December 2, 2023

Hello all,

It started out as a quiet week and then ramped up rather quickly. So, let’s get right to the commentary and the rest of the linked items.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

• Apple is in the news again with zero-days that were being exploited in the wild that necessitated emergency updates. Additionally, Apple released macOS Sonoma 14.1.2 this week with updates and fixes.
• Feds Investigate Water Supply Attacks should be a headline that causes some concern. There is an awful lot of damage that can be done to equipment and people if these industrial level attacks succeed in changing chemical ratios or altering the pressure on pipes. Two separate attacks in different states were reported this week.
• Google Chrome received an emergency update this week to patch actively exploited zero-day vulnerabilities. Other Chromium based browsers should have updates out by now as well. If yours doesn’t, switch browsers.
• ownCloud has a vulnerability with a maximum 10 severity that is now being actively exploited. The public warning and patch was announced last week. A mere 4 days later, attacks were underway by the bad guys. Additionally, there are two more vulnerabilities that are not showing signs of attack yet that need to be remediated ASAP.
• Okta the Identity Management platform suffered a breach in October. At that time, they reported that only 1% of customers were affected, still a large number given how many clients Okta serves. However, this week Okta revealed that nearly 100% of customers were affected.
  In a related note, Okta has paused all new products and projects for 90 days while they work “to make sure we become one of the most secure companies in the world”.
• 73% of Internet Traffic is Malicious Bots. Let that sink in for a moment. That means that only 27% of traffic flowing across the internet is legitimate. Something needs to change. That is not sustainable. Imagine going out in public and 3 out of 4 people were actively intending to perpetrate a crime against you. That is what we’re dealing with.
• Staples the office supply store has suffered a major cyber event. Many services are down, and users are being advised not to even attempt to log into their Microsoft accounts. Ouch.
• Zyxel apparently makes NAS units. They have some critical vulnerabilities that require patching, so if you have them, you’ve been warned. Patch quickly or risk a complete takeover of your NAS.

In Ransomware, Malware, and Vulnerabilities News:

• Associated Press, ESPN, CBS among top sites serving fake virus alerts. The scourge of these things is rampant. I had a call from someone who experienced it this week. This person’s fake virus alert appeared to come via a Bing ad. Stay vigilant people. 73% of things out there on the net are out to get you.

In Other News Events of Note and Interest:

• Google seems to have lost the data of GDrive users that were on version 84 of their software. Google posted that they are still working on it, but users are not happy. Very few people realize that cloud vendors practice the “Shared Responsibility Model”. They are responsible for maintaining their infrastructure, but unless you have a contract or service with them to do so, they are not responsible for safeguarding your data. That is your responsibility to back up securely.

In Cyber Insurance News:

• Three Steps to Lowering Cyber Insurance Costs, some practical things to implement.

Retailers are reporting that the post-Thanksgiving shopping season in the USA was one of the best in recent years for sheer volume of transactions. The bad guys have taken notice. Pay particular attention to robocalls alerting you to alleged purchases. Don’t fall for it. The bad guys are looking to steal from you any way they can.

Praying that all your purchases arrived safely and were as advertised.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Apple fixes two new iOS zero-days in emergency updates
• Apple Releases macOS Sonoma 14.1.2 With Bug Fixes
• Feds probe Iranian-linked cyber attacks on US water facilities
• 2 municipal water facilities report falling to hackers in separate breaches
• Google Chrome emergency update fixes 6th zero-day exploited in 2023
• ownCloud vulnerability can be used to extract admin passwords
• ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation
• Okta now says all customers were affected in October breach
• Reports says 73 percent of internet traffic is malicious bots
• Staples confirms cyberattack behind service outages, delivery issues
• Zyxel warns of multiple critical vulnerabilities in NAS devices

Ransomware, Malware, and Vulnerabilities News

• Associated Press, ESPN, CBS among top sites serving fake virus alerts
• Henry Schein Again Restoring Systems After Ransomware Group Causes More Disruption
• Google researchers report critical zero-days in Chrome and all Apple OSes
• British Library hack: Customer data offered for sale on dark web
• 60 credit unions facing outages due to ransomware attack on popular
• Hackers use new Agent Raccoon malware to backdoor US targets
• PoC for Splunk Enterprise RCE flaw released
• SMBs face surge in “malware free” attacks
• Hackers Hijack Industrial Control System at US Water Utility
• Slovenia’s largest power provider HSE hit by ransomware attack
• Qilin ransomware claims attack on automotive giant Yanfeng
• LockBit claims cyberattack on India’s national aerospace lab
• Black Basta ransomware made over $100 million from extortion
• Russian Hacker Vladimir Dunaev Convicted for Creating TrickBot Malware
• CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks
• New wave of ransomware attacks plague U.S. critical infrastructure post Thanksgiving
• Ransomware ‘catastrophe’ at Fidelity National Financial causes panic with homeowners and buyers
• After a week-long outage, Fidelity National Financial confirms cyberattack is now ‘contained’
• Shimano Ransomware Attack: Company Didn’t Pay Ransom, Hackers Published a LOT of Data
• High school fires IT manager — then he launches cyberattack on its network, feds say
• Google Unveils RETVec – Gmail’s New Defense Against Spam and Malicious Emails
• Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks
• Watch out for fake calls from Amazon, Apple, Visa, Chase Bank
• AI like ChatGPT is creating huge increase in malicious phishing email
• Organizations can’t ignore the surge in malicious web links
• General Electric investigates claims of cyber attack, data theft
• About 4 million New Yorkers impacted by medical company’s data breach
• Dollar Tree hit by third-party data breach impacting 2 million people
• New BLUFFS attack lets attackers hijack Bluetooth connections
• DP World confirms data stolen in cyberattack, no ransomware used
• Tazewell County, IL working to restore systems after cyber incident
• Hendersonville, NC city system targeted in cyber attack, employee data potentially compromised
• Zoom Vulnerability Allowed Hackers to Take Over Meetings, Steal Data
• Attackers could abuse Google’s SSO integration with Windows for lateral movement
• LogoFAIL bugs in UEFI code allow planting bootkits via images
• China Is Ramping Up Cyberattacks Against Taiwan, Google Says
• ID Theft Service Resold Access to USInfoSearch Data
• Lazarus is using a MagicLine4NX zero-day in supply chain attack
• FjordPhantom Android malware uses virtualization to evade detection
• Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections
• Hackers Can Exploit ‘Forced Authentication’ to Steal Windows NTLM Tokens
• Top Biglaw Firm Removed From Notorious Hackers’ Website 1 Day Ahead Of Ransomware Deadline
• Member of Russian cybergang Trickbot pleads guilty in $180 million global ransomware spree
• SIM swap victim loses $46K as thieves take over her phone number and bank accounts
• Key Cybercriminals Behind Notorious Ransomware Families Arrested in Ukraine
• North Korean Hackers ‘Mixing’ macOS Malware Tactics to Evade Detection
• US seizes Sinbad crypto mixer used by North Korean Lazarus hackers
• Japan’s space agency suffers cyber attack, points finger at Active Directory
• DJVU Ransomware’s Latest Variant ‘Xaro’ Disguised as Cracked Software
• Notepad++ Input Validation Flaw Leads Search Path Vulnerability
• How Hackers Phish for Your Users’ Credentials and Sell Them
• Data-destroying defect found after OpenZFS 2.2.0 release
• AWS Kill Switch: Open-source incident response tool

Other News Events of Note and Interest

• Google Drive users angry over losing months of stored data
• As Google Drive struggles with missing files bug, it redesigns its homepage to find files faster
• Google will start deleting Photos and Gmail accounts this week
• Good luck finding competent Copilot help, warns Microsoft MVP
• Senate Democrat says he’ll block vote on new NSA, Cyber Command chief
• Broadcom Tells VMware Partners To Halt ‘Commingled’ Carbon Black Deals
• Meta AI unveils ‘Seamless’ translator for real-time communication across languages
• Amazon announces Q, an AI chatbot for businesses
• Amazon finally releases its own AI-powered image generator at AWS re:Invent 2023
• Okta Delays New Products, Projects 90 Days to Boost Security
• PolarDNS – Free DNS Server Vulnerability Research & Pentesting
• Evernote tests drastic restrictions on free users
• A bold step to secure cloud computing for the AI era
• Ikea debuts a trio of affordable smart home sensors
• HP printer software turns up uninvited on Windows systems
• S., U.K., and Global Partners Release Secure AI System Development Guidelines
• Hardware security keys are one way you can keep your accounts safe
• Layoffs Engulf VMware After Broadcom Close, ‘Chaos’ For Partners In Sales Trenches
• VMware president Sumit Dhawan out – scores gig as CEO of infosec vendor Proofpoint
• Microsoft shares temp fix for Outlook crashes when sending emails
• Microsoft deprecates Defender Application Guard for Office
• Microsoft is ending support for its Microsoft 365 browser extension
• Microsoft Paint’s DALL-E 3 integration is rolling out on Windows 11
• Microsoft gives up on internet search to build a better AI brand
• Microsoft warns that a key accessibility feature is broken in Windows 11 23H2
• What is Microsoft 365 Backup service? Redmond’s new pay-as-you-go product launches in December

Cyber Insurance News

• Three Steps To Lowering Cyber Insurance Costs
• Why cyber insurance is important for SMEs
• Inadequate Cyber Insurance Is A Huge Gamble
• Ransomware “back with a vengeance” warns Allianz cyber head