July 22, 2023

Hello all,

The Red-N Weekly Cyber Security News newsletter Notable Callouts are below. As usual, the complete weekly report is below the introduction. Don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

• Adobe patched Cold Fusion last week. Unfortunately, it was flawed and a new patch has been released this week. Don’t wait to patch as this vulnerability is already under active exploitation.
• Apple has scratched a line in the sand with the UK government and will reportedly pull iMessage and FaceTime from the UK rather than break end-to-end encryption like a potential upcoming law would require. If this passes, it would give the government the ability to spy on any communication it desires.
• CISA continues to show value to taxpayers. This time it is by sharing free tools to help secure data in the cloud.
• Citrix ADC and Gateway products need to be patched immediately! They are under active exploitation from a zero-day that may have existed for a month or more. As of this writing, there are over 15K vulnerable devices on the internet. CISA’s announcement and breakdown of the vulnerability (in Ransomware, Malware, and Vulnerabilities) shows how to detect if a device has been compromised.
• The Federal Reserve has launched a new payment system that allows for direct transfer of funds, nearly instantly. While this sounds great in principle, I’m quite leery of anything government related having more power over the exchange of funds. It is still in early stages and is voluntary – for now.
• Google has released Chrome 115. It contains 20 security fixes, but no zero-days. It does include some new functionality, so do read the errata for things to examine and try.
• Kevin Mitnick famed cyber criminal who later became a force for good, has passed away.
• Microsoft made headlines for a number of reasons this week. The first is related to last week’s revelation of Chinese state-sponsored criminals getting access to multiple government agencies’ Azure accounts. The stolen Microsoft account (MSA) key could have been used for much more than was originally disclosed, giving access to many more orgs and Microsoft services. Pressure from the US Government and organizations worldwide have gotten Microsoft to make full security logs free. As it pertains to the Chinese hack, the horse is already out of the barn. But it will certainly help identify activity in any future attacks. Microsoft also announced a raft of AI initiatives at their Inspire event, which drove their stock price up 1000%. At the event Big Redmond revealed their price-point for Microsoft CoPilot, a whopping $30 per user per month. I guess we will need to wait-and-see if it delivers as touted. If it truly can be a full virtual assistant, that’s a rather cheap employee for $30 per month.
• In our local Tampa Bay Area, Tampa General Hospital is in the news for stopping a ransomware attack from deploying. Unfortunately, the threat actors had been in the network for some time prior to the detonation attempt. So, there is a very high likelihood of data exfiltration. I’m sure more will be revealed as this story develops.
• And finally, a disturbing report that weekly cyber attacks have reached a two year high.

• In Ransomware, Malware, and Vulnerabilities News, a nice one for the good-guys for a change. A “Prominent Threat Actor” infected himself and revealed pretty much everything, including his real name and location. In a “we knew it was coming” moment, bad guys have created “Worm GPT” and it doesn’t have filters.

• In Other News Events of Note and Interest, Microsoft is pushing ahead with replacing the Windows Mail and Calendar app with the new Outlook. And in what should be a terrifying bit of news, the US Military is funding the development of a computer chip named “DishBrain” that has human brain tissue in it. What could go wrong? “Igor, bring me the brain.”

• In Cyber Insurance News, an interesting article on how insurers may be on the hook for defending against a law meant to shield video store rental purchase records.

Electronic calendars, organizers, and assistants are truly a wonderful thing – if you actually use them. I’m embarrassed to report that I got all spiffied up in my fancy clothes, and actually started driving to an event today… only to realize that the event is next weekend.

Technology works, but you must use it.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities
• Adobe has released security updates for ColdFusion versions 2023, 2021 and 2018.
• Apple says it would remove iMessage and FaceTime in UK rather than break end-to-end encryption
• CISA shares free tools to help secure data in the cloud
• New critical Citrix ADC and Gateway flaw exploited as zero-day
• Fed launches new payments system that lets you send money in seconds
• Google Chrome 115: fixes 20 security vulnerabilities, new side panel tools and HTTP upgrades
• Famed US hacker Kevin Mitnick dies aged 59
• Email hack prompts call for Microsoft to make security logs free
• Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps
• Microsoft announces Azure AI trio at Inspire 2023
• Microsoft 365 Copilot Cost Revealed at $30/user per Month
• Tampa General Hospital cyber attack stopped before ransom attempt
• Weekly cyber attacks reach two-year high amid ransomware resurgence

Ransomware, Malware, and Vulnerabilities News

• Prominent Threat Actor Accidentally Infects Own Computer with Info-Stealer
• CISA orders govt agencies to mitigate Windows and Office zero-days
• Google exposes intelligence and defense employee names in VirusTotal leak
• Phone numbers for airlines listed on Google directed to scammers
• U.S. military emails accidentally sent to Mali
• Lockbit 3.0 Claims Credit for Ransomware Attack on Japanese Port
• Threat Actors Exploiting Citrix CVE-2023-3519, details and detection from CISA -pdf
• Cloudflare reports ‘alarming surge’ in DDoS sophistication, escalation in recent months
• Thousands of images on Docker Hub leak auth secrets, private keys
• JumpCloud discloses breach by state-backed APT hacking group
• JumpCloud Intrusion | Attacker Infrastructure Links Compromise to North Korean APT Activity
• China hackers breach emails of U.S. diplomats Nicholas Burns, Kritenbrink
• Malware with faked timestamps on the rise to bypass Windows protections
• Cybercriminals Exploit Microsoft Word Vulnerabilities to Deploy LokiBot Malware
• BGP Software Vulnerabilities Under the Microscope in Black Hat Session
• Critical Flaws in AMI MegaRAC BMC Software Expose Servers to Remote Attacks
• Lazarus APT Group Hijack Windows IIS Servers
• Threads collects so much sensitive information it’s a ‘hacker’s dream,’ experts say
• Rite Aid reports data breach that compromised customer information
• Critical Infrastructure Workers Better At Spotting Phishing
• TJ Maxx, Shutterfly, TomTom latest organizations to confirm MOVEit breaches
• MOVEit body count closes in on 400 orgs, 20M+ individuals
• Clop gang to earn over $75 million from MOVEit extortion attacks
• Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks
• Meet NoEscape: Avaddon ransomware gang’s likely successor
• Hackers exploiting critical WordPress WooCommerce Payments bug
• Google and Meta got your data from H&R Block and other tax prep companies
• New P2PInfect Worm Targeting Redis Servers on Linux and Windows Systems
• Johns Hopkins hit with class action lawsuit connected to data breach
• Estee Lauder Hit by Cyberattack, Some Business Operations Affected
• Dating app spills 340GB of steamy data and 260,000 user profiles
• Anonymous Sudan claims successful DDoS cyberattack on PayPal
• Norwegian recycling giant Tomra dealing with ‘extensive’ cyberattack
• Linux Ransomware Poses Significant Threat to Critical Infrastructure
• Gmail encouraging users to enable Enhanced Safe Browsing
• Threat Actors Add .zip Domains to Their Phishing Arsenals
• Remote Code Execution in OpenSSH’s forwarded ssh-agent, CVE-2023-38408
• Escalating Privileges via Third-Party Windows Installers
• Hackers Create ChatGPT Rival With No Ethical Limits
• Cybersecurity firm Sophos impersonated by new SophosEncrypt ransomware
• FIN8 Group Using Modified Sardonic Backdoor for BlackCat Ransomware Attacks
• Google Cloud Build Flaw Enables Privilege Escalation, Code Tampering
• CISA and NSA Issue New Guidance to Strengthen 5G Network Slicing Against Threats
• Microsoft: Hackers turn Exchange servers into malware control centers
• OpenAI credentials stolen by the thousands for sale on the dark web
• Recently Patched GE Cimplicity Vulnerabilities Reminiscent of Russian ICS Attacks
• Increase in Tech Support Scams Targeting Elderly, Directing Victims to Send Cash via Shipping Companies
• DDoS Botnets Target Zyxel Vulnerability CVE-2023-28771
• 67% of daily security alerts overwhelm SOC analysts
• Satellites Are Rife With Basic Security Flaws

Other News Events of Note and Interest

• Microsoft stock hits all-time high on new Copilot AI subscription
• Microsoft Pushes Forward with Transition of Mail and Calendar to the New Outlook
• Microsoft Teams is rolling out AI-powered Maybelline beauty filters
• Microsoft Takes Security Copilot AI Assistant to the Next Level
• Microsoft 365 Backup for SharePoint and Exchange Online
• Nearby Share for Windows on Android is now available
• Fortinet unveils data center firewalls with AI support
• IBM should cover work-from-home expenses, court rules
• No-cost Google Cloud Skills Boost for summer 2023
• OpenAI Increases GPT-4 Messages To 50 In ChatGPT
• Open-Source Text Generation & LLM Ecosystem at Hugging Face
• Google will switch on its cookie-replacing developer tools next week
• White House secures voluntary pledges from Microsoft, Google on AI
• Meta and Microsoft have released Llama 2, an AI language model for commercial use
• Proton Pass is now an independently security audited, open source password manager
• Another company has been watching you in your bedroom
• AlmaLinux Announces Its Solution to RHEL Source Code Conundrum
• Go Beyond the Headlines for Deeper Dives into the Cybercriminal Underground
• ChatGPT For Penetration Testing – A Detailed Guide 2023
• 39-Year-Old 4.77 MHz DOS Web Server Hits 2,500 Hours of Uptime
• Windows Copilot arrives in the fall with Windows 11 23H2
• How to Bring Back a Missing Quick Access Menu in Windows 11
• Nvidia release firmware tool for all 64-bit Windows, fixes DisplayPort black screen, hangs
• July’s Windows 11 update could be the solution to your game stuttering woes
• Google Chat remembers it exists on the internet, decides to support hyperlinks
• Google Bard can now speak loud and clear as update introduces speech feature
• Meta faces a $100,000 daily fine if it doesn’t fix privacy issues in Norway
• NYC subway using AI to track fare evasion
• How companies are safeguarding data in A.I. age
• IMAX Still Runs on PalmPilot Operating System
• Researchers Chart Alarming Decline in ChatGPT Response Quality
• Bitwarden adds passwordless SSO function with universal compatibility
• Computer chip with built-in human brain tissue gets military funding

Cyber Insurance News

• Strengthening Password Security may Lower Cyber Insurance Premiums
• Cyber insurers adapting to data-centric ransomware threats
• Cyber Insurance Vs. Crime Insurance, What Are The Differences?
• Why insurance is a must for cyber security now
• How a video rental-era law is creating privacy exposures