December 31, 2022

Hello all,
The final Red-N Weekly Security newsletter for 2022 is below the notable callouts from this week.
Notable Callouts:

• PyTorch the open source machine learning framework had dependency confusion attack against it which lead to download of a compromised framework.
• Gamers using 3DS, Wii U, and Switch games need to be wary of a new critical vulnerability.
• A new Linux Kernel Bug requires immediate patching
• Google Ads continue to be abused to deliver malicious links via compromised software. This continued malvertising has prompted the FBI to suggest to consumers that they install ad-blockers.
• The US Military apparently didn’t sanitize gear prior to sending it to auction, exposing critical intel and massive amounts of PII that could prove deadly to some.
• Mark of the Web (MotW) protection continues to be bypassed via ISO and VHD files downloads.

Cybersecurity protection is a continual game of whack-a-mole. Threat actors are continually popping up in new locations, via new holes and methods, looking to spoil your day. Stay vigilant, ensure you have others standing by to help you smash the heads of those nasty rodents if they should rear their noggins in your environment. Two hammers are better than one, and three hammers will rarely be defeated!

Visc. Zebullon Wamboldt Pike

Headline NEWS

• ENLBufferPwn: Critical vulnerability disclosed in 3DS, Wii U, and Switch games
• New Linux Kernel Bug is a Patch Now or Disable Scenario
• Biometric devices sold on eBay reportedly contained sensitive US military data
• Hackers abuse Google Ads to spread malware in legit software
• PyTorch discloses malicious dependency chain compromise over holidays

Other News Events of Note and Interest

• Shoemaker Ecco leaks almost 60GB of customer data
• Expert found Backdoor credentials in ZyXEL LTE3301 M209
• The Guardian hit by “ransomware attack”
• Data of 400 Million Twitter users up for sale
• Hackers drain $8M in assets from Bitkeep wallets in latest DeFi exploit
• North Korean hackers stealing NFTs using nearly 500 phishing domains
• Weakest passwords of 2022
• Americans duped into losing $10 billion by illegal Indian call centers in 2022
• WordPress Anti-Spam Plugin Vulnerability Affects Up To 60,000+ Sites
• FIN7 (Carbanak )threat actor updated its ransomware activity
• BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection
• Data from multiple US electric utilities stolen in Black Basta ransomware attack
• BitKeep Confirms Cyber Attack, Loses Over $9 Million in Digital Currencies
• BitKeep CEO says some users’ private keys remain at risk after exploit
• One click and new nasty malware Azov could wipe out all your data
• EarSpy attack eavesdrops on Android phones via motion sensors
• Microsoft ends support for Surface Laptop 2, no more firmware and driver updates
• Thousands of Citrix servers still vulnerable to patched critical flaws
• The LastPass disclosure of leaked password vaults is being torn apart by security experts
• Royal ransomware claims attack on Intrado telecom provider
• How scammers are posing as your cable and internet providers
• Ransomware attack at Louisiana hospital impacts 270,000 patients
• The mounting death toll of hospital cyberattacks
• Healthcare Providers and Hospitals Under Ransomware’s Siege
• 4 Most Prolific Ransomware Gangs of 2022
• Unauthorized Sign-up on Subdomain of Subdomain leading to Organization takeover
• Hope College data breach results in federal lawsuit, request for class action status
• APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
• Social media giant Twitter hit by cyber attack in early 2022, 400 million users’ data stolen, hacker claims
• 2022 sees over 5000 times new Windows malware vs macOS, over 60 times vs Linux
• Ransomware attacks hit Iowa schools, including Davenport, although public often left in dark
• Google Home speakers allowed hackers to snoop on conversations
• Netgear warns users to patch recently fixed WiFi router bug
• Google Releases Open-Source Vulnerability Scanning Tool
• Cyber attack leaves Many USA counties locked out of their online records
• US passes the Quantum Computing Cybersecurity Preparedness Act – and why not?
• New Linux malware uses 30 plugin exploits to backdoor WordPress sites
• The Password Isn’t Dead Yet. You Need a Hardware Key
• LockBit ransomware claims attack on Port of Lisbon in Portugal

Cyber Insurance News

• Cyber attacks set to become ‘uninsurable’, says Zurich chief
• Ohio Supreme Court Says Ransomware Is Not Physical Damage

To see the report in PDF format, click here.