June 21, 2025

Hello all,

Iranian cyber-criminals are among the world’s best and most effective. And with the middle eastern war now involving the United States, expect that many of these well-trained spies and thieves will become agents of chaos and destruction targeting American companies and infrastructure. Having your data encrypted unless you pay is quite different from having it irretrievably scrambled or wiped. To create further chaos, they could engage in erasing or corrupting the firmware on, printers, switches, Wi-Fi access points, and routers, effectively bricking your entire infrastructure. This isn’t idle speculation, at the start of the Ukrainian war, Viasat had thousands of modems bricked (rendered useless) remotely which then had to be replaced to restore service. The time to back up, secure, and patch, everything is now.

As usual, my commentary is followed by a plethora of links to other items that are worth skimming to see if they interest you or pertain to your particular environment or of those you support. There is a lot more than what is provided in these opening comments. Be sue to scroll down.

Headline NEWS:

• Apple iOS, iPadOS, macOS, watchOS, and visionOS, have a zero-click vulnerability allowing attackers to compromise devices without any user interaction through maliciously crafted photos or videos shared via iCloud Links. This has been mitigated in iOS 18.3.1, so make sure to check your iFruit for updates.
• Atlassian has patched several high severity defects via third-party dependencies in Bamboo, Bitbucket, Confluence, Crowd, and Jira. Updates for these, and related products, are available and you are encouraged to apply them quickly.
• BeyondTrust, makers of Bomgar, are warning of a pre-authorization Remote Code Execution defect in their Remote Support and Privileged Remote Access products. The manufacturer has patched hosted versions, however, if you self-host you should immediately update to prevent compromise.
• Cisco AnyConnect VPN has a defect that can enable Denial of Service (DoS) attacks against Cisco Meraki MX and Z Series devices. Cisco has released firmware updates to address this flaw. If you don’t have automatic updates enabled and use the AnyConnect VPN, update quickly.
• Critical Vulnerability Patched in Citrix NetScaler. Three products are affected by the revealed security issues, NetScaler ADC, NetScaler Gateway, and Citrix Workspace app for Windows. Upgrade to the latest versions of each before threat actors latch onto them.
• Tenable Agent for Windows Let Attackers Log In as Admin is a tad ironic since Tenable’s product is used to scan for vulnerabilities. In this case, it is the vulnerability. Immediately update to the latest Windows agent version to fix the three defects identified.
• Trend Micro has released an update for Apex Central and Endpoint Encryption (TMEE) PolicyServer to address multiple severe and critical vulnerabilities. While exploitation is not known to be happening yet, that’s only a matter of time. So patch fast.
• Veeam Backup and Replication has addressed a critical defect that, if exploited, could allow for complete takeover of the backup server. There are mitigations available, and to fully mitigate, update to the latest version.

In Ransomware, Malware, and Vulnerabilities News:

• Threat Intelligence Warns of Hackers Targeting Insurance Companies is a headline that showed up early in the week for me. And as the week went on, I saw news that Aflac, Erie Insurance, Philadelphia Insurance Companies, and Scania Insurance had all been hit recently. Early reports are the many are the work of the Scattered Spider group. Somebody needs to get out the industrial-strength bug spray!
• TikTok got another 90 days of life-support courtesy of the Trump administration, which is hopeful that the Chinese will agree to sell it to a US based company. So, all of you moots can rejoice, you’ve got another quarter of a year of Chinese spying to look forward to.

In Other News Events of Note and Interest:

• Google Cloud, Cloudflare Apologize For Massive Outage. Last week major portions of the internet went down for hours when Google messed up. Unfortunately for Cloudflare, they found that they were too reliant on Google for portions of their network and they suffered as well. Both vendors have written apologies and have pledged to do better.

Musings:

What would you do if you woke up and the internet was down, and it stayed down for days? That’s the reality facing many Iranians right now. And it is not out of the realm of possibility for anywhere in the world, given an appropriately armed and determined adversary. There are ways around many such interruptions of service, but the time to explore those contingencies is before you need them, not while in the midst of a crisis when everyone else is doing the same.

Keep the shields up.

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• CISA Warns of iOS 0-Click Vulnerability Exploited in the Wild
• High-Severity Vulnerabilities Patched by Cisco, Atlassian
• BeyondTrust warns of pre-auth RCE in Remote Support software
• Cisco AnyConnect VPN Server Vulnerability Let Attackers Trigger DoS Attack
• Critical Vulnerability Patched in Citrix NetScaler
• NetScaler Console/SDX Authenticated Arbitrary File Read/Write
• Tenable Agent for Windows Vulnerability Let Attackers Login as Admin to Delete The System Files
• Trend Micro fixes critical vulnerabilities in multiple products
• Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2
• Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication 

Ransomware, Malware, and Vulnerabilities News

• Operation Endgame: Do Takedowns & Arrests Matter?
• Cybercrime crackdown disrupts malware, infostealers, marketplaces across the globe
• Dutch police identify users as young as 11-year-old on Cracked.io hacking forum
• US Seizes $7.74M in Crypto Tied to North Korea’s Global Fake IT Worker Network
• DOJ seizes record $225 million in crypto tied to scams
• US offering $10 million for info on Iranian hackers behind IOControl malware
• Ukraine extradites to U.S. hacker involved in over 2,400 cyberattacks worldwide
• Ryuk ransomware’s initial access expert extradited to the U.S.
• Ransomware gang busted in Thailand hotel raid
• President Trump to extend TikTok deadline for third time, another 90 days
• TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert
• CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability
• Linux Security: New Flaws Allow Root Access, CISA Warns of Old Bug Exploitation
• New Linux udisks flaw lets attackers get root on major Linux distros
• Hard-Coded ‘b’ Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments
• Stolen credentials are the new front door to your network
• Washington Post’s email system hacked, journalists’ accounts compromised
• Microsoft 365 security in the spotlight after Washington Post hack
• Hackers impersonating US government compromise email account of prominent Russia researcher
• Researchers unearth keyloggers on Outlook login pages
• Scammers Insert Fake Support Numbers on Real Apple, Netflix, PayPal Pages
• SentinelOne shares new details on China-linked breach attempt
• Facebook rolls out passkey support to fight phishing attacks
• North Korean hackers deepfake execs in Zoom call to spread Mac malware
• Critical sslh Vulnerabilities Let Hackers Trigger Remote DoS Attacks
• Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets
• IBM QRadar SIEM Vulnerability Allows Attackers to Execute Arbitrary Commands
• Tesla Wall Connector Charger Hacked Through Charging Port in 18-Minute Attack
• ChainLink Phishing: How Trusted Domains Become Threat Vectors
• Malicious Payload Uncovered in JPEG Image Using Steganography and Base64 Obfuscation
• Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor
• Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign
• As grocery shortages persist, UNFI says it’s recovering from cyberattack
• Hacker Could Hide Images in Text Data and Embeds Directly into DNS TXT Records
• New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains
• com user data exposed in breach
• Krispy Kreme says November data breach impacts over 160,000 people
• Over 46,000 Grafana instances exposed to account takeover bug
• A million SMS two-factor authentication codes were intercepted
• Hacker steals 1 million Cock.li user records in webmail data breach
• Car-sharing giant Zoomcar says hacker accessed personal data of 8.4 million users
• Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web
• Over 16 billion records leaked in “unimaginable” major data breach
• No, the 16 billion credentials leak is not a new data breach
• Hackers switch to targeting U.S. insurance companies
• Aflac says it stopped attack launched by ‘sophisticated cybercrime group’
• Erie Insurance reports no evidence of ransomware, no further threat
• Scania confirms insurance claim data breach in extortion attempt
• UBS Among Companies Hit by Data Leak After Cyberattack on Procurement Firm
• Ransomware Gang Exploits SimpleHelp RMM to Compromise Utility Billing
• New Mexico County silent on suspected ransomware attack
• Optima Tax Relief targeted by ransomware attack exposing customer data
• Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
• Old solar gadgets, rogue modules, and risky firmware could be the cyber timebomb inside your solar system
• Telecom giant Viasat breached by China’s Salt Typhoon hackers
• AMD partners roll out new BIOS updates to patch TPM vulnerability — error with AMD CPUs addressed with AGESA 1.2.0.3e
• ASUS Armoury Crate bug lets attackers get Windows admin privileges
• Abilene invests nearly $1M to boost cyber defenses, restore systems after cyberattack
• The 6 biggest cybersecurity breaches of 2025
• CDK cyberattacks: Lessons learned 1 year later 

Other News Events of Note and Interest

• Cool Tool: Lenovo’s show-stealing laptop with a rollable screen ships this week
• Cyber experts call for supercharging volunteer network to protect community organizations
• Google caused outage by ignoring its quality protections
• Google Cloud, Cloudflare Apologize For Massive Outage
• Google’s unloved plan to fix web permissions gathers support
• macOS Tahoe brings a new disk image format
• NJ Redefines Personal Data In New Protection Proposal
• AI Use at Work Has Nearly Doubled in Two Years
• How not to lose your job to AI
• An Introduction to Google’s Approach to AI Agent Security
• NIST Outlines Real-World Zero-Trust Examples
• Wyze overhauls its security practices
• Cortical Labs offers weekly access to real neuron computing for under the cost of a Nintendo Switch
• Chinese AI outfits smuggling suitcases full of hard drives to evade U.S. chip restrictions — training AI models in Malaysia using rented servers
• Malaysia investigates Chinese use of Nvidia-powered servers in the country — trade minister verifying reports of possible regulation breach following reports of smuggled hard drives and server rentals
• Microsoft Debuts Windows 365 Reserve for Instant Cloud PCs
• RIP Microsoft Passwords: Here’s How to Set Up a Passkey Before the August Deadline
• Microsoft 365 to block file access via legacy auth protocols by default
• Microsoft Defender for Office 365 to Block Email Bombing Attacks
• Microsoft investigates OneDrive bug that breaks file search
• Microsoft Announces ‘Data Guardian’ for European Operations
• Microsoft’s Windows Hello facial recognition no longer works in the dark
• Microsoft fixes Surface Hub boot issues with emergency update
• Microsoft has an update on Exchange Online Basic Auth removal for Office 365
• Microsoft: June Windows Server security updates cause DHCP issues
• June Patch Tuesday Update Breaks Windows Server DHCP
• Microsoft: DHCP issue hits KB5060526, KB5060531 of Windows Server
• Microsoft shares temp fix for Outlook crashes when opening emails
• WD SSDs still block Windows 11 24H2 download and installs, Microsoft may be guilty too
• Microsoft locks Windows 11 user out, shows how easy losing data from forced encryption is
• Windows 11’s emergency June update causes even more bugs and chaos
• Windows 11 KB5063060 issues, install fails on Windows 11 24H2 for some users
• Microsoft is removing legacy drivers from Windows Update
• Windows parental controls are blocking Chrome