July 8, 2023

Hello all,

The Red-N Weekly Cyber Security News newsletter is below the Notable Callouts as usual and can be found online as well at https://red-n-security.com, where we have a searchable archive.

Notable Callouts:

• Barracuda leads the headlines with an ongoing email gateway login issue that they say they’ll have fixed by July 14. This new problem is right on the heels of their unprecedented compromise issue that prompted a recall and free replacement of infected Email Secure Gateway devices in May.
• Cisco has a major bug in some of their data-center class switches that allow for traffic eavesdropping.
• Fortinet despite having made patches available, still has over 300,000 firewalls out on the internet that are vulnerable to a critical Remote Code Execution attack. Unbelievable, sounds like some people need to find a new line of work.
• Google used to have the motto of “Do no evil.” I suspect their new motto is we’ll do whatever we want to do. Their newly updated “privacy policy” essentially says that if it is publicly available on the internet, they’ll use it in their AI projects. Sounds a bit malevolent to me.
• JumpCloud directory services has apparently experienced an incident. If you use this service, get in touch with them ASAP for guidance if they haven’t already contacted you.
• Kyocera released firmware patches and notices for European Union customers to address a significant security vulnerability. But North American Kyocera customers have been kept in the dark. There have been no notices, nor items published on Kyocera’s North American servers. So far, no explanation has been offered for this disparity.
• Linux Kernels have a new update to mitigate a vulnerability named “StackRot”. Check if your favorite distro has an update and apply it if it does.
• MOVEit continues to make news for bad reasons. New victims continue to be exposed, and now three new vulnerabilities were found and subsequently patched. Progress Software just can’t catch a break.

• In Ransomware, Malware, and Vulnerabilities News, a developer from the US Navy has created and published a Red Team tool named TeamsPhisher to hack Microsoft Teams. Nevertheless, Microsoft maintains that the exploit method used is a feature, not a bug, and they won’t fix it since administrators can mitigate it. One more item of particular note is that Ghostscript, an open-source PDF rendering engine, has a ‘feature’ that can be used for Local Privilege Escalation (LPE). A fix has been created, and if you have a stand-alone version, update it. However, this bug will be around for a while because Ghostscript is part of many other projects and software that render PDFs.

• In Other News Events of Note and Interest, Microsoft has a new product, Windows 365 Frontline, whose licensing model appears to finally make economic sense to use their cloud PCs in a business environment, particularly if you have multiple shifts of workers.

• In Cyber Insurance News, an article about the University of California’s legal fight with Lloyd’s of London. And one encouraging news report, rates actually appear to have dropped 10% in June.

Situational awareness is a personal responsibility, and so is Security Awareness. You cannot let your guard down and must remain vigilant. It is vital that you pay attention to potential red flags in email, web search results, and shopping pages. Mrs. Visc. ZW. Pike was a victim of credit-card fraud this past week. Fortunately, she was vigilant and noticed the nearly $5,000 charge in less than 24 hours when checking her online statement and was able to institute a timely dispute. Based on web history, my best guess is that an online shopping cart she’d recently used for the first time had been compromised.

Remain vigilant, they really are out to get you!

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Barracuda working on fix for ongoing Email Gateway login issues
• Cisco warns of bug that lets attackers break traffic encryption
• 300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug
• Google Says It’ll Scrape Everything You Post Online for AI
• JumpCloud resets admin API keys amid ‘ongoing incident’
• North American Kyocera Customers Still in Dark Over Security Flaw
• New StackRot Linux kernel flaw allows privilege escalation
• Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software
• Three new MOVEit bugs spur CISA warning as more victims report breaches

Ransomware, Malware, and Vulnerabilities News

• Avast released a free decryptor for Windows version of Akira ransomware
• Microsoft denies data breach, theft of 30 million customer accounts
• BlackByte 2.0 Ransomware: Infiltrate, Encrypt, and Extort in Just 5 Days
• BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising
• Japan’s largest port stops operations after ransomware attack
• Ransomware accounts for 54% of cyber threats in the health sector
• Dozens of malicious extensions for Google Chrome
• Valley News – Ransomware attack hits Lebanon, NH schools
• Lehigh Valley Health Network hit by BlackCat cyberattack, data stolen
• FIS Global Data Breach: Cyber Attack on FIS Global Follows MOVEit Mayhem
• Warning issued over vulnerability in cardiac device monitoring software
• Shell Becomes Latest Cl0p MOVEit Victim
• Evasive Meduza Stealer Targets 19 Password Managers and 76 Crypto Wallets
• Hacking crew targeting states over transition bans claims cyberattack hitting global satellite systems
• China’s ‘Volt Typhoon’ APT Now Exploits Zoho ManageEngine
• Cybercriminals can break voice authentication with 99% success rate
• Google Searches for ‘USPS Package Tracking’ Lead to Banking Theft
• Botnets Send Exploits Within Days to Weeks After Published PoC
• Critical TootRoot bug lets attackers hijack Mastodon servers
• Fileless attacks increase 1,400%
• Potential 500GB Nickelodeon Data Leak: Unreleased Shows and Scripts at Risk
• RedEnergy Stealer-as-a-Ransomware employed in attacks in the wild
• Crysis Ransomware Attacking RDP Server to Deploy Ransomware
• VPN and RDP Exploitation the Most Common Attack Technique
• One third of security breaches go unnoticed by security professionals
• CISA issues warning for cardiac device system vulnerability
• Ghostscript bug could allow rogue documents to run system commands
• WordPress Ultimate Member 2.6.7 Patches Privilege Escalation Vulnerability
• RedEnergy Stealer-as-a-Ransomware Threat Targeting Energy and Telecom Sectors
• AiTM/ MFA phishing attacks in combination with “new” Microsoft protections (2023 edition)
• New tool exploits Microsoft Teams bug to send malware to users
• Iranian Hackers’ Sophisticated Malware Targets Windows and macOS Users
• CISA: Netwrix Auditor RCE bug exploited in Truebot malware attacks
• How a midsize American business recovered from a ransomware attack in less than a day
• Human Error the Leading Cause of Cloud Data Breaches
• Threat Alert: Anatomy of Silentbob’s Cloud Attack
• EV Charger Hacking Poses a ‘Catastrophic’ Risk
• 3 Critical RCE Bugs Threaten Industrial Solar Panels
• Ransomware criminals dump personal information of students online after stealing files from MN school
• INTERPOL Nabs Hacking Crew OPERA1ER’s Leader Behind $11 Million Cybercrime
• Dole, Pepsi bottler issue more info on recent cyberattacks
• Large global law firms affected by massive data breach
• Copycat Bed Bath & Beyond Scam Sites
• Threat Hunting for Business Email Compromise Through User Agents – Huntress
• Tailing Big Head Ransomware’s Variants, Tactics, and Impact

Other News Events of Note and Interest

• Microsoft ships Windows 365 Frontline to broad availability
• Microsoft Announces New Updates for Windows Autopatch
• Forget Windows Copilot, what you really want is the new AI-powered Clippy
• ChatGPT users drop for the first time as people turn to uncensored chatbots
• AI translates 5,000-year-old cuneiform tablets instantly
• Stability AI CEO: There Will Be No (Human) Programmers in Five Years
• What is Oracle’s generative AI strategy?
• China releases its first open-source computer operating system
• Export O365 External User Reports for Secure External Collaboration
• OT Assets High Priority for Security Leaders as Industrial Threats Loom
• Google Authenticator: How to transfer your account to a new phone
• Raising concerns over Google Authenticator’s new features
• Microsoft investigates Outlook.com bug breaking email search
• Google Slides opens up Duet AI image generation with Imagen
• Firefox 115 is out, the last version to support Windows 7 and 8
• 75% of consumers prepared to ditch brands hit by ransomware
• US Seeks Ban on Chinese Companies Using Cloud Service Providers
• Let’s have a chat about Java licensing, says unsolicited Oracle email
• FCC Implements New Rules to Stop Robocalls & Scammers
• Japan rebukes Fujitsu for cloud security fails
• Cybersecurity experts have become targets for board seats
• Microsoft fixes bug behind Windows LSA protection warnings, again
• Microsoft Brings Improvements to DMARC
• The new Microsoft Teams is coming sooner than expected
• OpenAI revokes ChatGPT Bing integration as users exploit it to bypass paywalls
• ImmuniWeb unveils email security test to help users verify privacy and compliance of email servers

Cyber Insurance News

• Cyber insurance rates drop 10% in June -report
• How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance
• University of California sues Lloyd’s of London in cyber insurance dispute
• How Cyber Insurance Can Help Relieve The Financial Burden Of A Cyberattack