Hello all,
The Red-N Weekly Cyber Security News newsletter is below the Notable Callouts as usual. This week Apple starts us out and we end with Zyxel.
Notable Callouts:
- Apple iTunes has a local privilege escalation bug in their Windows version. If you use it, update now to fix this hole.
- Barracuda announced a zero-day that was patched last week. This week it has been revealed that this was in active exploitation for 8 months. The implications for impacted companies are monumental as it is almost impossible to be certain what a threat actor may have left lurking in an affected network. Orgs may need to rebuild clean new networks as a result.
- Capita’s cyber-attack has affected 90 organizations with data breaches.
- Gigabyte motherboards have been revealed to have a previously unknown process to automatically apply firmware updates. Unfortunately, it is implemented in an insecure manner and can be leveraged by threat actors to infect the UEFI BIOS of machines.
- Microsoft, in a bit of good news here for a change, has announced that upcoming versions of Windows will have the ability migrate apps to new Windows machines.
- Microsoft, in an unfortunate blunder, is installing incompatible AMD GPU drivers on some Windows 10 and 11 systems.
- MOVEit by Ipswitch, has a zero-day that is being mass-exploited in data theft attacks. As of just a few days ago, thousands of servers were found by Rapid7 to have been compromised.
- Pax8 and CrowdStrike have announced a strategic partnership that will give Managed Service Providers (MSPs) access to bundled product offerings of the CrowdStrike Falcon®
- The US Pentagon is promising to unleash Cyber Campaigns if needed, signaling an increased willingness to actively and visibly engage in what has previously been a stealth cyberwar.
- A new Wi-Fi MiTM attack has been revealed to be possible across 89% of real-world Wi-Fi networks worldwide. A minor mitigating factor is that the attacker must be connected to the network in order to exploit the vulnerability. Patches from manufacturers will be required to address this bug.
- WordPress has had a busy few weeks with two more items requiring attention this week. The Gravity Forms plugin is vulnerable to a PHP object injection attack, and JetPack had a critical flaw. WordPress found it so severe that they force-upgraded nearly 5 million sites to the patched version. If you are using JetPack, check to ensure you’re on the latest version. A few weeks ago, we published that the Elementor plugin was vulnerable to attack. This week has shown that mass exploitation of unpatched versions is underway.
- Zyxel firewalls users were advised last week to upgrade firmware immediately due to 3 separate vulnerabilities that were revealed. This week ShadowServer has said, “At this stage if you have a vulnerable device exposed, assume compromise”.
- In Ransomware, Malware, and Vulnerabilities News, ScanSource a global tech distributor that connects devices to the cloud for customers across hardware, SaaS, connectivity and cloud computing, located in Greenville, SC revealed that they are back in operation, a little over 2 weeks after being attacked by Ransomware. What is interesting is that this figure is spot-on with the latest estimates for average time to resume business after such an attack, which is pegged at 16 days.
- In Other News Events of Note and Interest, the CEO of CrowdStrike has said that generative AI is “an arms race” with good-guys going against nation-state actors with nefarious AI. On a related note, CrowdStrike introduced Charlotte, their Generative AI Security Analyst.
- In Cyber Insurance News, insurers are predicting that a “catastrophic Cyber Event” could cost the industry as much as $33 billion. “However, given the industry’s resilience to significantly greater losses from other classes, in most cases these should not be insurmountable.”
No funny quip or axiom this week. Just a reminder, you don’t need to follow every link in the Red-N-Security Newsletter, but you should at a minimum scan the link titles to see if a product you support or know is in use in your, or a customer’s, environment is at risk. Then as the saying goes, “See something, Say something”. You could be the hero that prevents a catastrophic event.
Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News
Headline NEWS
- Apple iTunes local privilege escalation on Windows
- Critical Barracuda 0-day was used to backdoor networks for 8 months
- Capita cyber-attack: 90 organizations report data breaches
- Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor
- Microsoft Announces Restore Apps for Easier PC Migration
- Microsoft is installing incompatible AMD GPU drivers in Window 10 and Windows 11
- New MOVEit Transfer, by Ipswitch, zero-day mass-exploited in data theft attacks
- Pax8 and CrowdStrike Announce Strategic Partnership
- Pentagon Promising to Unleash Cyber Campaigns if Needed
- New Wi-Fi MITM Attack That Can Evade WPA3
- WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection
- WordPress force installs critical Jetpack patch on 5 million sites
- Researchers tell owners to “assume compromise” of unpatched Zyxel firewalls
Ransomware, Malware, and Vulnerabilities News
- US Navy Hit by Chinese Hackers, China Denies Accusation
- Dallas Faces Difficult Choices As It Continues To Navigate Active Ransomware Attack
- CAPTCHA-Breaking Services with Human Solvers Helping Cybercriminals Defeat Security
- It’s Time for the United States to Adopt a New Strategy to Combat Ransomware
- Operation Triangulation: iOS devices targeted with previously unknown malware
- Tornado Cash hacker offers control back to community
- New Mirai Variant Campaigns are Targeting IoT Devices
- AceCryptor: Cybercriminals’ Powerful Weapon, Detected in 240K+ Attacks
- Human Error Fuels Industrial APT Attacks, Kaspersky Reports
- NSA and FBI: Kimsuky hackers pose as journalists to steal intel – PDF link
- Casepoint ransomware attack: BlackCat claims data breach
- Discord Admins Hacked by Malicious Bookmarks
- Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT
- Lazarus hackers target Windows IIS web servers for initial access
- New Horabot campaign takes over victim’s Gmail, Outlook accounts
- Idaho Falls Community Hospital forced to divert ambulances after cyberattack
- File Archiver In The Browser
- MCNA Dental data breach impacts 8.9 million people after ransomware attack
- ReversingLabs found malicious npm packages serving TurkoRAT binaries that mimic NodeJS
- Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’ Goals
- A Q&A with Wazawaka: The FBI’s cyber Most Wanted says new designation won’t affect his work
- Microsoft finds macOS bug that lets hackers bypass SIP root restrictions
- Serious Security: Verification is vital – examining an OAUTH login bug
- Dark Pink APT Group Leverages TelePowerBot and KamiKakaBot in Sophisticated Attacks
- New Linux Ransomware Strain BlackSuit Shows Striking Similarities to Royal
- Inactive, unmaintained Salesforce sites vulnerable to threat actors
- Swiss real estate agency fails to put a password on its systems
- Exploit released for RCE flaw in popular ReportLab PDF library
- Terminator antivirus killer is a vulnerable Windows driver in disguise
- Toyota confirms another years-long data leak, this time exposing at least 260,000 car owners
- BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration
- ScanSource ‘Has Resumed’ Operations After Ransomware Attack – a little over 2 weeks later
- Threatening botnets can be made with little code experience, Akamai finds
- Growing hacking threat to satellite systems compels global push to secure outer space
- New Lumen research reveals previously unseen Qakbot infrastructure
Other News Events of Note and Interest
- Cybersecurity Risks and Privacy Rules Add Pressure on Boards
- CrowdStrike CEO calls generative AI an ‘arms race’
- Alcion Emerges from Stealth with AI-Driven Backup-as-a-Service Platform for Microsoft 365
- ChatGPT for SOC Analysts
- Oracle Support for MySQL 5.7 Ends Soon, Key Upgrades in 8.0
- Microsoft Defender Antivirus review – it is as good as anything else
- Programmer Creates Grim Tool to Clone Anyone as an “AI Girlfriend”
- The great CISO resignation: Why security leaders are quitting in droves
- Google veep calls out Microsoft’s cloud software licensing ‘tax’
- Google triples rewards for Chrome sandbox escape chain exploits
- CrowdStrike Introduces Charlotte AI, Generative AI Security Analyst
- CrowdStrike Achieves IL5 Authorization to Secure U.S. Department of Defense
- Bring an old PC back to life with Windows 10 thanks to the new bloat-free Tiny10
- Kali Linux 2023.2 released with 13 new tools, pre-built HyperV image
- The original Chromecast has reached its end of life
- Is ChatGPT a cybersecurity disaster? We asked the experts
- House lawmakers concerned half of VA’s IT contracting dollars going to 10 companies
- Nvidia taps into Israeli innovation to build generative AI cloud supercomputer
- Microsoft quietly released Windows 11 22H2 Configuration Update that boosts performance
- Gartner releases 4 trends that will impact enterprises in 2023
- Microsoft up in Arms over data-loss protection in Windows 11
- Plan for 30% tax on Bitcoin mining appears dead under debt ceiling deal
- Noncompete agreements violate US labor law, official says
- The shadow IT fight — 2023 style
- PyPI announces mandatory use of 2FA for all software publishers
- CrystalDiskInfo 9.0 – an interesting utility
- WingetUI 2.0 Beta 3 – is getting better and more useful
- WinToUSB 7.9.1 – create a fully functional Windows that runs off a USB drive
- Adobe Firefly explained – everything you need to know
- Sniffnet: An Interesting Open-Source Network Monitoring Tool Anyone Can Use
- Upskilling the non-technical: finding cyber certification and training for internal hires
- Windows 11 to require SMB signing to prevent NTLM relay attacks