July 6, 2024

Hello all,

This coming Tuesday is Patch Tuesday for Microsoft and others. Expect some time-sensitive incoming items that will need to be prioritized. Don’t just knee-jerk respond to the latest thing making news, make sure that you evaluate the actual risk to your particular organization, including factoring in the cost and effect on your business that applying a patch or remediation requires. Don’t let the cure be worse than the problem. Something may be pants-on-fire, but in your environment it is isolated and mitigated by other factors. The number of vulnerabilities, and subsequent patches, every month is ever increasing, and identification, classification, and prioritization are key to remaining sane in this AI and bug bounty fueled deluge.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

• FTC affirms Right-to-Repair by sending notices to manufacturers that their “Warranty void if removed” stickers are in violation of the Magnuson-Moss Warranty Act of 1975. Darn, just as I was about to purchase my “I void warranties” t-shirt.
• Indonesia was ransomwared recently. Yep, pretty much government workings of the entire country, with more than 280 agencies affected. To make matters worse, almost none of the various agencies had backups at all. The threat actors didn’t need to delete them, there were none! In a rare move, probably motivated by fear for their lives, the threat actors apologized to Indonesia and gave them the decryptor for free. The incident has spawned massive outcry from the citizenry, some resignations, and a commitment to ensure that backups and proper security is put into place.
• RockYou2024 is the name of the latest ultra-massive 10 billion entry database dump of compromised passwords from around the world. These passwords came from a mix of old and new data breaches. Threat actors are salivating over the freshly available passwords to spray and credential stuff against online accounts. If you’ve been reusing passwords anywhere, this is your wakeup call. Change them now.
• Juniper Networks has released patches for Smart Session Router, Session Smart Conductor management platform, and WAN Assurance Routers. This is a perfect 10 out of 10 vulnerability. If you use these in your enterprise, check the requirements and patch as soon as possible.
• Passkey Redaction Attacks are the latest tool in the evil arsenal of dirtbags. The way this works is that they perform a man-in-the-middle website proxy spoof and strip out the parts of the login that ask for Passkeys, and instead present you a different login mechanism. The reason this works is that most sites leave you a backup method of logging in should the more secure one not work for some reason. Stay vigilant and know which sites are supposed to use Passkeys.
• Splunk “patched multiple vulnerabilities in Splunk Enterprise, including high-severity remote code execution bugs”. Thankfully, there does not appear to be any exploitation of this yet. Splunk also updated nearly two dozen third-party packages in Splunk enterprise and notified of some issues in Linux variants in the OpenSSL

In Ransomware, Malware, and Vulnerabilities News:

• Europol took down nearly 600 servers across 27 countries that were dishing up Cobalt Strike. Score one for the good guys.
• TeamViewer has accused the Russians of being behind the recent breach of their corporate network. Staving off a digital apocalypse, results from their forensic investigation confirmed that only the corporate network was breached, and not the customer-facing one.
• CDK Global was able to bring their dealer management systems fully online during the busy July 4th sales weekend, much to the celebration of their 15,000 clients in North America. Now that their technical restoration is done, they are faced with various legal issues, that in their case, will be rather massive simply due to their size and reach. Hopefully, lessons were learned, and their infrastructure is now configured to weather such an event should another arise in the future.

In Other News Events of Note and Interest:

• Brain-in-a-jar biocomputers can now learn to control robots. I’ll leave that one alone for a moment. The next item right below it reads, Humanoid robots powered by AI… Do these people not watch or read sci-fi? I hope that they build in some seriously effective kill-switches in these things.
• Japan finally says goodbye to floppy disks. Yep, the Japanese government, up until recently, required their use for official purposes. Good riddance to the archaic magnetic storage. On a similar, but sad note, Sony Group is ending production of Blu-ray Discs. Apparently, sales continue to plummet due to streaming and hard drive storage, signaling that it is time to move on.

In Cyber Insurance News:

• How should cyber insurance evolve? is a good opinion piece on where we are now, and how this industry needs to change to adjust to current and future states.

Hopefully, those of our readers in the United States of America had a safe and enjoyable holiday as the country celebrated another birthday. If you arrive to work to a poorly worded warning screen all over your computer systems, letting you know that you’ve been subjected to a post-paid pen test, don’t go it alone! Contact your insurance provider immediately, and contact us, we can help.

Keep the shields up. They really are out to get you.

Viscount Jan Broucinek
Red-N Weekly Cyber Security News

Headline NEWS

• FTC fires out warnings to ASRock, Gigabyte and Zotac over ‘Warranty void if removed’ stickers in violation of US law
• Indonesian government didn’t have backups of ransomwared data, because DR was only an option
• Ransomware scum who hit Indonesian government apologizes, hands over encryption key
• RockYou2024: 10 billion passwords leaked in the largest compilation of all time
• Juniper Networks flings out emergency patches for perfect 10 router vuln
• Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication
• Splunk Patches High-Severity Vulnerabilities in Enterprise Product

Ransomware, Malware, and Vulnerabilities News

• Record Breaking DDoS Attack of 840 Mpps Launched by Evil Core Routers
• 99% of IoT exploitation attempts rely on previously known CVEs
• Europol nukes nearly 600 IP addresses in Cobalt Strike crackdown
• FBI Offers $10 Million Reward for Capture of Russian Hacker
• Indonesia’s Biggest Cyberattack Prompts Resignation, Audit
• A recent Microsoft data breach also let Russian hackers compromise US federal agencies
• Microsoft MSHTML Flaw Exploited to Deliver MerkSpy Spyware Tool
• Beware Of Malicious PDF Files That Mimic As Microsoft 2FA Security Update
• Hackers Exploiting HTTP File Server Remote Code Execution
• Hackers abused API to verify millions of Authy MFA phone numbers
• Teamviewer Discloses Investigation Update Following Cyber Attack
• Authorities investigating cyber attack on Alabama State Department of Education
• Baddies hijack Korean ERP vendor’s update systems to spew malware
• GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks
• New Mexico public defender’s office hit with cybersecurity breach
• Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug
• PTC License Server Bug Needs Immediate Patch Against Critical Flaw
• New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems
• Cisco warns of NX-OS zero-day exploited to deploy custom malware
• Dealerships rejoice after critical software restored following cyberattack
• The Impact of the CDK Hack Will Take Years to Play Out
• ‘I can’t get paid.’ Cyberattack affecting car dealerships brings chaos for sellers, buyers and workers
• Forget the Kia Boyz, a new exploit leaves Kias and Hyundais vulnerable
• Malicious payloads deployed via vulnerable Rejetto HFS instances
• Infostealing malware masquerading as generative AI tools
• Hackers cracked OpenAI’s internal messaging system last year
• Latest Ghostscript vulnerability haunts experts as the next big breach enabler
• Siemens Sicam Vulnerabilities Could Facilitate Attacks on Energy Sector
• Teamviewer accuses Russia-linked hackers of cyberattack
• Prudential Financial now says 2.5 million impacted by data breach
• How MFA Failures are Fueling a 500% Surge in Ransomware Losses
• Engineer hacks his Sleep Number bed, reveals potential backdoor and security vulnerability
• Roll20, an online tabletop role-playing game platform, discloses data breach
• Hackers target Town of Apex, cause massive network outage affecting residents’ online transactions
• Federated Co-ops says it’s making progress as cyberattack woes enter 2nd week
• New Eldorado ransomware targets Windows, VMware ESXi VMs
• LockBit claims cyberattack on Croatia’s largest hospital
• LockBit group claims the hack of the Fairfield Memorial Hospital in the US
• Average ransomware payment demands soars as criminals grow more confident
• Waupaca County, WI network impacted by ransomware
• Patelco shuts down banking systems following ransomware attack
• Formula 1 governing body discloses data breach after email hacks

Other News Events of Note and Interest

• Cool Tool: Windows XP era unofficial anti-spyware comes to Windows 11 as a fork
• Cool Tool: Windows package manager WingetUI gets a redesign alongside a new name
• ‘Brain-in-a-jar’ biocomputers can now learn to control robots
• Humanoid robots powered by AI turn heads at the World Artificial Intelligence Conference
• Amazon puts down its Astro robotic business watchdog
• RIP: WordPerfect co-founder Bruce Bastian dies at 76
• How to set up virtual PCs with VMware Workstation, a now-free pro tool
• Kaspersky software ban: CISOs must move quickly, experts say
• Japan finally says goodbye to floppy disks, ends government use of legacy tech
• Sony Group to End Production of Blu-ray Discs
• A big Defense cybersecurity requirement for contractors moves closer to reality
• 4 key steps to building an incident response plan
• TSMC Is Ahead Of Schedule With 2nm Production Equipment Installation
• Microsoft will end new Office 365 connectors to Teams on August 15 and close them October 1
• Microsoft confirms OneDrive shared folders are indeed turning into internet shortcuts
• Microsoft is updating the WSL2 kernel to 6.6 at last
• Windows 11 will offer new secure application “enclaves” to protect sensitive data through virtualization
• How to uninstall Microsoft Teams from Windows 11
• Here’s how much RAM Windows 11 actually uses

Cyber Insurance News

• Cyberinsurance Premiums are Going Down: Here’s Why and What to Expect
• How should cyber insurance evolve?
• Beyond the firewalls, every business needs cybersecurity insurance policy