January 7, 2023

Hello all,
The first Red-N Weekly Security newsletter for 2023 is below the notable callouts from this week. There are two new topic sections within the body of the newsletter – Ransomware, and Cyber Insurance. There were significant items to report this week and it made sense to group those categories.

Notable Callouts:

• Fortinet has severe vulnerabilities that need to be dealt with ASAP, since malactors are already exploiting them.
• Synology made a VPN router, and it has a maximum severity vulnerability. If you have one and haven’t patched by now, you’re probably compromised.
• Qualcomm Chipsets and Lenovo BIOS received updates to fix multiple issues.
• Unbelievably, there are still over 60,000 Microsoft Exchange servers out there that are vulnerable to ProxyNotShell attacks.
• ManageEngine has a severe security flaw that needs to be addressed immediately if you’re using it.
• This week is Patch Tuesday. Windows 7 (Extended Support Customers) and Windows 8.1 will receive their last updates. It is time to isolate them on your networks or replace them.
• In a poignant statement, Jen Easterly, CISA Director said, “The tech ecosystem has become really unsafe.” In a related item, the new $1.7 Trillion Government spending bill that was just approved has numerous items to address cyber issues, including the coming storm of Cyber Insurance costs and hurdles.
• Ransomware group Lockbit apologized to SickKids Hospital for one of their affiliates encrypting them and gave them a free decryptor.

Being on the internet is like visiting Jurassic Park. There are amazing things to see, souvenirs to purchase, and fun rides. But there’s always a raptor or T-Rex somewhere in the shadows. Stay aware, don’t let leave your protective bubble, and ensure that the 10,000 volt fence is up and running at all times!

Visc. Zebullon Wamboldt Pike

Headline NEWS

• Fortinet and Zoho Urge Customers to Patch Enterprise Software Vulnerabilities
• Synology fixes maximum severity vulnerability in VPN routers
• Qualcomm Chipsets and Lenovo BIOS Get Security Updates to Fix Multiple Flaws
• Over 60,000 Exchange servers still vulnerable to ProxyNotShell attacks
• Windows 7 and Windows 8 will stop getting critical security updates this week
• Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More
• ManageEngine security advisory—Important security fix released for ManageEngine Password Manager Pro
• US cybersecurity director: The tech ecosystem has ‘become really unsafe’
• Cyber highlights in the $1.7 trillion government spending bill

Other News Events of Note and Interest

• Ransomware gang apologizes, gives SickKids hospital free decryptor
• CISA’s Jen Easterly wants to protect US hospitals following spate of ransomware attacks
• Ransomware impacts over 200 Govt, Edu, Healthcare orgs in 2022
• Ransomware gang cloned victim’s website to leak stolen data
• Rackspace identifies hacking group responsible for early December ransomware attack
• The Guardian newspaper offices close after ransomware attack
• Massachusetts, Bristol Community College’s computer systems hacked in ransomware attack
• Hackers claim ransomware attack on Los Angeles housing authority
• NJ. hospital diverting patients days after cybersecurity issue
• Rail giant Wabtec discloses data breach after Lockbit ransomware attack
• Bilirakis Gets RANSOMWARE Act, Proposal Protecting Consumers Online Purchases Across Finish Line
• Massachusetts, Swansea schools shut down due to ransomware attack
• Newly Found CatB Ransomware Uses DLL Hijacking to Evade Detection
• Bitdefender releases free MegaCortex ransomware decryptor
• Warning over ransomware attacks spreading via Fortinet kit

Other News Events of Note and Interest

• Outrageous Stories From Three Cyber Incident Responders
• The Block: Bitcoin developer claims loss of $3.3 million after PGP exploit
• Hacking Competition Reveals 63 Zero-Day Vulnerabilities
• BlueNoroff renewed attacks: APT actor disguised as VC funds adopts new malware techniques
• India set an ‘incredibly important precedent’ by banning TikTok, FCC Commissioner says
• Cyber security professionals share their biggest lessons of 2022
• Arlo launches new end-of-life policy for cameras
• Bitcoin core developer claims to have lost 200+ BTC in hack
• Hackers Using Stolen Bank Information to Trick Victims into Downloading BitRAT Malware
• Encryption Faces an Existential Threat in Europe
• Can these researchers help defend satellite systems targeted by hackers?
• India Government’s 2-factor authentication system ‘Kavach’ targeted in cyber attack
• OpenAI’s ChatGPT previews how AI can help hackers breach more networks
• Data of over 200 million Deezer users stolen, leaks on hacking forum
• Black Hat Flashback: The Day That Dan Kaminsky Saved the Internet
• 2023 could be the year of public cloud repatriation, cost and complexity are driving factors
• Five Guys Data Breach Puts HR Data Under a Heat Lamp
• Pupy RAT hiding under WerFault’s cover
• New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner
• Slack’s private GitHub code repositories stolen over holidays
• Over 30 WordPress Plugins and Themes Can be Abused by New Linux Malware
• Hundreds of WordPress sites infected by recently discovered backdoor
• LastPass hit with class-action lawsuit over hack | Fox Business
• Chinese Researchers Claim They Cracked Encryption with Quantum Computers
• Microsoft shares temporary fix for ODBC database connection issues
• Flipper Zero Phishing Attacks Eye Infosec Community
• Bluebottle hackers used signed Windows driver in attacks on banks
• PurpleUrchin Bypasses CAPTCHA and Steals Cloud Platform Resources
• Unveiling of a large resilient infrastructure distributing information stealers
• SpyNote: Spyware with RAT capabilities targeting Financial Institutions
• Windows 11 bug is randomly freezing PCs with AMD CPUs
• Phishing attacks are increasing and getting more sophisticated
• Windows 11 22H2 has introduced an irritating focus bug in File Explorer
• Another Country Is Making USB-C Mandatory on Phones
• The Block: Compass Mining wins $1.5 million in court ruling against hosting provider

Cyber Insurance News

• Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe
• New Biden Cybersecurity Plan Will Push Regulations, Address 3rd Party Liability
• Keeping the Lights On: Feds Try to Get Ahead of Threats to the Grid as Cyber Insurance Premiums Jump
• How Do Hackers Determine the Ransoms They Demand? Check Out This Warning
• Loss-free cyber reinsurance rates up 20%
• Should the government contribute to the costs of cyber insurance? Experts are conflicted

To see the newsletter in PDF format, click here