July 11, 2026

Header image for the Red Dot Weekly Cyber Security News https://reddotsecurity.news

Hello all,

This week was thankfully somewhat quiet, with the normal level of vulnerabilities. Next week is Patch Tuesday, so expect an incoming tsunami of things to prioritize. Now that’s not to say that this week didn’t have any notable items, there definitely were, such as our headline items from Palo Alto, Ubiquiti, Veeam, and Zimbra. And there are plenty other items that you should check out.

Headline NEWS:

  • Palo Alto Networks Patches 13 Vulnerabilities the worst of these can achieve a Denial of Service (DoS) and potentially arbitrary code execution. Prisma Access Agent has defects that make it susceptible to Man in the Middle (MitM) attacks via VPN traffic interception and DLP bypass. Additionally, there were over 500 defects patched in Palo Alto’s Prisma browser, which is based on Chromium. If you have Palo in your network, update soon.
  • Ubiquiti Inc. unleashed 25 Security Advisories, what most of us call patches, last week. They are for products such as UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UnifiOS. Some of these are critical, so don’t wait on updating.
  • Veeam has released an update for Veeam Backup & Replication. A defect has been identified in the Veeam Backup BinaryFormatter that can enable an authenticated domain user to execute code on backup servers. There is a mitigation available, and there is also a patch. The majority of Veeam defects found lately are not exploitable if vendor configuration guidance is followed and you don’t domain join your Veeam Backup & Recovery server, leaving it as a Workgroup server. Seems a lot easier to me, but maybe you like patching often.
  • Zimbra Collaboration Suite is a popular mail server that has two interfaces, a classic Ajax webmail one, and a modern web version. The Ajax one is faster and tends to be preferred. It is also preferred by threat actors that have discovered a Cross Site Scripting (XSS) flaw that enables a specially crafted email to execute a threat actor’s code when the email is opened. If your enterprise uses the Classic Web Client, the Ajax version, upgrade immediately. While not known to be currently exploited, it is only a matter of time now.

In Ransomware, Malware, and Vulnerabilities News:

  • Extortion crew hijacks Microsoft 365 accounts via fake passkey setup is an evil-genius method of gaining access to someone’s account. The user receives notification or a voice call informing them that they need to upgrade their security to use Passkeys. The threat actor then walks the use through a process that appears nearly identical to actually enrolling a passkey. However, it is actually a very clever Man-in-the-Middle (MitM) attack to steal a session token while the user is occupied with the things on screen. In reality they are not registering a Passkey, merely being tricked into giving up their current credential and session token. Remember, Microsoft will not call you – ever. If your own tech support calls out of the blue for something like this, hang up and call them on a number you know is correct to reach them.

In Other News Events of Note and Interest:

  • Microsoft GDID (Global Device Identifier). Contained in the notes of the FBI takedown of an evil dirtbag member of the Scattered Spider ransomware group, it was revealed that every Windows device that has a Microsoft account has a unique, unalterable GDID. This GDID is logged by all sorts of and telemetry on the internet and by various providers. Since we haven’t heard much about this before, I suspect it wasn’t widely known it existed. For anyone who is privacy focused, this should send a chill up your spine. According to reports, the only way to change the GDID is to do a fresh install of Windows. Otherwise, your activity is correlatable anywhere that your Windows machine’s GDID is visible. Note that if you log into your Microsoft account after a fresh reinstall, your new GDID is now also registered to your account. Many vendors such as Apple and Google have similar ID’s, but they are transparent about their use and location. Microsoft has been very secretive about it thus far. I expect that this GDID-Bleed (I coined it first) will grow like a mushroom.

Musings

Information is not the problem. We have lots of information. In fact, we have an overwhelming, massively excessive, insistently invasive, and perniciously persistent amount of information knocking on the synapses of our brains every day. The human psyche was not designed to ingest, process, and digest the vast and varied inputs that hammer against us every waking moment. Social Media has developed a curated steam of items that are designed to make us feel we’re missing out if we don’t read about how the mating ritual of the Japanese white-spotted pufferfish creates elaborate geometric patterns in the sand, or that Big Brutus was the world’s largest steam shovel (actually electric). Why do I need to know this? I don’t. But there is so much vying for my time and attention that it just slips on in. I must do a better job of filtering what I allow. Yes, there is a time and place to expand my horizons, to learn about things such as the world’s largest sewing needle in Sacramento, California, but it should not consume what precious little time I have allocated to me every day. Since my livelihood is in the Information Technology sphere, I’m not quite sure how to escape the information glut, but I’m aware and am starting to push back. How about you?

Visc. Jan Broucinek

Keep the shields up!

Viscount Jan Broucinek

Headline NEWS
Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

 

Share this with: