January 6, 2024

Hello all,

Happy first week of 2024! Thankfully, the digital apocalypse did not happen over the Christmas and New Years’ holiday period. Yet there are still plenty of news items relating to Cyber Security out there that were reported in the past seven days, some tragic, some comical, some that just make you go ‘huh?’. Read on faithful cyber warrior to see what they are.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

23andMe the DNA database company was hacked recently. In a mindboggling PR move they are blaming the victims for reusing passwords. A simple feature known as 2FA would have rendered that moot. I suspect that this will not go well for them.
Apache ERP specifically Apache OFBiz had a zero-day vulnerability that they remediated last week. Apparently the first patch wasn’t quite sufficient, and another had to be pushed out on its heels. If you use this check for updates.
$10.5 Trillion is the estimated global total that cyberattacks may soon cost. That is shocking!
Ivanti makers of Endpoint Management software (EPM) have released a patch that should be applied immediately by anyone using this software. The exploit, under the right conditions, is trivial.
Juniper patched multiple vulnerabilities in their Juniper Secure Analytics – JSA Series Virtual Appliance. The vulnerability has a CVVS score of 9.8 out of 10. Prioritize this patch.
Finland experienced “unprecedented Global Positioning System (GPS) interference” at the end of December. If this is some new sort of cyberattack, I’m going to be very unhappy. I may need to resort to a paper map again. And I pity the younger generation. I don’t think most know what a map even is.

In Ransomware, Malware, and Vulnerabilities News:

San Francisco-based Orrick, Herrington & Sutcliff an international law firm dealing with cyber incidents and victims was itself a victim. And it looks like the evil hacking scum got everything – passports, government ID numbers, medical info, addresses, birth dates… and the list goes on. Unbelievable. You’d think the legal eagles would have had the data encrypted, having seen this same thing happen to their hapless clients over the years.

In Other News Events of Note and Interest:

Open Source AI voice cloning is now here, for free. Reports are that it is pretty good, not perfect, but it works. I suspect that we’ll see this perfected by year’s end. You will soon not be able to trust what you hear. And video is not that far behind.
Kohler’s Newest Bidet Finally Brings Alexa and Google to Your Butt. Huh? I think I’ll just let the headline speak for itself here. No, I won’t. There are some places where AI does not belong. Ok, now I’ll let the headline sit on the throne.

In Cyber Insurance News:

Merck settles with insurers who denied $700 million NotPetya claim In 2017 the NotPetya cyberattack hit Merck (and many others). Insurance carriers tried to get out of paying by citing “acts of war” clauses. It looks like they settled this case just before the last appeal.

Digital technology is a wonderful thing that has truly enhanced our lives in myriad ways. However, it is vital to remember that we are in fact organic beings and require time among other organic beings and in nature for us to recharge. Make sure that you are taking care of your personal machine at least as much as you are your digital servants.

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Cyber Insurance News

Like this: