July 1, 2023

Hello all,

The Red-N Weekly Cyber Security News newsletter is below the Notable Callouts as usual and can be found online as well at https://red-n-security.com.

Notable Callouts:

• ArcServe UDP Backup has an RCE bug that requires patching. If you have it patch it.
• CISA has several news items this week peppered about the red-n-security newsletter. But our headlining item is that they have new security leadership for the upcoming 2024 elections. And for those wondering, yes, Jen Easterly is still leading CISA.
• Ethernet just turned 50 years old. Yep, the good ole network that runs much of the world. The article from The Register gives a rather nice concise jaunt down memory lane.
• Google Chrome patched yet again. So, update ASAP to avoid falling victim.
• A news item that I missed when it happened crossed my radar this week. Gordon Moore, author of Moore’s Law, passed away recently. The linked article from nature.com is a good read and tribute to a brilliant man.
• Microsoft is warning about widescale credential stealing by Russian hackers. The bad guys are continually upping their game. Awareness on the part of the defenders is the first step in combatting this scum.
• Speaking of scum, human traffickers dealing in cybercrime were recently raided in the Philippines by the police. 2,700 slaves from 18 different countries were rescued from dormitories and boiler room operations for nefarious activity.
• Airline Pilots from American Airlines and Southwest recently had their personal data compromised. Several other articles in this week’s news talk about the use of AI to create convincing false personas for the purpose of theft, extortion, and more. Not good.
• SAP has patches for 4 bugs. Patch now if you use it.
• Social Login, a plugin for WordPress, has a critical security flaw. Patch immediately or shut down the plugin until you’re able to patch. Speaking of WordPress, if you’re using it, especially if you are doing so commercially, install and subscribe to something like WordFence. (No, I don’t make anything off of the recommendation.)

• In Ransomware, Malware, and Vulnerabilities News, the top item talks about how Cyberattacks on hospitals should be considered a regional disaster. The article makes a compelling argument. One more item is a ‘What were you thinking?!!’, moment. A school, which I shall not shame here, sent an email to every student telling them their passwords had been reset to ‘Ch@ngeme!’. Yep, every student. If you were the first to hit someone’s account, you could log in as them and read everything they had. This major flub was quickly retracted, but not before the damage had been done. Wow.
• In Other News Events of Note and Interest, there is a lengthy, but worth it, article from vice.com about 40-year-old (brand new in box) forgotten computers, 2,200 of them, suddenly turning up for sale online, and the obscure network they were designed to run on.
• In Cyber Insurance News, an article on how insurers are now starting to utilize AI for underwriting and due diligence.

Knowledge is freely and readily available and growing at an exponential rate. However, as we’ve all experienced, I’m sure, there are plenty of knowledgeable idiots out there. Unless knowledge is properly applied, it is at best useless, and at worst dangerous. Knowledge properly applied and governed by a self-respecting individual is known as Wisdom.

May you handle your world and those in it with wisdom this week.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• ArcServe Remote Code Execution in UDP Backup
• CISA shakes up election security leadership ahead of 2024 elections
• Want to feel old? Ethernet just celebrated its 50th birthday
• Google Chrome 114 Update Patches High-Severity Vulnerabilities
• Gordon Moore (1929–2023)
• Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers
• Philippine police raid alleged cybercrime buildings and rescue 2,700 workers from 18 countries
• Pilot data of American Airlines and Southwest stolen in data breach
• Researchers Detail 4 SAP Bugs, Including Flaw in ABAP Kernel
• Critical Security Flaw in Social Login Plugin for WordPress Exposes Users’ Accounts

Ransomware, Malware, and Vulnerabilities News

• Cyberattacks on hospitals ‘should be considered a regional disaster,’ researchers find
• Casualties keep growing in this month’s mass exploitation of MOVEit 0-day
• Fears grow of deepfake ID scams following Progress / MOVEit hack
• The Current State of Business Email Compromise Attacks
• Trojanized Super Mario game used to install Windows malware
• CISA warns of DoS and DDoS Attacks against Multiple Sectors
• Hackers Can Use DNS TXT Records to Execute the Malware
• Akira Ransomware Extends Reach to Linux Platform
• Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks
• NIST wants to help prevent a major cyberattack on the water sector
• Malvertising Used as Entry Vector for BlackCat Actors Also Leverage SpyBoy Terminator
• IBM QRadar SIEM Flaw Leads to XSS Attack
• MOVEit hackers may have found simpler business model beyond encrypting ransomware
• Little Rock School District tallies cyberattack’s cost
• Suncor Energy cyberattack impacts Petro-Canada gas stations
• North Korean Hacker Group Andariel Strikes with New EarlyRat Malware
• CISA warns Samsung handset bugs and D-Link router flaws are being exploited in wild
• Change the owner of computer objects in Active Directory
• It’s Open Season on Law Firms for Ransomware & Cyberattacks
• Proxyjacking: The Latest Cybercriminal Side Hustle
• Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution
• EncroChat Bust Leads to 6,558 Criminals’ Arrests and €900 Million Seizure
• Detecting Popular Cobalt Strike Malleable C2 Profile Techniques
• Newly Uncovered ThirdEye Windows-Based Malware Steals Sensitive Data
• 8Base Ransomware: A Heavy Hitting Player – VMware Security Blog
• US Patent and Trademark Office notifies filers of years-long data leak
• UPS working with experts after phishing attack on some shippers, customers
• High school changes every student’s password to ‘Ch@ngeme!’
• Global rise in DDoS attacks threatens digital infrastructure
• Submarine Cables Face Escalating Cybersecurity Threats, Report
• Torrent of image-based phishing emails are harder to detect and more convincing
• Hackers Claim $70 Million Ransomware Attack on TSMC, Hits Supplier Instead

Other News Events of Note and Interest

• 2,200 Forgotten Vintage Computers Are Being Liberated From a Barn in Massachusetts
• Brave aims to curb practice of websites that port scan visitors
• SolarWinds CISO and CFO are focus of SEC’s Orion investigation
• Microsoft’s light-based computer marks ‘the unravelling of Moore’s Law’
• How FIDO2 Powers Up Passkeys Across Devices
• Got a Microsoft Surface Pro? You probably have a firmware update
• How to Use Wget to Download Files at Windows’ Command Line
• Red Hat ends the RHEL clones’ free lunch
• Introducing Detection Surface, The Cybersecurity Defense That Parallels Attack Surface
• How to get started using Windows Terminal app on Windows 11
• Wintoys is a free app that lets you access tons of hidden features on your PC
• Study Reveals Average Person Has 100 Passwords
• Google Calendar: How to add your Outlook Calendar to GCal
• Remember that Windows 11 Start menu bug that had Microsoft stumped? It’s now fixed
• How AI is reshaping demand for IT skills and talent
• ChatGPT prompts: How to optimize for sales, marketing, writing and more
• Windows 11 Moment 3 is coming to all PCs next month, whether you like it or not
• OpenAI, Microsoft face class-action suit over internet data use for AI models
• Boot into the BIOS directly from Windows
• How to control Microsoft Defender Antivirus from PowerShell on Windows 11
• Microsoft postpones death date for personally licensed Teams Rooms hardware
• Microsoft Sysmon now detects when executables files are created
• Microsoft Details Requirements for Microsoft 365 Copilot
• Microsoft Edge users now have 5GB of free built-in VPN
• Microsoft fixes bug that breaks Windows Start Menu, UWP apps
• Microsoft releases free Windows 11 virtual machines with the Moment 3 update
• Microsoft: Patch Tuesday broke .NET on Windows 11/10, these OOB updates resolved the issues
• Microsoft is already offering a generative AI certification program
• NSA and CISA Best Practices to Secure Cloud Continuous Integration/Continuous Delivery Environments
• 8 ways to detect (and reject) terrible IT consulting advice
• Microsoft is killing off Windows 10-era’s Mail & Calendar apps on Windows 11
• New iVentoy allows installation of Windows, WinPE, Linux, and more, via network
• FYI: Tor Browser is very much still a thing and getting updates
• 5 free online cybersecurity courses you should check out
• What is Ethernet? Everything You Need to Know About Wired Networks
• You can now access ChatGPT from ancient PCs running Windows 3.1
• Galaxy Buds 2 Pro get another firmware update two weeks after the last
• Proton Pass end-to-end encrypted password manager is here and free for everyone
• BlackBerry reports surprise profit on cybersecurity strength

Cyber Insurance News

• UC Regents seeks millions in reimbursement from insurer over cyber breach
• Insurance companies using AI for underwriting and due diligence amid cyber threats
• How the new deepfake reality will impact cyber insurance
• Cyber Insurance Now Available To Consumers With Smart Devices on the Pepper IoT Platform