February 15, 2025

(Select here for a video version of my introductory comments from below)

Hello all,

Patch Tuesday came in with only a small bang this month with 4 zero days, two of which are under active exploitation, and 55 flaws. A good number of other vendors also released fixes for defects in their products, so be sure to check for updates.

As usual, the RedDotSecurity.news website contains this commentary and a plethora of links to other items that are not in this email and that are worth skimming to see if they interest you or pertain to your particular environment or of those you support. There is a lot more than just what is in this email.

Headline NEWS:

• Apple tops the list with an emergency update to all current iOS and iPadOS devices to address a USB Restricted Mode exploit.
• Fortinet was out of the news for longer than usual. Alas, they are back with yet more holes to patch in their firewalls against Denial of Service (DoS) and Remote Code Execution (RCE) attacks.
• GFI KerioControl Firewalls now have a patch available, but there are still at least 12,000 of them out there that haven’t plugged their holes, leaving them subject to Cross Site Scripting attacks (XSS) and RCE.
• Ivanti is in the news again. They’ve released more patches for their Connect Secure and Policy Secure (or is that insecure) products. If you use these, patch quickly. Threat actors have been very quick to jump on Ivanti defects.
• Microsoft, as mentioned earlier, has published their February 2024 Patch Tuesday list of defects, flaws, and updates. There are some rather nasty bugs hiding in there, such as two actively exploited zero-days, that should be prioritized.
• Zimbra makes a rather capable mail and collaboration platform. However, it too has some rather serious defects that require immediate patching.

In Ransomware, Malware, and Vulnerabilities News:

• UK’s secret Apple iCloud backdoor order is not so secret now. In what security practitioners are rightly calling government overreach, the UK wants to be able to decrypt messages and items stored on Apple devices and iCloud. For their part, Apple has said that if this order comes to pass, rather than weaken security, they will stop offering services to UK residents that would fall under this regulation. This will be an important story to continue to track.

In Other News Events of Note and Interest:

• A Year of Telepathy is a blog article by Neuralink. I am amazed by the rapid progress of the integration of technology into the inner workings of the human mind. The future is looking much brighter for those with ambulatory disabilities.

Musings:

Despite the preponderance of the news each week reporting on some sort of attack, breach, defect, flaw, or disclosure of wrongdoing, I have great hope for the future. There is always a smattering of good news, exciting developments, and life-altering ideas. We are witnessing a revolution in how we interact with technology, how technology responds and even anticipates our needs, and in assistive technology making punctuated leaps in evolution. We might, we just might be just on the cusp of a golden technological awakening.

But in the meanwhile, keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Apple Confirms USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack
• Apple emergency update for iOS and iPadOS released
• Fortinet warns of new zero-day exploited to hijack firewalls
• Researcher Details Fortinet FortiOS Vulnerabilities Allowing DoS & RCE Attacks
• Over 12,000 GFI KerioControl firewalls exposed to exploited RCE flaw
• Ivanti fixes three critical flaws in Connect Secure & Policy Secure
• Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws
• February Patch Tuesday: Act now on two actively exploited Windows Server vulnerabilities
• Windows Driver Zero-Day Vulnerability Allow Attackers To Gain System Access Remotely
• Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws
• Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities 

Ransomware, Malware, and Vulnerabilities News

• Huntress 2025 Cyber Threat Report: Proliferating RATs, Evolving Ransomware, and Other Findings
• Cybercrime: A Multifaceted National Security Threat | Google Cloud Blog
• Arizona laptop farmer pleads guilty for funneling $17M to Kim Jong Un
• Government confiscates $300K from malware fraud scheme in SC
• Police arrests 4 Phobos ransomware suspects, seizes 8Base sites
• ‘Operation Level-Up’: FBI Says Agency Initiative Has Helped 4,300 Victims Save $285,000,000 From Crypto Schemes
• High-Severity OpenSSL Vulnerability Found by Apple Allows MitM Attacks
• US sanctions LockBit ransomware’s bulletproof hosting provider
• Japan Goes on Offense With New ‘Active Cyber Defense’ Bill
• China’s Salt Typhoon hackers continue to breach telecom firms despite US sanctions
• US cyber vulnerabilities fuel N. Korea’s nuclear arsenal, but solutions are near: DARPA official
• North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack
• Russian Hackers Target Microsoft 365 Accounts with Device Code Attacks
• New York State Bans DeepSeek From Government Devices
• Did You Download This Steam Game? Sorry, It’s Windows Malware
• Cybersecurity at Indiana water treatment systems target of new bill
• Seven Years old Linux Kernel Flaw Let Attackers Execute Remote Code
• Intel CPU Microcode Updated For Five New Security Issues
• Palo Alto GlobalProtect Clientless VPN: Clientless VPN Misconfiguration Allows Cross-Site Attacks
• PAN-OS authentication bypass hole plugged, PoC is public
• GreyNoise Observes Active Exploitation of PAN-OS Authentication Bypass Vulnerability
• Most common four-digit PINs leaked on the dark web
• The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation
• A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks
• Crimelords and spies for rogue states are working together, says Google
• Massive IoT Data Breach Exposes 2.7 Billion Records
• Scammers clone Italian defence minister’s voice with AI in ransom scheme
• US news org still struggling to print papers a week after ‘cybersecurity event’
• Newspaper Giant Lee Enterprises Reels From Cyberattack
• Cisco Data Breach – Ransomware Group Allegedly Breached Internal Network
• Ransomware Payments Plunge 35% as More Victims Refuse to Pay
• RansomHub Becomes 2024’s Top Ransomware Group, Hitting 600+ Organizations Globally
• Ransomware attack shuts down Alabama city
• Sarcoma ransomware claims breach at giant PCB maker Unimicron
• Sault Tribe responds to ransomware attack impacting tribal computer systems
• UP tribe hit with ransomware attack, gaming at 5 casinos shut down
• Papua New Guinea’s Internal Revenue Commission hit in major cyber attack but public only told of ‘system outage’
• Coast Guard suffers data breach, impacting pay for 1,135 members
• Hospital Sisters Health System: August 2023 Data Breach Affected 883K Individuals
• 430,000 Impacted by Data Breaches at New York, Pennsylvania Healthcare Organizations
• Information of 120,000 Stolen in Ransomware Attack on Georgia Hospital
• How to communicate clearly (and legally) during a cybersecurity crisis
• Massive brute force attack uses 2.8 million IPs to target VPN devices
• Huge cyber attack under way – 2.8 million IPs being used to target VPN devices
• SonicWall firewall exploit lets hackers hijack VPN sessions, patch now
• Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores
• Hacker pleads guilty to SIM swap attack on US SEC X account
• University site cloned to evade ad detection distributes fake Cisco installer
• UK’s secret Apple iCloud backdoor order is a global emergency, say critics
• Worrying YouTube security flaw exposed billions of user emails 

Other News Events of Note and Interest

• Cool Tool: GIMP 3.0 RC3 Released For A Final Round Of Testing
• Cool Tool: Ventoy 1.1.01
• A Year of Telepathy | Blog | Neuralink
• TikTok is back on US app stores
• Alexa Is Set for Major AI Upgrade From Amazon. Here’s What to Know
• Apple’s new research robot takes a page from Pixar’s playbook
• Lawyers in Walmart lawsuit admit AI ‘hallucinated’ case citations
• Elon Musk-led group makes $97 billion bid for control of OpenAI
• OpenAI’s secret weapon against Nvidia dependence takes shape
• Third-Party Cyber Risk Management: Taking a Strategic Approach
• How long does data last on a flash drive?
• Used Seagate drives sold as new traced back to crypto mining farms
• NordVPN Backs Up Its No-Log Claims With a New Audit From Deloitte
• Google Chrome Will Soon Automatically Change Your Compromised Passwords for You
• The Best Hardware Security Keys of 2025
• Transparent aluminum: Tiny acid droplets turn metal into glass-like material
• Datacenter energy use to more than double by 2030 thanks to AI’s insatiable thirst
• Microsoft Study Finds AI Makes Human Cognition “Atrophied and Unprepared”
• Windows 11’s Microsoft Copilot now auto runs in the background, but it’s still web crap
• Microsoft Hit by French Antitrust Probe Over Rivals’ Bing Access
• Windows 10 KB5051974 update force installs new Microsoft Outlook app
• Windows 11 (KB5051987, KB5051989) February 2025 Patch Tuesday out
• Microsoft removes Windows 11 feature responsible for collecting and storing location data
• Microsoft fixes bug causing Windows Server 2025 boot errors
• What’s new in the Settings app on Windows 11 version 24H2
• What is Windows Protected Print Mode and How to Enable it?
• Microsoft Drops Support For Intel’s 10th Gen Processors On Windows 11 24H2