Hello all,
When the Headline NEWS list started this week, it appeared that the company names would begin only with the English vowels, but as the week went on a few other companies and items merited inclusion. We start with several A-List vendors, going all the way down to Z for Zimbra.
As usual, the complete the Red-N Weekly Cyber Security News newsletter report is below the Notable Callouts. Don’t forget, our site, https://red-n-security.com, also has searchable archives of past newsletters.
Notable Callouts:
- AMD has had a new chip bug revealed, Zenbleed. It appears trivial to exploit, watch for patches from AMD and apply them when available.
- Apple shipped updates for most of their devices for actively exploited vulnerabilities. If you have iFruit, update quickly.
- Atera has a critical zero-day in their installers for Windows. New installers have been made available that do not have this flaw.
- Atlassian has been quiet for a while, but this week they’ve patched RCE’s in Confluence and Bamboo. “Successful exploitation of these bugs could lead to system takeover…”
- Axis makes Cameras and Door controllers. This week several vulnerabilities were revealed in their Axis A1001 network door controller.
- Elon Musk in a somewhat unusual move, has chosen to rebrand the iconic Twitter brand and blue bird to “X”. Just X. We’ll have to wait and see how this plays out.
- IBM reported this week, that the average cost of a data breach has risen 2.3% to $4.45 million.
- Ivanti has a severe bug in their Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core. A patch has been made available.
- Incandescent Lightbulb Ban goes into effect on Tuesday, marking the end of an era of a technology that revolutionized the world. You can still own and use them, but the USA has made their sale illegal. “Manufacturers who violate the ban could face a maximum penalty of $542 per illicit bulb.”
- Oracle in their new licensing terms, has decided that companies need to pay 2 to 5 times more for the right to use Java.
- MikroTik Routers are back in the news, a severe privilege escalation flaw has been identified. Patches and guidance are available from the vendor.
- SEC the United States Security Exchange Commission has new rules coming to public companies that require reporting of cyber incidents within 4 business days of discovery.
- Zimbra has finally released a patch for the flaw in their Zimbra Collaboration Suite (ZCS) email server that was revealed on July 13th. There has been mitigation guidance available, but now there is a fix from them as well.
- In Ransomware, Malware, and Vulnerabilities News, an emerging item is the Terrestrial Trunked Radio (TETRA) system has been shown to have flaws that allow communication to be intercepted, and even altered or injected. The European Telecommunications Standards Institute (ETSI) takes umbrage at the findings and responded by saying, “it adheres to export control regulations, and that any weaknesses in the security of TETRA would be due to that rather than a deliberate backdooring of the technology.”
In a bit of good news, there is a report that security training does in fact work and Human Cyber-Risk can be demonstrably mitigated.
And finally, in what is supposed to be a good report, CSO Online reports that only 23% of organizations are still vulnerable to MOVEit flaws. That’s nearly a quarter of the organizations that use it!
- In Other News Events of Note and Interest, Microsoft has a bunch of entries, one of particular note is that Windows Software Update Servers (WSUS) will need some PowerShell scripting to be added to their schedulers so that they continue to function.
- In Cyber Insurance News, a good read about why CISO’s should be involved in Cyber Insurance Negotiation. “Having the CISO at the table when negotiating with insurance brokers or carriers is a best practice for ensuring that insurers understand not only which security controls are in place, but why the controls are configured the way they are and the organization’s strategy.”
Security is only as good as your weakest link. If you fortify all of the electronic external points of entry but allow the “cable guy” into your server room unsupervised, you may be exposing yourself to any number of physical attacks. Make sure your physical security is as effective as your electronic.
Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News
Headline NEWS
- AMD Zenbleed chip bug leaks secrets fast and easy
- Apple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day
- Atera Windows Installers Critical Zero-Days Expose Users to Privilege Escalation Attacks
- Atlassian Patches Remote Code Execution Vulnerabilities in Confluence, Bamboo
- Axis Door Controller Vulnerability Exposes Facilities to Physical, Cyber Threats
- Elon Musk says Twitter’s blue bird to be replaced by an X
- IBM Report: Average Cost of a Data Breach Rises to $4.45 Million
- Ivanti patches MobileIron zero-day bug exploited in attacks
- Light bulb ban: DOE’s ban on incandescent lightbulbs goes into effect
- Oracle’s revised Java licensing terms 2-5x more expensive for most orgs
- Critical MikroTik RouterOS Vulnerability Exposes Over Half a Million Devices to Hacking
- New SEC rules put a time limit on reporting hacks and data breaches
- Zimbra patches zero-day vulnerability exploited in XSS attacks
Ransomware, Malware, and Vulnerabilities News
- Data breach in Tampa Bay may be linked to Russian gang; over 1 million impacted
- FortiGuard Labs Discovers Multiple Vulnerabilities in Microsoft Message Queuing Service
- Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches
- Cyber criminals pivot away from ransomware encryption
- 8 million people hit by data breach at US govt contractor Maximus
- Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required
- Scammers use AI to mimic voices of loved ones in distress
- Clop now leaks data stolen in MOVEit attacks on clearweb sites
- Banking Firms Under Attack by Sophisticated ‘Toitoin’ Campaign
- ALPHV ransomware adds data leak API in new extortion strategy
- Gamaredon hackers start stealing data 30 minutes after a breach
- Is Your Peloton Attracting Security Threats?
- Backblaze warns of AI-assisted cyber threats
- Conti and Akira: Chained Together
- The Art of Finding New Darkweb Sources
- Attackers intensify DDoS attacks with new tactics
- Into the tank with Nitrogen initial access campaign
- Who and What is Behind the Malware Proxy Service SocksEscort?
- Almost 40% of Ubuntu users vulnerable to new privilege elevation flaws
- Apple Crimeware | Massive Rust Infostealer Campaign Aiming for macOS Sonoma
- Decoy Dog is No Ordinary Pupy – Infoblox Reveals Shift in Malware Tactics After Initial Discovery
- Yubico’s Hanson: Hardware-bound Passkeys are Still the Ultimate in Security
- Meet the Finalists for the 2023 Pwnie Awards
- Banking Sector Targeted in Open-Source Software Supply Chain Attacks
- Ransomware attack on rural Mississippi county a ‘cautionary tale’
- Ransom Monetization Rates Fall to Record Low Despite Jump In Average Ransom Payments
- KillNet’s Kremlin Connection Unclear as the Cybercrime Collective Grows
- Casbaneiro Banking Malware Goes Under the Radar with UAC Bypass Technique
- TETRA Radio Code Encryption Has a Flaw: A Backdoor
- Vast majority of organizations are no longer vulnerable to MOVEit
- MOVEit Hack Could Earn Cybercriminals $100M as Number of Confirmed Victims Grows
- MOVEit Vulnerability Investigations Uncover Additional Exfiltration Method
- Deloitte joins Big Four MOVEit victims PWC, EY
- Recent exploitation of MOVEit vulnerability causes June ransomware spike
- MOVEit Hack: Over 400 Organizations’ Hacked
- Norway government ministries hit by cyber attack
- The growing impact of generative AI on cybersecurity and identity theft
- Human Cyber-Risk Can Be Demonstrably Mitigated by Behavior Changing Training: Analysis
- Lazarus hackers hijack Microsoft IIS servers to spread malware
- Yamaha confirms cyberattack after multiple ransomware gangs claim attacks
- RaaS proliferation: 14 new ransomware groups target organizations worldwide
- Researchers find Decoy Dog malware campaign likely linked to nation-state spying
- VMware fixes bug exposing CF API admin credentials in audit logs
- ‘FraudGPT’ Malicious Chatbot Now for Sale on Dark Web
- Perimeter81 Vulnerability Disclosed After Botched Disclosure Process
- Maritime Cyberattack Database Launched by Dutch University
- CardioComm, a provider of ECG monitoring devices, confirms cyberattack downed its services
- SonicWall: Ransomware Declines Further As Attackers ‘Pivot’ Their Tactics
- Android malware steals user credentials using optical character recognition
- Millions of people’s data stolen because web devs forget to check access perms
- Ransomware gang increases attacks on insecure MSSQL servers
- IcedID Malware Adapts and Expands Threat with Updated BackConnect Module
- Linux version of Abyss Locker ransomware targets VMware ESXi servers
Other News Events of Note and Interest
- Google: Don’t Choose Cheap TLDs, Avoid Spam Risks
- Google Play services ending support for Android 4.4 KitKat
- Google, Microsoft form new A.I. industry group to set safety standards
- Chromebooks’ built-in ‘death dates’ render many older models useless
- ChromeOS 115 rolling out: Android App Streaming, PDF signatures
- Cisco, VMware and other tech giants tackle end-of-life product issues
- Few Fortune 100 Firms List Security Pros in Their Executive Ranks
- Spotify is about to cost more with a price increase planned for next week
- HPE pitches Zerto ransomware product as a ‘real-time’ detector that’s data-aware
- Know How 20 Microsoft 365 Defender Reports can Strengthen Your Security!
- Microsoft may have unknowingly unblocked Windows 11 upgrades from Windows 8.1 again
- Microsoft shares fix for some Outlook hyperlinks not opening
- Microsoft SharePoint outage caused by use of wrong TLS certificate
- Microsoft releases new virtual machines so you can download Windows 11 for free
- Microsoft 365 Defender Adds New URL Page to Block Phishing Attacks
- Microsoft shares temp fix for Outlook Desktop slow saving bug
- Microsoft fixes bug that breaks video recording in Windows apps
- Microsoft Asks IT Admins to Import Updates into WSUS with PowerShell Script
- Analyze IoT/OT device firmware with Microsoft Defender for IoT
- Windows 11 KB5028254 update fixes VPN performance issues, 27 bugs
- White House to nominate former NSA, CIA official as next national cyber director
- My go-to cleaning app for Mac just got a major security upgrade
- Thunderbird Supernova 115.0.1: This update brings enhanced visuals, UX, and security updates
- Microsoft enhances Windows 11 Phishing Protection with new features
- Meta Adds Microsoft Teams and 365 Apps to Quest 2 VR: Enhancing Remote Collaboration in VR
- Remote employees work longer and harder, studies show
- ChatGPT for Digital Forensic – AI-Powered Investigation Tool