January 18, 2025

Hello all,

Last week I wrote about the unbelievable onslaught of CVEs that we must deal with. This week Microsoft hit us with the largest list of defect updates since 2017! Other vendors that are on the same patch cadence didn’t disappoint either, with both Adobe and SAP proffering fixes for defects. Additionally, there were some significant updates and warnings from Fortinet, Juniper, and Google.

The elephant in the room of teenagers and Zoomers is the TikTok US ban-hammer which hit as this was being published. Attempts to use VPNs to get around the blocks are mostly failing, indicating that ByteDance knows which usernames are from the United States. It makes you wonder how much more data they have behind the scenes as it relates to user profiles.

In a late breaking news addition, ByteDance has restored access to US based consumers, less than 24 hours after stopping it, after being assured by the incoming Trump administration that an executive order will be forthcoming to allow TikTok to spy again.

As usual, my commentary is followed by a plethora of links to other items that are worth skimming to see if they interest you or pertain to your particular environment or of those you support.

Headline NEWS:

• Adobe patched a large percentage of their product offerings this week. Several are rated as critical. Thankfully, none are known to be in active exploitation, yet.
• Fortinet has released updates for several flaws, one of which is a zero-day that has been actively exploited since at least November 2024. If you have FortiOS and FortiProxy in use, patch immediately and follow the vendor’s guidance.
• Juniper Networks hadn’t made the news in a few months, so they decided to join this week’s list with dozens of vulnerabilities and several high-severity defects being plugged in their Juno OS.
• Microsoft broke records this week with 161 defects and flaws receiving patches and updates. Depending on which researcher you follow, there are either three or eight zero-days in this mix. I don’t need to say it, but I will anyway, vet these and patch quickly!
• Rsync is an open-source file transfer and sync tool that is rather ubiquitous. Google and independent security researchers discovered six different defects that when chained can enable complete takeover. Shodan results revealed that there are over 600,000 servers on the internet that could be susceptible to being owned. If your system or software uses Rsync, check for patch updates, and implement mitigations in the mean while.
• SAP has patched several critical vulnerabilities in their NetWeaver and BusinessObjects Business Intelligence software. SAP strongly recommends that customers apply the latest updates.

In Ransomware, Malware, and Vulnerabilities News:

• Hackers are turning Amazon S3 bucket encryption against customers. This is an incredibly evil genius exploit in its simplicity and effectiveness. A threat actor gains privileged access to someone’s Amazon Simple Storage Service and changes the encryption keys to something that only the attacker possesses. Immediately, the legitimate owner of the data loses access to it since they don’t have the correct key. No time-consuming reconnaissance, no software encrypting for hours and hours. Change the key, and wham, done. To further pressure the victim company into paying, the dirt-bags start an automatic 7-day delete/purge of data. And if not paid, that data then goes poof. If you’re not backing your data up somewhere other than that same S3 bucket, it is game-over.

In Other News Events of Note and Interest:

• TikTok was briefly banned in the US this weekend. However, the incoming Trump administration has indicated that they may intervene to permit it to continue, so as of Sunday, ByteDance has restored access. Meanwhile, refugees from TikTok have been flocking like zombies to other Chinese apps such as RedNote (aka Xiaohongshu) and Lemon8, the latter also being owned by ByteDance and subject to being banned. For their part, the Chinese are considering “walling off” non-Chinese from RedNote to keep their citizens from being exposed to western ideas.

Musings:

The TikTok ByteDance situation is a stark reminder that security professionals have a sisyphean job as it relates to personal security of the general populous. Marketers have long known that if you offer trinkets, people will give up treasure in exchange. In this day and age, data is king, and kingdoms are not built on gold treasure anymore, but on how much you know and can use to your advantage as a result. When it comes to trading trinkets for treasure, marketplaces such as Alibaba, Amazon, Baidu, ByteDance, Oriental Trading Company, and Temu, have cheap Chinese trinkets aplenty.

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Adobe patches a large number of items
• Fortinet warns of auth bypass zero-day exploited to hijack firewalls
• Zero-Day Bug Fueling Fortinet Firewall Attacks
• Juniper Networks Fixes High-Severity Vulnerabilities in Junos OS
• Microsoft: Happy 2025. Here’s 161 Security Updates
• Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws
• 159-CVE January Patch Tuesday smashes single-month record
• Microsoft patches over 160 security flaws including 3 active zero days — update your PC right now
• Microsoft’s big Patch Tuesday fixes over twice as many security flaws as usual
• Over 660,000 Rsync servers exposed to code execution attacks
• SAP fixes critical vulnerabilities in NetWeaver application servers 

Ransomware, Malware, and Vulnerabilities News

• January Windows updates may fail if Citrix SRA is installed
• CISA Issues Cybersecurity Guidance for IT Sector
• CISA shares guidance for Microsoft expanded logging capabilities
• CISA, OMB, ONCD and Microsoft collaborate on new logging playbook for Federal agencies
• CISA orders agencies to patch BeyondTrust bug exploited in attacks
• US CISA adds Fortinet FortiOS to its Known Exploited Vulnerabilities catalog
• New Cybersecurity Executive Order: What It Means for Federal Agencies
• FBI wipes Chinese PlugX malware from over 4,000 US computers
• Governments call for spyware regulations in UN Security Council meeting
• Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
• Hackers use Google Search ads to steal Google Ads accounts
• Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool
• Millions of Accounts Vulnerable due to Google’s OAuth Flaw
• GoDaddy slapped with wet lettuce for years of lax security and ‘several major breaches’
• Hackers leak configs and VPN credentials for 15,000 FortiGate devices
• Phishing texts trick Apple iMessage users into disabling protection
• AI-generated phishing emails are getting very good at targeting executives
• New ‘Sneaky 2FA’ Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass
• TikTok preparing for U.S. shut-off on Sunday
• Microsoft: macOS bug lets hackers install malicious kernel drivers
• Microsoft fixes under-attack privilege-escalation holes in Hyper-V
• Dangerous Microsoft Outlook flaw could let hackers send out malware via email
• Hackers use FastHTTP in new high-speed Microsoft 365 password attacks
• Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer
• Major leak exposes 1.5B Weibo, Shanghai Communist Party, others’ records
• Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions
• Hackers Bypass Active Directory to Enable NTLMv1 Authentication
• Understanding and Responding to SaaS Vendor Cybersecurity Incidents
• Cyberattackers Hide Infostealers in YouTube Comments
• Apple Bug Allows Security Bypass Without Physical Access
• New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
• New UEFI Secure Boot flaw exposes systems to bootkits, patch now
• Git security vulnerabilities announced
• Popular online bill paying site leaks data of thousands of users
• Clop ransomware gang names dozens of victims hit by Cleo mass-hack, but several firms dispute breaches
• The State of Ransomware 2024
• A look ahead: Experts weigh in on 2025 cybersecurity trends
• BlackBerry Reports 600,000 Cyberattacks on Critical Infrastructure in Q3 2024
• MFA Failures – The Worst is Yet to Come
• UK plans to ban public sector organizations from paying ransomware hackers
• New Ransomware Group Uses AI to Develop Nefarious Tools
• FunkSec Ransomware Dominating Ransomware Attacks, Compromised 85 Victims in December
• Guidepoint Security’s Jason Baker on lessons learned from negotiations with ransomware groups
• Cyberattack disclosed by Mortgage Investors Group after Black Basta claims
• Zero-Day Vulnerability in PDF Files Leaking NTLM Data in Adobe & Foxit Reader
• PowerSchool data breach victims say hackers stole ‘all’ historical student and teacher data
• Social Engineering Statistics By Security Spending, Cost, Attacks, Causes and Best Practices
• A major data broker hack may have leaked precise location info for millions
• A breach of Gravy Analytics’ huge trove of location data threatens the privacy of millions
• Otelier data breach exposes info, hotel reservations of millions
• Hackers are turning Amazon S3 bucket encryption against customers in new ransomware campaign
• University of Oklahoma isolates systems after ‘unusual activity’ on IT network
• Portland-area school employees impacted by data breach
• West Haven, CT temporarily shuts down IT systems after breach
• Bourne, MA Cyberattack: Here’s What We Know
• Possible internet security breach causes Aurora, CO Public Schools outage, closures possible
• Aurora, CO teachers speak about security concerns connected to ongoing internet, phone outage
• Scholastic Hack: Furry Finds 8 Million People Exposed
• ASML-backed university suffers cyberattack — institution is the pipeline for ASML’s talent needs
• Drug addiction treatment company fesses up to data theft
• MikroTik botnet uses misconfigured SPF DNS records to spread malware
• Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting
• Joint Statement on Cryptocurrency Thefts by the Democratic People’s Republic of Korea and Public-Private Collaboration
• Strengthening America’s Resilience Against the PRC Cyber Threats
• Chinese university applied for undersea cable cutter patent
• China denounces U.S. cyber espionage practices
• Chinese telecommunications company admits in Chicago court to stealing trade secrets from Illinois-based company
• China’s Salt Typhoon spies spotted on US govt networks before telcos, CISA boss says
• Chinese Hackers Accessed Yellen’s Computer in US Treasury Breach
• FCC to telcos: By law you must secure your networks from foreign spies
• WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables
• OneBlood confirms personal data stolen in July ransomware attack
• Veeam Azure Backup Solution Vulnerability Allows Attackers To Enumerate Network 

Other News Events of Note and Interest

• Cool Tool: CISA Tabletop Exercise Packages
• Cool Tool: OlderGeeks.com freeware catalog
• Linux Mint 22.1 “Xia” Is Now Available for Download, Here’s What’s New
• Synology intros ActiveProtect backup appliance line
• Let’s Encrypt Announces 6-day Validity Certificates
• US Supreme Court upholds TikTok ban, leaving app’s fate to Trump
• As TikTok faces U.S. ban, China’s RedNote tops Apple app store
• ‘Goodbye to my Chinese spy’ might be the last great TikTok trend
• RedNote may wall off “TikTok refugees” to prevent US influence on Chinese users
• Cybersecurity experts sound the alarm about TikTok alternatives
• Grok Is Now Available Without an X Account
• Google raises the price of Workspace plans, includes its AI features for free
• Mozilla fixes Firefox hanging on YouTube and Google Docs, startup crashes, and more
• PCI DSS 4.0: Balancing Compliance With Data Security
• Trump and others want to ramp up cyber offense
• GitHub Copilot · Your AI pair programmer
• ChargePoint develops uncuttable charging cables to stop thieves
• Sam Altman predicts artificial superintelligence (AGI) will happen this year
• Azure and M365 MFA outage leaves logins lost
• How to Swap Between Outlook (Classic) and New Outlook
• Microsoft eggheads say AI can never be made secure – after testing Redmond’s own products
• Microsoft bundles Office AI features into Microsoft 365 and raises prices
• Home Microsoft 365 plans use Copilot AI features as pretext for a price hike
• Microsoft won’t support Office apps on Windows 10 after October 14th
• Microsoft just renamed Office on everyone’s PCs, and the new name isn’t great
• Microsoft shares latest Windows 10/11 DC hardening update for 2025
• Windows 10 PCs have been stuck in an update loop for days
• Windows 10 KB5049981 update released with new BYOVD blocklist
• Microsoft starts force upgrading Windows 11 22H2, 23H3 devices
• Windows BitLocker bug triggers warnings on devices with TPMs
• Confirmed BitLocker bug prevents changing settings on Windows 11
• Update: Windows 11’s free upgrade path isn’t going away
• WordPress is in trouble