June 22, 2024

Weekly Cyber Security
News Events &Information

From sources found online in the past seven days

Hello all,

The news was somewhat light this week, meaning that the number of critical items seems low to me. But we’ve still got plenty for you to read about, so onward.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

CDK Global provides data and technology services to 15,000 car dealerships in the US and Canada, they were hit with a cyberattack – twice. Unfortunately, they were in the process of restoration when they were taken down again. It sounds to me like they jumped the gun on the “Recovery” portion of their Incident Response plan and didn’t quite determine how the threat actors got in, nor managed to eradicate their presence. Hopefully, their backups survived the second hit. For now, dealerships have had to resort to paper and pen. Some dealers are urging their older employees to not use cursive so that the younger crowd can read what has been written.
Kaspersky, the Cyber Security company, has long been in the crosshairs of the US government. Well, the US pulled the trigger and has instituted a total ban starting later this year. If you are in the US and have Kaspersky, now is the time to replace it. There will be no more updates for US-based Kaspersky users after the ban takes effect.
Proton, the Swiss-based privacy company is transitioning to a non-profit structure. The goal is to ensure that privacy is a core tenant, while still working to ensue they are financially solvent. CEO Andy Yen wrote, “Proton is not profit-driven, but we still must retain profitability as a core objective because a cornerstone of safeguarding Proton’s mission is independence through self-sustainability.”
Microsoft Email Spoof has been found by some security wonk, and sadly Big Redmon told him that they couldn’t reproduce the error – even after him having sent them a video of how he did it. The researcher sent Techcrunch a spoofed email that indeed did appear to come from Microsoft. I doubt this is the last we’ll hear of this problem. And in another Microsoft item, a Windows security flaw was found in Wi-Fi that allows an unauthenticated attacker to gain remote code execution on the targeted device, with zero interaction needed by the victim. Thankfully this was patched in the June updates. You have applied that to your systems, right? If not, you should prioritize any laptops that are used in public locations as this exploit requires proximity to the same Wi-Fi network.
SolarWinds Serv-U has a vulnerability that received a patch recently. If you’ve been waiting to apply it, now is your moment. It is presently under active exploitation by the bad guys.
VMware (or is it Broadcom?) has released patches for Cloud Foundation, vCenter Sever, and vSphere. There are multiple address heap-overflow and privilege escalation vulnerabilities in the DCE/RPC protocol. There are no work arounds, updates must be applied to mitigate.

In Ransomware, Malware, and Vulnerabilities News:

Keep Hearing about Data Breaches, they are so common that we hardly notice when a new one comes out, but what purpose do they serve for the criminal underbelly of the internet? There is a link to an article in this section that gets into the specifics.

In Other News Events of Note and Interest:

The Basics of DNS. There’s an old axiom among Information Technology professionals regarding nearly every internet related issue, it is “It’s always DNS”, meaning that DNS problems are always the cause. While not entirely true, it is surprising how often DNS is the culprit behind problems that are experienced. There’s an article in this section that explains what Domain Name Service is and how it works.

In Cyber Insurance News:

Cyber insurance from the perspective of a data breach lawyer talks about why coverage is important, and what are some services that should be in your policy.

I’m still on vacation, or holiday as they call it here, and just recently visited the ancient ruins of Pompei, Italy. It was astounding to see what once was a flourishing city of 20,000 people that had been obliterated from sight on August 24, 79 by the explosion of Mount Vesuvius. The eruption lasted two days, and most residents made it out alive. That made me think, did any of the merchants that escaped have a disaster recovery plan? Was it to set up shop in their cousin’s store several blocks away? Or perhaps in the sister city of Herculaneum, which was also smothered by volcanic ash? What did they do? How about you. Do you have a plan that will cover a regional disaster? Perhaps you should. When the twin towers went down in New York in 2001, many businesses never reopened because their DR sites were in the second tower, and nobody foresaw such a catastrophic event.

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Cyber Insurance News

Like this: