December 9, 2023

Hello all,

There are a few rather severe items to be aware of this week, called out below. And this coming Tuesday is Patch Tuesday for Microsoft and a number of other vendors. Traditionally, December’s release has held fewer updates than other months. Let’s hope the trend continues. And please computing world, no Log-for Shell scale surprises at the start of the Christmas holiday this year.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

• Atlassian has released updates for four of their products; three of the flaws could lead to Remote Code Execution, so patch quickly if you use this.
• Bluetooth has a critical flaw dubbed BLUFFS that exists in pretty much every mobile implementation, Android, Apple, and Linux. If you have a vulnerable device, a threat actor within 33 feet (10 meters to the rest of the world) could conduct an RCE against the device. It will be up to the vendors to patch this flaw. If your device cannot get updates, you should consider turning Bluetooth off, or replacing your device. I have personally just replaced my device as a result of this new serious revelation.
• Google Drive version 84 caused files to disappear for a subset of users (as reported last week). Google has now published guidance on retrieving the files.
• UEFI LogoFAIL firmware attack. We’d reported on this item last week, but it bears repeating as the tech industry took active notice this week. Watch for updates from your device manufacturers and apply them quickly. It won’t be long until some dirtbag looking to spoil your day finds a way to chain a Privilege Escalation flaw and take advantage of LogoFAIL to install persistent and nearly undetectable malware and backdoors.
• WordPress is in the news quite frequently. This week there are two headlining items. The first is that a very official looking and well-crafted fake advisory being spammed out is fooling admins into installing a backdoor into their sites. The second is an actual issue with WordPress itself that requires an immediate update or action to mitigate an RCE flaw.

In Ransomware, Malware, and Vulnerabilities News:

• USPS – United States Postal Service scams are abounding this year via email and text message. While USPS will send you delivery notifications, if you’ve requested them, they will never send you a link in the message. Don’t fall for the click-bait.

In Other News Events of Note and Interest:

• AI can recreate images from human brainwaves. That headline sounds like science fiction, but it is rapidly becoming reality. Researchers have been able to reproduce images with up to 75% accuracy from just brainwaves. It seems that it is only a matter of time when computers will actually be able to read your thoughts. We are living in strange and exciting times!

In Cyber Insurance News:

• Cyber-Attacks are More Likely Than Fire or Theft, businesses are 67% more likely to experience a cyber incident than a physical theft and almost five times as likely to have an attack as a fire. Among SMB’s, only 17% have cyber coverage. Clearly SMB’s need to be better educated on the risks that face them.

Happy Hanukkah to our Jewish readers! And to all of our readers, may this Holiday Season bring you much light in this world filled with so much cyber darkness.

In closing, I present a video created by Network People “Twas The Week Before Christmas (Cyber Security Edition)”, narrated by Tampa Bay’s Al Reuchel. It bears an important and timely message for all to take to heart. And, as the video conclusion states, “Have a cyber-safe holiday”.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution
• Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover
• Fake WordPress security advisory pushes backdoor plugin
• Google has a fix for missing Drive files on desktop
• Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images
• WordPress fixes POP chain exposing websites to RCE attacks

Ransomware, Malware, and Vulnerabilities News

• Cyberattack on Irish Utility Cuts Off Water Supply for Two Days
• Bypassing major EDRs using Pool Party process injection techniques
• VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks
• Linux version of Qilin ransomware focuses on VMware ESXi
• Google Patches Critical Flaw That Can Be Abused to Hack Android Phones
• AutoSpill attack steals credentials from Android password managers
• Apple Confirms Governments Using Push Notifications to Surveil Users
• CISA details twin attacks on federal servers via unpatched ColdFusion flaw
• New SLAM attack steals sensitive data from AMD, future Intel CPUs
• US, South Korea, Japan to step up actions on North Korea cyber threats
• Cybercriminals Escalate Microsoft Office Attacks By 53% in 2023
• Krasue RAT malware hides on Linux servers using embedded rootkits
• Fighting Ursa Aka APT28: Illuminating a Covert Campaign
• New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP
• “Sierra:21” vulnerabilities impact critical infrastructure routers
• New 5Ghoul attack impacts 5G phones with Qualcomm, MediaTek chips
• Hugging Face dodged a cyber-bullet with Lasso Security’s help
• Tipalti investigates claims of data stolen in ransomware attack
• Payments Giant Tipalti: No Ransomware Breach, No Threat to Roblox
• Attacks abuse Microsoft DHCP to spoof DNS records and steal secrets
• Schools in Maine, Indiana and Georgia contend ransomware attacks
• Hinsdale, NH schools struck by ransomware attack
• Municipalities Face a Constant Battle as Ransomware Snowballs
• Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware
• Microsoft Warns of COLDRIVER’s Evolving Evading and Credential-Stealing Tactics
• ALPHV ransomware site outage rumored to be caused by law enforcement
• Russia’s Fancy Bear launches mass credential collection campaigns
• Nissan is investigating cyberattack and potential data breach
• Henry Schein ransom saga now in third month, hackers show no mercy
• DePauw University warns of data breach as ransomware attacks on colleges surge
• Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks
• Russian pleads guilty to running crypto-exchange used by ransomware gangs
• UK and allies expose Russian FSB hacking group, sanction members
• Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks
• Cybersecurity Firm Hacks Itself, Finds DNS Flaw Leak AWS Credentials
• New proxy malware targets Mac users through pirated software
• New AeroBlade hackers target aerospace sector in the U.S.
• Third-party breaches shake the foundations of the energy sector
• USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data
• Does USPS send out text messages or is it a scam?
• New P2PInfect Botnet MIPS Variant Targeting Routers and IoT Devices
• Russian hackers exploiting Outlook bug to hijack Exchange accounts
• com users angry at firm’s response to hacks
• SQL Brute Force Leads to BlueSky Ransomware

Other News Events of Note and Interest

• ‘Return to Office’ declared dead
• US and EU infosec authorities pen intel-sharing pact
• DallE 3 Bing image creator tips and tricks
• Citrix pulls the plug on its User Group Community
• Windows DNS server best practices discussion on Reddit
• Messenger finally gets end-to-end encryption by default
• HP misreads room, awkwardly brags about its “less hated” printers
• Gmail wants to win the war on junk mail, adds AI spam detection
• Amazon hacked? Unexpected new addresses have users worried
• Meta Launches a Standalone AI Image Generator
• SessionProbe: Open-source multi-threaded pentesting tool
• FreeFileSync 13.1 review: Sync, mirror, and back up in real-time
• AI Can Recreate Images From Human Brain Waves With ‘Over 75% Accuracy’
• Carbon Black breaks from VMware, embarks on independent journey within Broadcom
• Amazon sues alleged scammers who stole millions by bribing and hacking their way to refunds for products they never returned
• PowerToys 0.76 is out with New File Explorer Add-ons, and modernizations
• You can now use your voice to dictate emails in the new Outlook for Windows and web apps
• Microsoft fixes false spam reports from popular encrypted email domain
• Microsoft: Outlook email sending issues for users with lots of folders
• Microsoft fixes Outlook Desktop crashes when sending emails
• Microsoft confirms Windows 11 installs HP Smart app randomly, Renames printers – no fix offered
• Messed up metadata could be to blame for Microsoft’s Windows printer woes
• Microsoft to offer consumers paid Windows 10 security updates for the first time
• Windows 10 KB5032278 update adds Copilot AI assistant, fixes 13 bugs
• Microsoft confirms new issues in Windows 11 23H2
• Windows Update accidentally renames all printers to HP M101-M106 on Windows 11, Windows 10
• Windows 11 23H2 upgrade causing performance loss and trusty Microsoft Defender may be why
• What’s the Difference Between Business and Consumer Laptops (And Which Should You Buy?)

Cyber Insurance News

• Cyber-Attacks More Likely Than Fire or Theft, Aviva Research Finds
• Cyber insurance won’t get your stolen data back
• Cyber needs to be a part of the standard risks an agent talks about
• One in five businesses have been victims of cyber attack in the last year