Hello all,

Happy Patch Tuesday week! As with past years, Microsoft released fewer updates this month than in prior months, but Adobe thought that it should provide a holiday gift to make up the difference and released patches for 207 items. A few other vendors follow the same cycle, so be sure to check your products for any updates.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

• Adobe starts the headlines with 207 updates for a number of their products. This time Acrobat was not included, but a good number of their other items were. Make sure you check your Adobe software for updates.
• Apple released emergency updates for actively exploited items in some older devices this week, and they released security updates for critical items in iOS and macOS for the rest of the iFruit ecosystem.
• Microsoft didn’t overwhelm this month, as expected, but there is at least one rather severe item, an MSHTML vulnerability that should be patched sooner than later as simply receiving a specially crafted email (if it passes your filters) can trigger this exploit. One zero-day for AMD processors, that was announced earlier was also patched this month by Redmond’s warriors.
• Sophos, in a smart marketing and good internet citizen move, made patches available for actively exploited RCE attacks on unsupported firewalls. Hopefully, the admins for these vulnerable firewalls take notice and plug the holes via Sophos’ early Christmas gift.

In Ransomware, Malware, and Vulnerabilities News:

• Log4Shell/Log4j is still being exploited by threat actors, nearly two years after the pants-on-fire vulnerability was revealed. A surprising statistic shows that almost 25% of apps are still vulnerable to this flaw. The Lazarus Group is actively using it to install Remote Access Trojans onto vulnerable systems.
• North Korea’s Lazarus criminals are responsible for nearly 20% of the world’s crypto losses. That’s staggering! One dirt-speck oppressive regime is behind every 5th successful crypto theft.

In Other News Events of Note and Interest:

• Linux kernel 6.6.6 released to fix a WiFi regression issue. Linux versions have traditionally released with interesting names such as Laughing Rebecca, or Bookworm. I choose to dub this one Lucifer’s Deadlock Daemon. Alas, the daemonic numerological anomaly ended a few days later when version 6.6.7 was released with 268 files updated.
• VMware Fusion Blog announced that, as suspected, they are moving to a subscription model. Perpetual licenses are now extinct. It does appear that VMware Player and Fusion Player will still be free of charge. As of this writing, I’m uncertain if the ESXi version of VMware will remain free.

In Cyber Insurance News:

• Does Pentesting Actually Save You Money On Cyber Insurance Premiums? The article gives good information about what drives costs and affirms that good Pentesting can in fact save you money on premiums.

As many organizations prepare for a slowdown at the end of the calendar year, it is vital to remain vigilant. Malevolent dirt-bags, intent on doing your company harm ramp up their sleazy ways during this season, expecting that defenders will be taking much needed breaks. Make sure that things are buttoned up, and somebody is minding the store before you step away to participate in this season’s festivities.

The greatest gift any cyber-defender can receive, or give, is peace of mind.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Adobe Patches 207 Security Bugs in Mega Patch Tuesday Bundle
• Apple emergency updates fix recent zero-days on older iPhones
• Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws
• Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day
• Microsoft’s Final Patch Tuesday of 2023 goes out with a bang
• Sophos backports RCE fix after attacks on unsupported firewalls

Ransomware, Malware, and Vulnerabilities News

• 3CX warns customers to disable SQL database integrations
• macOS Sonoma 14.2 comes with these 20 important security fixes
• Increased Cyber Regulation in the Offing as Attacks Mount
• Cyber attacks against key US infrastructure continue, but this time its China
• The growing abuse of QR codes in malware and payment scams prompts FTC warning
• MongoDB says customer data was exposed in a cyberattack
• QNAP VioStor NVR vulnerability actively exploited by malware botnet
• PikaBot distributed via malicious search ads
• Apple Shuts Down Flipper Zero’s Ability to Shut Down iPhones
• CISA releases new tools to help agencies secure Gmail, other Google applications
• FBI: Cyberattack was a targeted ‘escalation’ on overlooked technology
• FBI investigating Ohio school email threat by alleged Russian terrorist account
• Online scamming industry includes more human trafficking victims, Interpol says
• BazarCall attacks abuse Google Forms to legitimize phishing emails
• Fake hotel reservation phishing scam uses PDF links to spread MrAnon Stealer
• Lazarus Group Using Log4j Exploits to Deploy Remote Access Trojans
• New ‘GambleForce’ Threat Actor Behind String of SQL Injection Attacks
• Toyota warns customers of data breach exposing personal, financial info
• Russian cybergroup Star Blizzard unleashes global spear-phishing attack
• Cold storage giant Americold discloses data breach after April malware attack
• Chrome 120 Update Patches High-Severity Vulnerabilities
• Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs
• Microsoft: OAuth apps used to automate BEC and cryptomining attacks
• BianLian, White Rabbit, and Mario Ransomware Gangs Spotted in a Joint Campaign
• Norton Healthcare says 2.5 million people ‘potentially’ impacted by ransomware attack
• Memorial Sloan Kettering Cancer Center claimed by rookie ransom group
• Kraft Heinz reviewing claims of cyberattack but internal systems ‘operating normally’
• Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol
• New cybercrime market ‘OLVX’ gains popularity among hackers
• Microsoft seizes domains used to sell fraudulent Outlook accounts
• LockBit ransomware now poaching BlackCat, NoEscape affiliates
• How cybercriminals are using Wyoming shell companies for global hacks
• Study: Customized GPT has security vulnerability
• Stealthy KV-botnet hijacks SOHO routers and VPN devices
• Over 1,450 pfSense servers exposed to RCE attacks via bug chain
• Cybercriminals continue targeting open remote access products
• US nuclear research lab data breach impacts 45,000 people
• Two years on, 1 in 4 apps still vulnerable to Log4Shell
• New malware is using direct emails to hunt the head-hunters
• Org Server & XWayland Updated Due To Two Decade-Old Security Vulnerabilities
• 116 Malware Packages Found on PyPI Repository Infecting Windows and Linux Systems
• North Korea–linked Lazarus Group responsible for nearly 20% of crypto losses—more than $300 million worth—in 2023
• UniFi devices broadcasted private video to other users’ accounts

Other News Events of Note and Interest

• Apple responds to Beeper’s iMessage for Android: ‘We took steps to protect our users’
• Apple releases iOS 17.2 and macOS 14.2, delays two features to 2024
• Apple to introduce new feature that makes life harder for iPhone thieves
• vSphere data loss bug returns – CBT issues in vSphere ESXI 8.0 update 2
• Cloudflare dishes up the stats on internet traffic in 2023
• CISA urges tech manufacturers to stop using default passwords
• BlackBerry names insider as CEO, abandons IPO plans for IoT business
• Gen AI is turning the cybersecurity landscape—and the CISO role—on its head
• Have 10 hours? IBM will train you in AI fundamentals – for free
• Discord adds Security Key support for all users to enhance security
• Meta unveils Audiobox AI for voice cloning, making ambient sounds
• Portable, non-invasive, mind-reading AI turns thoughts into text
• Google Will Turn Off Cookies for 30 Million People on January 4
• Oracle Announces the General Availability of Oracle Database@Azure
• Which cybersecurity controls are organizations struggling with?
• How to install macOS in VirtualBox
• Linux 6.6.6 Released Due To WiFi Regression
• A New Chapter – VMware Fusion Blog
• Broadcom halves subscription price for VMware’s flagship hybrid cloud suite
• Most IT Pros Felt Ready for Password-Based Attack; More Than Half Fell Victim
• FTC is investigating Adobe over its rules for canceling software subscriptions
• Proton Mail finally gets a desktop app for encrypted email and calendar
• Cool Tool – WinToUSB 8.4
• Cool Tool – NirLauncher 1.30.8
• Hold Off Debian Upgrades: Kernel 6.1.64 ext4 Bug Alert
• Not even LinkedIn is that keen on Microsoft’s cloud: Shift to Azure abandoned
• Following Microsoft Defender, Avira now freezing Windows at boot with 100% CPU / RAM usage
• Microsoft Releases Tool to Fix Printer Metadata, removing incorrect HP LaserJet M101-M106
• Microsoft is making printing better on Windows, and Insiders are getting the first taste of it
• Windows 10 December 2023 Patch Tuesday (KB5033372) out — here’s what’s new and what broke

Cyber Insurance News

• Privileged access management: Empowering higher-ed cyber insurance policies
• US to study possible federal cyber insurance program
• Debunking the misconceptions of cyber insurance: Marsh
• Does Pentesting Actually Save You Money On Cyber Insurance Premiums?