February 8, 2025

(For a video of the introduction below, click here)

Hello all,

Last week didn’t bring us too many surprises. DeepSeek’s AI model is proving to be effective, but their security and AI guardrails have been demonstrated to be practically nonexistent. Major AI vendors are rapidly incorporating DeepSeek’s efficiency into their own products, with a slew of updated releases. Nvidia, which took a massive beating in the stock market when the world noticed DeepSeek AI, has now seen a steady upward trend as investors realized that throwing Nvidia hardware at AI is still the current best performant AI solution. Lest AI dominate this publication, onward to the rest of the news.

Headline NEWS:

• Cisco released a patch for two serious defects in their Identity Services Engine (ISE). If you have this in use, don’t delay patching.
• Microsoft told the world this week that their Azure datacenters are overloaded, and they are working to add capacity as quickly as possible. Shortly afterward, competitor Amazon essentially said the same thing, with both vendors pointing to the meteoric rise of AI, and its compute and power demands prompting massive spending and expansion to accommodate the workloads. I suspect that this is why there have been increasing issues with the Microsoft 365 portals with both availability and performance.
• Microsoft Sysinternals, stalwart tools of the cyber industry have been shown to have zero-day vulnerabilities via their DLLs. Microsoft was made aware of the issue and has stated that users must practice “defense in depth” and this is not something they intend to fix.
• Netgear has released patches for critical defects in several of their Wi-Fi 6 access points. The vendor urges users to update to the latest firmware “as soon as possible”.
• Zyxel had reports of zero-day vulnerabilities last week. The vendor has said the affected routers are End-Of-Life (EOL), despite them not being listed as such on their website, and some of the affected routers are still being actively sold online. Based on these reports, if you use Zyxel routers, I highly suggest that you replace them with another brand.

In Ransomware, Malware, and Vulnerabilities News:

• 768 different CVE’s (Common Vulnerabilities and Exposures) listed items were exploited in 2024. That headline reinforces the drumbeat of most of us in the cyber security industry that continually harp on the need for effective patching. Yes, the fact that we are deluged with a massive tsunami of defects that flood over us every month is horrific. But we can’t stop patching, because when we do, our boat sinks. Prioritize the CVEs and ensure that you stay above the waterline.

In Other News Events of Note and Interest:

• Evilginx Pro is coming! At first glance it looks like this should be listed in malware and vulnerabilities. However, this is a red-teaming tool to identify vulnerabilities so that the blue-team can close them. It will be interesting to see what new tricks this has when it comes out later this month.

Musings:

I’ve worked in the tech industry for several decades and have personally been involved in many of evolutionary and revolutionary technological changes that have shaped our present digital landscape. I’ve shepherded projects to convert from tape distribution via postal mail, to networks via leased-line, dialup, frame-relay, ISDN, ADSL, Cable, Fiber, and wireless, from mainframes to mini-computers, to desktop computers, to personal computers, to hand-held computers, and now we wear them on our wrists connected via 5G networks. Absolutely amazing! But there is always one factor that remains constant – the person that interacts with and interfaces in some form or another with the technology. And that isn’t going to change any time soon. Sure, the way that we interface will evolve – it must. Eventually, we’ll tell an AI agent want we want, and it will interface with the other technology out there. But, for now, the problem still exists between the keyboard and the chair – and remains firmly planted there.

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc
• Microsoft races to bring more cloud capacity online
• Amazon, Echoing Microsoft, Says It Can’t Keep Up With AI Demand
• 0-Day Vulnerabilities in Microsoft Sysinternals Tools Allow DLL Injection Attacks on Windows
• Netgear warns users to patch critical WiFi router vulnerabilities
• Zyxel Telnet Vulnerabilities – Blog – VulnCheck
• Zyxel won’t patch newly exploited flaws in end-of-life routers
• Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers

Ransomware, Malware, and Vulnerabilities News

• 768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023
• 2024 Trends in Vulnerability Exploitation
• 2024 Breaks Records With Highest Ever Ransomware Attacks
• The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025
• Cybercriminals’ sneaky game plan to take advantage of Super Bowl fans
• CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25
• We’re In for a Rude Awakening on Cybersecurity
• US Cybersecurity Efforts for Spacecraft Are Up in the Air
• PoC Exploit Released for Active Directory Domain Services Privilege Escalation Vulnerability
• Apple ordered to open encrypted user accounts globally to UK spying
• Apple’s macOS Kernel Vulnerability Let Attackers Escalate Privileges – PoC Released
• AMD patches a critical microcode vulnerability affecting Zen 1 to Zen 4 EPYC CPUs
• NVIDIA GPU Display Driver Vulnerability Lets Attackers Steal Files Remotely – Update Now
• Dell Update Manager Plugin Vulnerability Let Hackers Access Sensitive Data
• Abandoned AWS S3 Buckets Can be Reused to Hijack Global Software Supply Chain
• Logsign Vulnerability Remote Attackers to Bypass Authentication
• Hackers Allegedly Selling Fortinet Exploit on Dark Web Forums
• Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers
• Chinese cyberspies use new SSH backdoor in network device hacks
• New Attack Technique to Bypassing EDR as Low Privileged Standard User
• Reverse Engineering: I Found a Game Exploit That Lets Hackers Take Over Your PC
• Hackers Abusing AWS & Microsoft Azure in Large-Scale To Launch Cyber Attacks
• Threefold Increase in Malware Targeting Credential Stores
• How hackers target your Active Directory with breached VPN passwords
• Sophisticated Phishing Attack Bypasses Microsoft ADFS MFA
• Phishing-as-a-Service increasingly accessible to cybercriminals
• Hackers spoof Microsoft ADFS login pages to steal credentials
• More destructive cyberattacks target financial institutions
• Weaponizing Windows Background Images to Gain Admin Access Using AnyDesk Vulnerability
• Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections
• Critical Microsoft Accounts Authentication Bypass Vulnerability Let Attackers Gain Remote Access
• Critical RCE bug in Microsoft Outlook now exploited in attacks
• Not-so-SimpleHelp exploits enabling deployment of Sliver backdoor
• XE Group: From Credit Card Skimming to Exploiting Zero-Days
• TD Bank Confirms Data Breach: Account Numbers and Sensitive Customer Info Exposed
• Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions
• Casio UK site compromised, equipped with web skimmer
• British engineering firm IMI discloses breach, shares no details
• OU isolates systems after ransomware group’s alleged breach
• Abyss Locker Ransomware Attacking critical network devices including ESXi servers
• Label maker Avery says ransomware investigation also found credit-card scraper
• Jefferson School District cancels Thursday classes after ransomware attack
• Laurens County School District 56 reports computer network security breach
• Thousands of McKinney, Texas, residents impacted by October data breach
• Coordinates of millions of smartphones feared stolen, sparking yet another lawsuit against data broker
• Map Reveals Cyberattack Risk for all 50 States
• Grubhub confirms data breach affecting customers and drivers
• Community Health Center Data Breach Affects 1M Patients
• Worried About Data Breaches? Here’s How to Freeze Your Credit Right Now
• Despite Catastrophic Hacks, Ransomware Payments Dropped Dramatically Last Year
• BadDNS: Open-source tool checks for subdomain takeovers
• DNSFilter’s Annual Security Report Reveals Worrisome Spike in Malicious DNS Requests
• Google fixes Android kernel zero-day exploited in attacks
• Millions at risk as malicious PDF files designed to steal your data are flooding SMS inboxes
• Sutton man turned to credit bureau for credit protection, it led to identity theft

Other News Events of Note and Interest

• Cool Tool: Evilginx Pro is coming later this month
• 10 forgotten Microsoft tools that still do the job better than modern apps
• National Managed Service Provider, Integris on Driving Success Through Company Culture
• Google Lifts a Ban on Using Its AI for Weapons and Surveillance
• Gmail for iPhone gets Material 3 redesign
• Amazon Plans to Unveil Next-Generation Alexa AI Later This Month
• CISA hires former DHS CIO into top cyber position
• Five Eyes shares fresh guidance for network edge device security
• Texas Governor Greg Abbott wants to establish state’s Cyber Command in San Antonio
• Trump Administration Faces Security Balancing Act in Borderless Cyber Landscape
• Meet the Hired Guns Who Make Sure School Cyberattacks Stay Hidden
• Stop saving your email login info in your password manager
• Elon Musk Has Done It : iPhones and Android Phones Can Now Make Calls Anywhere Using His Satellites
• NordVPN’s new feature gets around networks that block VPNs
• NVIDIA releases GeForce Hotfix 572.24 driver for Valorant and Windows 11 issues
• Nvidia 5090 launch just got worse with bricking GPUs, Windows support problems & PCIe issues
• OpenAI Releases AI Agent Aimed at Speeding Up Online Research
• OpenAI researcher calls it quits, says he’s ‘terrified’ of artificial intelligence
• Anthropic dares you to jailbreak its new AI model
• Anthropic offers $20,000 to whoever can jailbreak its new AI safety system
• Irony alert: Anthropic says applicants shouldn’t use LLMs
• DeepSeek and the Truth About Chinese Tech
• DeepSeek might not be as disruptive as claimed, firm reportedly has 50,000 Nvidia GPUs and spent $1.6 billion on buildouts
• China is quietly pushing ahead with massive 50,000Mbps broadband rollout
• Google Chrome’s Incognito mode is now more private in Windows 11 – and it’s all thanks to Microsoft
• Microsoft Cloud Hits Capacity Wall
• Why users still couldn’t care less about Windows 11
• Has the rush to upgrade to Windows 11 just begun? New stats show a marked uptick
• Microsoft shares updated Windows 10 paid extended support program details
• Copilot users will now access Think Deeper for free
• Copilot+ PCs? Customers just aren’t buying it – yet
• Microsoft silently erases tip for installing Windows 11 on older PCs
• Microsoft Paint gets Copilot button for generative AI features
• Microsoft shares new PowerShell script for updated Windows 11/10 boot media
• Microsoft finally allows customizing Windows 11 lock screen widgets, here is how to do that
• Microsoft is bringing major MIDI improvements to Windows 11
• Microsoft updates Windows Terminal with new multi-window support, console architecture, more
• Microsoft creates fake ‘How to uninstall Edge’ guide to throw shade at Chrome instead
• Microsoft Edge now has an AI-powered scareware blocker
• Microsoft has finally fixed Date & Time bug in Windows 11
• Microsoft shares workaround for Windows security update issues
• Windows 11 OOBE updates adjusted after widespread criticism