February 10, 2024

Hello all,

Ivanti is still in the news, a 5th major VPN vulnerability was disclosed this week. I’m not a software writer, but to me it appears that there are some underlying fundamental flaws that may be fueling these discoveries. Hopefully, for Ivanti’s sake, they get this figured out before clients move elsewhere. As most IT folk know, Patch Tuesday is coming this week. If the rumblings come to fruition, it should prove to be a big one. Read on for news about Deep-fakes, vendor vulnerabilities, and incredible findings, It’s an adventure!

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

• Canon is someone we don’t often hear from. This week we learned that they’ve released patches for 7 critical vulnerabilities in a number of their small office printers that could result in Remote Code Execution (RCE). Any device with firmware versions 03.07 and below are potentially at risk. Since most printers are not directly internet connected, this is not critical, but should be addressed soon. If yours are on the internet, patch now!
• Cisco has identified and issued patches for their Express collaboration gateways that could be exploited via cross-site request forgery. Successful attackers would inherit permissions of the user they targeted. Update to a patched version if you use it.
• Deepfake descended down to a new level this past week. A Hong Kong company was bilked out of $25 million via a video conference call. Everyone of the numerous employees on the video call was fake, except for the victim, who was convinced by the fake Chief Financial Officer to transfer funds. The victim is quoted as saying, ‘Everyone looked real’. Start investigating strategies now to address this growing threat. Our workforces are distributed, you need to have foolproof verification available so that you don’t fall into the abyss of the 7th and 8th level of deepfake hell like this sad case.
• Fortinet made the news a few times this week. The first time was because they issued alerts for critical vulnerabilities, and then said that they’d made a mistake, that they were duplicates, and then retracted that saying that the alerts were for new vulnerabilities in the same products and items that had been patched in October. If you use FortiSIEM, patch it. If you use FortiOS VPN, patch it as it has been shown to already be under active exploitation by Chinese scumbags known as Volt Typhoon. Other reports regarding the charged storm bad guys revealed that many admins have not patched older Fortinet vulnerabilities (that have been available for quite a while) and as a result are compromised, giving the dirt bags a persistent foothold in those neglected networks.
• Ivanti was mentioned just a moment ago, but if you are using it, and have already followed their guidance to wipe and reload it due to earlier flaws. You should, according to Ivanti, only need to apply this new authentication bypass patch. I wonder if Ivanti is starting to regret their 2020 purchase of Pulse Secure?
• QNAP was missing being in the headlines, so they have published some high-severity bug fixes for several components. Thankfully, it appears that most require authenticated user accounts to exploit and require presence on the local network. Nevertheless, it would be prudent to plan a time when you can plug these potential holes.
• Ransomware makes $1 billion in 2023. I felt this was significant enough to warrant a mention in the headline news. That is higher than the gross national product of nearly a dozen nations!

In Ransomware, Malware, and Vulnerabilities News:

• AI voice clones can hijack legitimate calls. This was a novel technique to me. The premise is that the thief is bridged into a call. And when financial information is being discussed, the attacker intercepts that stream from the legitimate CFO, or similar, and inserts their own AI person into the call (muting the real person). In doing so, they direct funds to their own accounts. This is getting scary. I’m thinking it might be safer to send Uncle Billy to the bank with the cash wrapped in a newspaper.
• Linux Distros Hit by RCE, maybe. Not everyone agrees with the assessment of the National Vulnerability Database about the severity. And researchers say that it requires a good deal of complexity to execute. In either event, fixes are being readied. Check your Linux variant and patch when you’re able.
• 3 million electric toothbrushes were reported to have been used as part of a DDoS attack. It made for a great headline, but the story was shown to be false. But, while your toothbrush may not be part of a global conspiracy to take over the world, your unpatched IOT devices may be. Patch them if you are able or replace them if you can’t. Please?

In Other News Events of Note and Interest:

• Not so cool tool. Last week I reported on a tool from Microsoft named PC Manager. This week, I read that it has some suspicious things that it is doing in the background, such as communicating with Chinese companies!
• Uncle Sam wants full access to its suppliers’ IT systems. This is apparently a new requirement of US government IT contractors and suppliers as part of the Federal Acquisition Regulation (FAR) that is under draft review. There are additional reporting requirements that would prove difficult and costly for both providers and CISA.

In Cyber Insurance News:

• Cyber Insurance Market Growing Dramatically. It is predicted that by 2025 worldwide cyber insurance premiums could be $23 billion.

AI, Deepfake, voice cloning, and more… It is going to be an exciting year as every LLM and AI vendor out there is madly rushing ahead, arms flailing like windmills as they grasp for cash that they see blowing in the winds of change and opportunity. We’re witnessing the perfecting of prompt-based video creation much sooner than I would have expected it to occur, and just in time for the United States’ election cycle. I pity the digitally uninformed and uneducated. Actually, I pity us all. Where once we could rely on our sense of sight and sound, this year will likely mark the end of that being something we can trust unless what we are observing or listening to is not presented or enhanced in any way by digital technology. I predict a new mantra for a safer world, “Let’s meet in meat-space”.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Canon Patches 7 Critical Vulnerabilities in Small Office Printers
• Critical Cisco bug exposes Expressway gateways to CSRF attacks
• Deepfake scammer walks off with $25 million in first-of-its-kind AI heist
• Double trouble for Fortinet customers as pair of critical vulns found in FortiSIEM
• Fortinet: APTs Exploiting FortiOS Vulnerabilities in Critical Infrastructure Attacks
• New Fortinet RCE flaw in SSL VPN likely exploited in attacks
• Fortinet urges patching N-day bug amid ongoing nation-state exploitation
• Ivanti: Patch new Connect Secure auth bypass bug immediately
• QNAP Patches High-Severity Bugs in QTS, Qsync Central
• Ransomware hackers raked in $1 billion last year from victims

Ransomware, Malware, and Vulnerabilities News

• AI voice clones can now hijack legitimate calls to scam people
• AnyDesk says software ‘safe to use’ after cyberattack
• AnyDesk Shares More Information on Recent Hack
• The AnyDesk Breach: Overview and Recommendations
• FBI and CISA publish guide to Living off the Land techniques
• Canada declares Flipper Zero public enemy No. 1 in car-theft crackdown
• Samsung Magician Software updated after ‘high severity’ security vulnerability found
• Critical vulnerability affecting most Linux distros allows for bootkits
• Linux Distros Hit by RCE Vulnerability in Shim Bootloader
• US Credit Union Service Leaks Millions of Records and Passwords in Plain Text
• Phishing attack uses compromised SendGrid accounts to target additional users
• Breaking Bitlocker: Microsoft’s Windows disk encryption bypassed in just 43 seconds
• Joint Statement on Ivanti Connect Secure and Ivanti Policy Secure Vulnerabilities
• As if two Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3
• Ivanti Discloses Fifth Major VPN Vulnerability In A Month
• After FBI Takedown, KV-Botnet Operators Shift Tactics in Attempt to Bounce Back
• Lurie Children’s Hospital ‘cybersecurity matter’ under investigation
• LockBit Ransomware Group Demands $11 Million From Gov to Unlock Files
• China Caught Dropping RAT Designed for FortiGate Devices
• Fulton County Court System Still Hobbled by Cyberattack
• Ransomware victim numbers rose by 50% in 2023
• MFA isn’t always keeping businesses safe from cyberattack
• Akira, LockBit actively searching for vulnerable Cisco ASA devices
• As-a-Service tools empower criminals with limited tech skills
• Security flaw in a popular smart helmet allowed silent location tracking
• Hyundai Motor Europe hit by Black Basta ransomware attack
• US offers $10 million for tips on Hive ransomware leadership
• The ransomware business is booming, even as enforcers shut down some players
• New kids on the ransomware block in 2023: Akira and 8Base lead dozens of newbies
• New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group
• Funerals reportedly canceled due to ransomware attack on Austrian town
• Lagging Mastodon admins urged to patch critical account takeover flaw
• US announces visa ban on those linked to commercial spyware
• Google says spyware vendors behind most zero-days it discovers
• Chinese hackers spent 5 years in US infrastructure, ready to attack
• Volt Typhoon not the only Chinese crew lurking in US energy, critical networks
• Chinese hackers infect Dutch military network with malware
• JetBrains warns of new TeamCity auth bypass vulnerability
• Critical Remote Code Execution Vulnerability Patched in Android
• Government hackers targeted iPhone owners with zero-days, Google says
• Mini PCs sold on Amazon contained factory-installed spyware
• Two million affected as learning app suffers data leak
• Why you shouldn’t use an unsecured Wi-Fi network
• How security experts unravel ransomware
• Fake LastPass phishing app nabs a five-star rating on Apple’s App Store
• HPE investigates new breach after data for sale on hacking forum
• Thousands of Stolen AnyDesk Login Credentials Sold on Dark Web
• Cyber attack shuts down parts of Pennsylvania Courts’ website
• Philippines wards off cyber-attacks from China-based hackers
• OT Maintenance Is Primary Source of OT Security Incidents: Report
• Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data
• HopSkipDrive says personal data of 155,000 drivers stolen in data breach
• No, 3 million electric toothbrushes were not used in a DDoS attack

Other News Events of Note and Interest

• Microsoft’s app that promises Windows performance improvements has some shady stuff inside
• Cool Tool – Floorp 11.9.0, a privacy focused web browser
• Cool Tool – Winaero Tweaker 1.60.1
• Cool Tool – Flipping Out for the M1
• Cool Tool – Driver Genius 24.0.0.123
• Just 137 crypto miners use 2.3% of total U.S. power
• FCC declares AI-generated voices in robocalls are illegal
• Apple moves away from iTunes on PC with new Windows apps
• Google ‘cannot proceed with third-party cookie deprecation’
• Google’s Password Manager makes family sharing official
• Google updates Nearby Share to Quick Share on Windows
• You’re not imagining things – USB memory sticks are getting worse
• Licensing experts cautious on Oracle database deal in Azure
• China tells Ukraine to remove its firms from ‘sponsors of war’ list
• Apple Releases macOS Sonoma 14.3.1 With Fix for Text Overlapping Bug
• Uncle Sam wants full access to its suppliers IT systems — and unsurprisingly, they are not happy
• Proton launches open-source, end-to-end encrypted password manager for business
• Closure of Windows 10 upgrade path still catching users by surprise
• Microsoft: Outlook clients not syncing over Exchange ActiveSync
• Microsoft finally launches Universal Print support for MacOS in public preview
• Microsoft confirms name of the next major version of Windows, and it’s not Windows 12
• Microsoft’s new Outlook for Windows is adding support for chatting in a Teams meeting
• Microsoft fixes the jumping desktop icons bug in Windows 11, but not in Windows 10
• Windows 11 will soon be able to speak text using your voice
• Microsoft integrates Notepad with Copilot on Windows 11
• Microsoft unveils Face Check for secure identity verification
• Microsoft Outlook December updates trigger ICS security alerts
• Microsoft Windows free new Outlook: How to get started
• Microsoft is bringing the Linux sudo command to Windows Server
• Microsoft brings its cloudy virtual desktops on-prem to AzureStack HCI
• Half of polled infosec pros say their degree was less than useful for real-world work
• AMD pulls a villain as it quietly launches 8-core Ryzen 5700 that’s worse than 6-core 5600
• AMD fixes Windows 11 Modern Standby Ryzen wake issue with latest chipset driver
• Mozilla Monitor’s new service removes your personal info from data broker sites automatically
• Cisco Adds New Security and AI Capabilities in Next Step Toward Cisco Networking Cloud Vision
• The Arc browser is getting AI-powered Live Folders and Instant Links

Cyber Insurance News

• Cyber Insurance Market Growing Dramatically, Triple-I Finds
• What’s happening to commercial insurance rates?