June 8, 2024

Hello all,

Another A to Z week in this issue, starting with a little firestorm from Adobe, and ending with patches for EoL network attached storage services by Zyxel. I was thinking that it would be a somewhat quiet week, the calm before the storm, since this coming Tuesday is Patch Tuesday. Boy was I wrong!

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

• Adobe leads off our headlines with new terms and conditions that have created an uproar in the creative community. Angry users are saying that Adobe’s terms allow the company to use works created by clients however they want, and even sublicense it. Adobe, for their part has been doing massive pack-pedaling, putting out a blog about the new T&C and is continuing to reach out to media outlets and clients, insisting that it is a misunderstanding. I’m no lawyer, but if this many people can get it “wrong” then a good lawyer could certainly a case of make of it. I’m sure more will be coming out about this in the coming days.
• Atlassian Confluence has a high-severity bug. It allows an authenticated threat actor the ability to execute arbitrary code. While not pants-on-fire, it is serious, and should be patched ASAP.
• Check Point VPN has had a zero-day vulnerability that has been under active exploitation since the beginning of April. This bug is a path traversal vulnerability that can lead to attackers reading ANY file on the system, including password files. If you use this, patching immediately is critical.
• Cisco Webex cloud service had a vulnerability in how it assigned meetings. Threat Actors were able to discover information about past and future Webex meetings, who attended them, how long they lasted, what the meetings were about, and even to join meetings. Several European governments are confirmed to have been affected, and who knows how many countless others that use this service. It should be noted that Cisco has now fixed this hole.
• FBI, in a win for the good guys has over 7,000 LockBit ransomware decryption keys available for use. So, if you were a victim of LockBit, contact the FBI, you may be able to recover some of your encrypted data.
• PHP for Windows has fixed a critical Remote Code Execution flaw that impacts all versions. It is critical that you update your PHP to a patched version if you are using this, update to PHP 8.3.8, PHP 8.2.20, or PHP 8.1.29. If you cannot immediately update, there is some mitigation guidance.
• Snowflake is a cloud storage company that has thousands of very high-profile customers worldwide. They are companies such as AT&T, Adobe, Anheuser Bush, Advance Auto Parts, Ticketmaster, Lending Tree, Master Card, Western Union and more. When a few snowflakes fall it is an annoyance, when a lot fall there’s a blizzard and things grind to a halt. This could get bad very quickly for a lot of companies. Snowflake, for their part, are denying that they are the source of some of the recent public breaches of their clients. There are a number of linked articles in this week’s edition about this ongoing drama.
• SolarWinds has patched a number of high-severity vulnerabilities. They urge administrators to apply the patches immediately.
• TikTok fixed a zero-day bug that enabled more than just the Chinese government to access accounts of their subscribers. Several high-profile entities such as Paris Hilton and CNN were among those affected.
• Zyxel has made firmware patches available for End of Life Network Attached Storage devices. If you are using one of these, check if yours is on the list and patch quickly. It is unusual for a vendor to patch EoL equipment, which gives some indication of the potential severity.

In Ransomware, Malware, and Vulnerabilities News:

• Snowflake is mentioned several times in this section. It is worth perusing the articles.
• Veeam the backup solution vendor announced a new Data Cloud Vault to deal with ransomware. It looks quite promising.

In Other News Events of Note and Interest:

• Grok, Elon Musk’s AI will soon get smarter. He is planning to purchase 300,000 Blackwell B200 Nvidia AI GPUs in order to upgrade X’s existing AI GPU cluster.
• Microsoft Recall seemed like a good idea, then the security guys got their hands on it. Initially Microsoft said that it would be on by default on AI enabled computers. Once the vehement swell of complaints regarding the built in spying tool rose to tidal wave, Big Redmon could no longer ignore the press and has backpedaled, saying that Recall will be off by default. And due to hackers already breaching it, Microsoft has said that they will be reworking the feature’s security. This tale isn’t over yet. There are several links in this section with more details.

In Cyber Insurance News:

• Data breach litigation. A breach is expensive. You need to have the appropriate coverage so that you survive the crisis. The time to ensure you have sufficient coverage is now. Once an event happens, it is too late.

This past Friday, my co-host Jeremy and I talked about Password Management on the Buffalo-Plaid Breakfast Cybersecurity web broadcast. One item that we discussed was that we will likely always have passwords of some sort. Think about smart-locks, all of them have some way to get around them should the electronic bits not work for some reason. Likewise, the new passwordless technology, while an amazing boon for helping secure our digital worlds, will still require some form of “break-glass” ability to get into your digital life should that particular portion of the technology be down. Make sure you set that up at the same time that you set up your passwordless logins. You don’t want to lose access and then have a nightmare trying to get in.

And remember, keep the shields up. They really are out to get you.

Viscount Jan Broucinek
Red-N Weekly Cyber Security News

Headline NEWS

• Change to Adobe terms & conditions outrages many professionals
• Atlassian Confluence High-Severity Bug Allows Code Execution
• Check Point VPN zero-day exploited since beginning of April
• Vulnerability in Cisco Webex cloud service exposed government authorities, companies
• FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out
• PHP fixes critical RCE flaw impacting all versions for Windows
• The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever
• SolarWinds Patches High-Severity Vulnerability Reported by NATO Pentester
• TikTok fixes zero-day bug used to hijack high-profile accounts
• Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models

Ransomware, Malware, and Vulnerabilities News

• NIST turns to IT consultants to clear National Vulnerability Database backlog
• FCC approves $200M for cybersecurity in schools
• Spam blocklist SORBS closed by its owner, Proofpoint
• Account Takeovers Outpace Ransomware as Top Security Concern
• Advance Auto Parts stolen data for sale after Snowflake attack
• Snowflake Warns: Targeted Credential Theft Campaign Hits Cloud Customers
• Hudson Rock yanks report fingering Snowflake employee creds snafu for mega-leak
• Mysterious corporate breaches could link to Snowflake accounts
• More Snowflake Data Theft Claimed Amid Scrutiny Of MFA Policies
• Cyberattacks cost town of Arlington, Mass. nearly $450,000
• Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices
• Exploit for critical Progress Telerik auth bypass released, patch now
• This Hacker Tool Extracts All the Data Collected by Windows’ New Recall AI
• Oracle WebLogic Server OS Command Injection Flaw Under Active Attack
• Interpol and FBI break up a cyber scheme in Moldova to get asylum for wanted criminals
• Hackers break in to TikTok accounts belonging to Paris Hilton, CNN
• New Gitloker attacks wipe GitHub repos in extortion scheme
• Phishing Report Supports Focus on the Human Element
• Cybercrooks get cozy with BoxedApp to dodge detection
• GPT-4 autonomously hacks zero-day security flaws with 53% success rate
• Discovery highlights ‘critical oversight’ in perceived security of wireless networks
• Frontier says 750,000 Social Security numbers accessed during April cyberattack
• Hackers Exploiting MS-SQL Servers To Attack Windows Server
• Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks
• Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine
• China outsourcing its cyberattacks to hackers-for-hire
• Paris braces for a barrage of cyberattacks
• Google, Microsoft: Russian Threat Actors Pose High Risk to 2024 Paris Olympics
• CVE-2024-27822: macOS PackageKit Privilege Escalation
• Data firm execs convicted for helping fraudsters target the elderly
• Cox fixed an API auth bypass exposing millions of modems to attacks
• Google leaked addresses, license plates, and even an entire Nintendo Direct
• Cyberattack on telecom giant Frontier claimed by RansomHub
• New ransomware attack based on an evolutional generative adversarial network can evade security measures
• London hospitals declare emergency following ransomware attack
• Chinese hacking groups stole ‘sensitive’ intel on South China Sea from SE Asian government
• Rare earths miner targeted in cyber attack prior to removal of Chinese investors
• Crooks threaten to leak 3B personal records ‘stolen from background check firm’
• Russian crime group behind London hospitals cyber-attack, says expert
• Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware
• Cybersecurity experts sound alarm over US power grid vulnerabilities
• AI Company Hugging Face Detects Unauthorized Access to Its Spaces Platform
• Hackers Exploiting Amazon, Google And IBM Cloud Services
• DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks
• Nearly 400,000 affected by data breach at eye care management services company
• LightSpy Spyware’s macOS Variant Found with Advanced Surveillance Capabilities
• Microsoft paid Tenable a bug bounty for an Azure flaw it says doesn’t need a fix, just better documentation
• Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
• Ransomware Rebounds: Extortion Threat Surges in 2023, Attackers Rely on Publicly Available and Legitimate Tools
• ‘Fog’ Ransomware Rolls in to Target Education, Recreation Sectors
• VeeamOn: Data Cloud Vault to Address Ransomware Threats

Other News Events of Note and Interest

• Cool Tool: Kali Linux 2024.2 released with 18 new tools, Y2038 changes
• Cool Tool: LibreOffice 24.2.4 Office Suite Is Now Available for Download with 72 Bug Fixes
• A clarification on Adobe Terms of Use
• Humane warns AI Pin owners to ‘immediately’ stop using its charging case
• Command senior chief convicted for unauthorized Wi-Fi on her ship
• LastPass says 12-hour outage caused by bad Chrome extension update
• Quantum internet breakthrough after ‘quantum data’ transmitted through standard fiber optic cable
• Signal reaffirms it will leave European market rather than agree to help governments surveil users
• AT&T customers facing ‘nationwide issue’ impacting their ability to call non-AT&T users
• T-Mobile hopes you’ll buy $30 “Home Internet Backup” for when cable goes out
• ChatGPT was down – here’s what we know about the huge outage
• CISA’s Secure by Design Initiative at 1: A Report Card
• Elon Musk wants to purchase 300,000 Blackwell B200 Nvidia AI GPUs
• Google Chrome Is Now Faster, Thanks to Better Cookie Handling
• Google Maps is making a big privacy change to protect your location history
• Dell predicts 20 percent jump in memory and SSD prices later this year
• Fraudsters Are Stealing Land Out from Under Owners, Says FBI’s Newark Office
• Utah woman admits to ordering ‘hitman for hire’ using dark web, Bitcoin
• In rural Pennsylvania, old gas wells are being used for bitcoin mining
• Verizon users report blurry photos in Android messaging apps
• Windows on ARM is finally going to put an end to Wintel dominance – and that’s a good thing
• Great news — Microsoft is killing off non-editable PDFs for good
• Valve: 46% of PC users on Steam run Windows 11
• Windows 11’s Recall feature is on by default on Copilot+ PCs
• Microsoft is reworking Recall after researchers point out its security problems
• Windows Recall demands an extraordinary level of trust that Microsoft hasn’t earned
• How to Remove the New Lock Screen Widgets in Windows 11
• Microsoft may allow installing fonts using WinGet on Windows 11, Windows 10
• The full-screen nag banner for Windows 11 begins rolling out on Windows 10
• Microsoft warns that KB5037853 update can break the taskbar in Windows 11
• Microsoft confirms NTLM is dead beyond Windows 11 24H2 and Server 2025
• Windows 11 still lets you open old File Explorer without any tweaks or hacks
• Microsoft releases official guides for Windows 11 Passkeys on how to save, use, manage them

Cyber Insurance News

• How Mitigating Your Cybersecurity Risk Can Transform Your Business
• Data breach litigation, the new cyber battleground. Are you prepared?
• CFC improves cyber risk heat map
• The top three cyber policy gaps