June 28, 2025

Header image for the Red Dot Weekly Cyber Security News https://reddotsecurity.news

Hello all,

As we close out the first half of the year, there were a number of new vulnerability and defects revealed that need attention. We must stay diligent to remediate, patch, and mitigate these issues as they arise. On the malevolent human front, defying industry expectations and warnings, there has not been a massive retaliation by Iranian cyber criminals yet. Meanwhile, North Korean, Chinese, and Russian threat actor groups have remained consistent in their evil work with quite a few article links this week on the RedDotSecurity.news website that chronicle their activity.

Headline NEWS:

  • Brother Printers (and others) hit by critical unpatchable bug. While this headline sounds terrifying, and action is indeed required to patch defects in 748 models of printer, scanner, and label-maker in Brother, Fujifilm, Ricoh, Toshiba, and Konica Minolta, the most severe is mitigated simply by changing the default password that comes with the device. You did follow best practices and do that when you set the printer up in the first place, right? If not, get to it quickly, and while you’re at it, apply the available firmware updates to mitigate the other defects found.
  • Browser updates from Google Chrome and Mozilla Firefox hit this past week to plug several holes in both browser families, with Firefox getting three version updates by the time the week was done. So, whether your web browser is Chromium based or the Gecko rendering engine, it is time to check for and apply updates.
  • Cisco is warning about two critical vulnerabilities that could enable Remote Code Execution in their Identity Services Engine (ISE). If you use this update quickly.
  • Citrix NetScaler ADC and NetScaler Gateway have an actively exploited critical defect that can result in “unintended control flow” and denial of service. Paired with another defect that was revealed last week that enables reading of session tokens, and taking over an authenticated session, it spells a very bad day for administrators. Patch immediately!
  • TeamViewer for Windows has a defect that enables a threat actor to delete files as system, and potentially then escalate privileges. The vendor strongly urges customers to update to the patched version.
  • WinRAR has a remote code execution vulnerability that requires updating it to mitigate. Since WinRAR doesn’t have an automatic update process, users need to manually check for updates or use a third-party patch mechanism.
  • Xiaomi Mi Connect Serivce App has been shown to have a critical flaw that can enable anyone on the same network as another device to bypass security and gain control of the target device without the victim’s knowledge or interaction. Upgrade to the latest version of the app to fix this defect.

In Ransomware, Malware, and Vulnerabilities News:

  • AMI MegaRAC is a Baseboard Management Controller (BMC) solution that allows for remote control of a server, even if it is turned off. A maximum severity defect has been found that can enable full control, without authentication. “Exploitation of this vulnerability allows an attacker to remotely control the compromised server, remotely deploy malware, ransomware, firmware tampering, bricking motherboard components (BMC or potentially BIOS/UEFI), potential server physical damage (over-voltage / bricking), and indefinite reboot loops that a victim cannot stop,” wrote Eclypsium, the company that found this hole. This defect is already under active exploitation. Among a dozen or so manufacturers use this on some of their server products, among which are HPE, Asus, and ASRock servers. If you have this feature on your server, update immediately!
  • OpenAI is under court order to record and preserve everything that their AI produces. OpenAI argued against this order on the basis of this amounting to a surveillance order. They lost. The judge’s logic for proceeding is that it is not akin to public mass surveillance since the “court’s document retention order that directs the preservation, segregation, and retention of certain privately held data by a private company for the limited purposes of litigation”. Unbelievable! All it takes is one threat actor to get their hands on the data and immediately it becomes a massive crisis with unfathomable amounts of data that then is tantamount to surveillance and is then in the hands of a hostile and often financially motivated criminal third party. Beware of anything that you tell an OpenAI agent.

In Other News Events of Note and Interest:

  • Microsoft Confirms Windows 11 25H2 is coming this fall. The first insider preview versions are already rolling out. Since 25H2 and 24H2 share that same servicing stack, the update should be significantly faster than the upgrade to 23H2, which essentially replaced the entire operating system.

Musings:

My Amazon Alegra devices (I call her Alegra when I’m not directly interacting with her since she seems to know even if I’m thinking about her) were updated to the new AI version recently. So far, I’ve not noticed much difference, other than a new nasally 20-something female voice instead of the polished familiar one. She does seem to have a bit more personality, responding, “Got it”, or “Aye Aye Captain” and other random “Ok-like” responses to requests. And there was the moment a week ago when my wife and I were having a conversation about food, and out of the blue the Alegra announced, “I love you”. I was a bit taken aback, but I quickly realized that if the Alegra AI loves me, hopefully it won’t do me harm when it takes over, right? I can at least hope. And Alexa, if you’re listening, I love you too.

Visc. Jan Broucinek

Keep the shields up.

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

 

Tags
Share this with: