January 25, 2025

(Select here for a video version of my opening commentary)

Hello all,

After Microsoft’s record-breaking number of defect and flaw patches last week, I figured that this week we’d be safe from onslaught. Was I ever wrong! Oracle decided to grace us with their quarterly update consisting of over three hundred items that need fixing, some of which are critical. And SonicWall and Zyxel have both added some spice to the mix with their own alerts.

As usual, my commentary is followed by a plethora of links to other items that are worth skimming to see if they interest you or pertain to your particular environment or of those you support.

Headline NEWS:

• Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management – This defect is thankfully not internet facing, but all it takes is for a threat actor to have persistence in a network for you to have a really bad day. If you use Cisco Meeting Management, patch soon.
• Microsoft will automatically keep you signed in to your account starting in February – In a move that has most security professionals scratching their heads wondering how it could possibly be seen as a good idea, Microsoft has announced that in February accounts will no longer be logged out when you close your browser. I’m not sure if this is quite consistent with Microsoft’s promised new “Secure Future Initiative”. The only silver lining so far in this announcement is that it doesn’t appear to be for business or enterprise accounts – yet.
• Oracle Patches 200 Vulnerabilities With January 2025 Critical Patch Update – this massive flaw, defect, and vulnerability patch release addresses 220 CVEs in 27 different product families. At least 30 of these defects are rated critical, so prioritize accordingly. If you use anything by Oracle, make sure that you quickly check if your product has updates that it needs to have applied.
• SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation – their SMA1000 VPN device has a critical Remote Code Execution flaw that is already under active exploitation. There have been a lot of vulnerability reveals for VPNs lately which threat actors have been quick to exploit. So don’t waste any time patching this defect.
• Zyxel warns of bad signature update causing firewall boot loops – If you have one of the affected devices, you’re having a bad day. The fix requires plugging in the RS232 console cable into the USG FLEX or ATP Series firewalls to be able to load a stable firmware version.

In Ransomware, Malware, and Vulnerabilities News:

• Hacker infects 18,000 “script kiddies” with fake malware builder – in a poetic turn, wanna-be hackers aka script-kiddies who thought they were getting free malware tools to attack others, were themselves infected via a trojanized version of the XWorm Remote Access Trojan builder. However, instead of being a tool to bundle and use the XWorm RAT, this weaponized version infected the victim machine with the rodent. Apparently you can’t trust a free tool made available by criminals, who knew?
• Conduent confirms cybersecurity incident behind recent outage – in a story that is still unfolding, the massive government contractor and business services company revealed that they had indeed experienced a “cyber security incident”. Conduent services half of the Fortune 100; companies such as automakers, banks, and medical related fields, along with more than 600 government entities in 46 US states. Speculation is that it is another ransomware incident like they had in 2020, but we have no confirmation of that yet.

In Other News Events of Note and Interest:

• First-ever data center on the Moon set to launch next month – via a SpaceX Falcon 9 rocket. Lonestar Data Holdings plans to land the “Freedom Data Center” to take advantage of unique benefits of the moon’s environment, such as unmatched physical security, and natural cooling. Utilizing solar power, it will of necessity be entirely self-contained with multiple levels of redundancy since a service call might be a bit difficult to make.

Musings:

The story of the Trojan Horse, clever deception by Greeks to sneak their soldiers past the defenses and into the city of Troy, may or may not be true. But it is from this legend that we get our modern term “trojan” as it references something malicious that was allowed in under the pretense of being something good. I’m seeing increasing stories of modern Trojan Horses in the form of malicious browser plugins, weaponized free hacking tools and cracked legitimate software that attack those using them, fake Reddit websites, and helpful pop-ups on your screen. You would be wise to heed the words of Troy’s priest, Laocoon, “Beware of geeks bearing gifts”. Or words something to that effect.

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management
• Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management
• Microsoft will automatically keep you signed in to your account starting in February
• Oracle January 2025 Critical Patch Update Addresses 186 CVEs
• Oracle Patches 200 Vulnerabilities With January 2025 CPU
• SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation
• SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks
• Zyxel warns of bad signature update causing firewall boot loops 

Ransomware, Malware, and Vulnerabilities News

• CISA, FBI Update Software Security Recommendations
• FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know
• Hackers Apparently Stole the FBI’s Call Logs With Confidential Informants
• CISA Warns of Old jQuery Vulnerability Linked to Chinese APT
• Botnet Unleashes Record-Breaking 5.6Tbps DDoS Attack
• The Internet is (once again) awash with IoT botnets delivering record DDoSes
• RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations
• IPany VPN breached in supply-chain attack to push custom malware
• OpenVPN Easy-RSA Vulnerability Enables Bruteforce of Private CA Key
• Stealthy ‘Magic Packet’ malware targets Juniper VPN gateways
• Someone is slipping a hidden backdoor into Juniper routers across the globe, activated by a magic packet
• FortiGate config leaks: Victims’ email addresses published online
• Warning to FortiGate admins: You need to run a compromise assessment now
• Yubico 2FA Bypass Vulnerability Advisory for Linux & macOS
• PayPal fined by New York for cybersecurity failures
• Data breach hitting PowerSchool looks very, very bad
• Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day
• 7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now
• SimpleHelp 5.5.7 and earlier has severe vulnerabilities
• Details Disclosed for Mercedes-Benz Infotainment Vulnerabilities
• Microsoft Configuration Manager Vulnerability Allows Remote Code Execution
• New UEFI Secure Boot flaw exposes systems to bootkits
• Windows 11 BitLocker-Encrypted Files Accessed Without Disassembling Laptops
• Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs
• Zero-Day Vulnerability in Windows Exploited: CVE-2024-49138 PoC Code Released
• Windows File Explorer Elevation Of Privilege Vulnerability (CVE-2024-38100) Exploited
• Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls
• Nvidia’s mid-January GPU driver update addresses several vulnerabilities and exploits
• How cyberattacks on grocery stores could threaten food security
• Critical infrastructure in crosshairs as ransomware attacks soar
• A blueprint for fighting ransomware in 2025
• Ransomware attacks peaked in December
• Ransomware gangs pose as IT support in Microsoft Teams phishing attacks
• New Ransomware Attacking VMware ESXi Hosts Via SSH Tunneling to Evade Detection
• Newly emergent Nnice ransomware examined
• HellCat and Morpheus | Two Brands, One Payload as Ransomware Affiliates Drop Identical Code
• Hacker infects 18,000 “script kiddies” with fake malware builder
• Conduent confirms cybersecurity incident behind recent outage
• Cisco warns of denial of service flaw with PoC exploit code
• Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025
• Zero Day Initiative — Pwn2Own Automotive 2025 – Day Two Results
• Subaru security vulnerability allowed millions of cars to be tracked, unlocked, and started
• Supply chain attack strikes array of Chrome Extensions
• Hundreds of fake Reddit sites push Lumma Stealer
• Homebrew macOS Users Targeted With Information Stealer Malware
• Telegram captcha tricks you into running malicious PowerShell scripts
• Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platforms
• Cybersecurity experts sound the alarm about TikTok alternatives
• TikTok, AliExpress, SHEIN & Co surrender Europeans’ data to authoritarian China
• US indicts five individuals in crackdown on North Korea’s illicit IT workforce
• HPE investigates breach as hacker claims to steal source code
• PowerSchool hacker claims they stole data of 62 million students
• Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
• MasterCard DNS Error Went Unnoticed for Years
• QNAP fixes six Rsync vulnerabilities in NAS backup, recovery app
• Critical zero-days impact premium WordPress real estate plugins 

Other News Events of Note and Interest

• Cool Tool: 16 lesser-known uses of Command Prompt
• Cool Tool: Stratoshark: Wireshark for the cloud – now available!
• First-ever data center on the Moon set to launch next month
• Trump pardons Ross Ulbricht, creator of Silk Road
• China to host world’s first human-robot marathon as robotics drives national goals
• Deepseek: The Quiet Giant Leading China’s AI Race
• Raphael – Free Unlimited AI Image Generator powered by FLUX.1-Dev
• OpenAI’s agent tool may be nearing release
• OpenAI Operator agent can automate tasks such as vacation planning
• New AI framework turns any laptop into a supercomputer
• Cisco’s ‘Radical’ Approach to AI Security
• OpenAI teams up with SoftBank and Oracle on $500B data center project
• Scientists clock the speed at which the brain processes information
• Security Need to Start Saying ‘No’ Again
• Bitbucket services “hard down” due to major worldwide outage
• Google begins requiring JavaScript for Google Search
• Google has just announced the ability to chain actions in Gemini and it could change the way we use AI for good
• Google is giving IT more control over your Chrome extensions
• New Android Identity Check locks settings outside trusted locations
• Why some companies are backing away from the public cloud
• Companies switching from VMWare should expect high-cost high-risk journey
• VMware users gripe over 3-year commitment to renew licenses
• Avataar releases new tool to create AI-generated videos for products
• Wine 10.0 uncorks smoother support for running Windows apps on Linux
• Microsoft Edge’s Bing now hides Google Chrome download link on Windows 11
• Microsoft just renamed Office on everyone’s PCs, and the new name isn’t great
• Copilot AI comes to Microsoft 365 plans: Everything you need to know
• Microsoft shares latest Windows 10/11 DC hardening update for 2025
• Microsoft: Exchange 2016 and 2019 reach end of support in October
• Microsoft shares temp fix for Outlook crashing when writing emails
• Microsoft has fixed an incredibly annoying Outlook crash issue
• Microsoft will retroactively downgrade this part of Windows 10 next month
• Microsoft fixes Windows Server 2022 bug breaking device boot
• Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch
• Microsoft releases KB5050575 OOBE (initial setup) update for Windows 11 24H2, Server 2025
• Microsoft released Windows KB5050411 update to fix KB5048239 that won’t stop installing
• Microsoft is changing the way logins work: here’s what that means for you
• Microsoft Word no longer features a thesaurus
• Microsoft acknowledges a bug in the latest Windows 10 updates, says not to worry about it
• Microsoft to deprecate WSUS driver synchronization in 90 days