March 1, 2025 - Red Dot Security

For a video version of the introduction below, click here.

Hello all,

This past Saturday, much of the world experienced Microsoft service disruptions. Big Redmond has now restored services, blaming the failure on a code change saying that they’ve “reverted the suspected code to alleviate impact.”

The Bybit $1.5 billion crypto currency theft, now solidly attributed to North Korea, dominated tech news this week, with Bybit “declaring war” on North Korea’s Lazarus group, offering bounties of millions of dollars for recovered funds. This is getting interesting with at least six links to articles in our full report.

AI vies for top-of-mind for many in the tech industry, with new freely available model launches by Google, and OpenAI, with promises of more soon.

Of course we have a lot of other items to report on, so, onward.

Headline NEWS:

Cisco released patches for their Nexus 3000 and 9000 Series Switches to plug defects that allowed malicious persons to inject commands. There are no mitigations, so patch soon.
GRUB2, the bootloader that is used by most Linux distributions worldwide has been shown to have a vulnerability that can enable secure boot bypass, remote code execution, and persistent firmware-based malware. This defect will need to be addressed by your preferred penguin flavor’s source distributor, so watch for updates.
OpenAI is on the cusp of making GPT 4.5 available to the masses. References were seen in their Android app to this new version, asking users to “Try the GPT-4.5 research preview—Pro users now have access to our newest, largest model.” That makes sense from a marketing perspective since Pro users pay a hefty $200 per month, so there are nowhere near as many of them as there are using the $20 Plus, or the free plans. The number of users is relevant because OpenAI also announced this week that they are out of GPUs. They have more coming but are seriously constrained right now and thus staggering the rollout of GPT-4.5 until they can add “tens of thousands” more GPUs.
Parallels Desktop for Mac from Alludo, has a zero-day defect that has not been patched despite being informed about it in July 2024. This hole allows for root-level privilege escalation. While you’re waiting for Alludo to act, Trend Micro’s Zero Day Initiative provided the following advice, which would apply in any scenario, make sure that “the principles of least privilege are enforced, running Parallels on a restricted network segment, and deploying EDR/XDR to monitor suspicious behavior on the endpoint”.
Vo1d Malware Botnet sounds like something from Harry Potter, but this is a very real malevolent thing lurking inside nearly 1.6 million non-Google certified Android TV’s. Victims likely won’t notice anything amiss as this “multi-purpose cybercrime tool that turns compromised devices into proxy servers to facilitate illegal operations”, meaning that it is using the compromised devices as “mules” for illegal, criminal activity targeting others, not the infected device.

In Ransomware, Malware, and Vulnerabilities News:

Bybit has quite a few articles linked in this section. I won’t go into details here other than to say that the amount of digital forensics, and the massive scale of this operation are fascinating, with thousands of crypto wallets being used to launder the solen funds. In a late breaking development, it appears that the heist was accomplished by compromising a single machine at a third-party vendor, which allowed malicious code into Bybit’s infrastructure.
US Tax Season is getting into full swing with incessant television commercials and radio advertisements proffering tax services and “maximum refunds”. I won’t get into the silliness of lending the government your money, you should be getting back zero and owing zero if you do this right, but please be vigilant. Criminals worldwide are quite adept at convincing folks that they’re out to help you, impersonating tax professionals or government agents. All you need to do is give them access to your computer and financial information. Don’t fall for it.

In Other News Events of Note and Interest:

Encryption being attacked. Last week, in response to the United Kingdom’s not so secret order to create a back door to iCloud, Apple discontinued their Advanced Data Protection (ADP) for UK residents, rather than comply. Unfortunately, other nations are attempting to, or already have, enacted similar legislation, attempting to force hardware manufacturers and software developers to create backdoors so that they can snoop on your digital life. With the specter of Artificial Superintelligence looming on the horizon, it may only be a matter of time anyway before anything digital is hackable. In the meanwhile, there needs to be a massive outcry by the general populous against this government overreach or privacy will be a distant memory well before any future AI breakthrough. Thankfully, the USA has taken an interest and is demanding to know if and how these rules will potentially to be applied to US citizens.

Musings:

In the science fiction series Battlestar Galactica, the nefarious Cylons were able to disable the entire human fleet except for the Galactica because it was still analog and hadn’t been upgraded to digital controls and the interconnected infrastructure yet. This weekend’s Microsoft failure has me wondering how many of my eggs (a very precious commodity these days) are digital and kept in the same basket? If there is a massive failure, do I have analog processes to perform my most necessary functions? Do I have cash on hand if electronic payments are down? Do I have a battery-operated radio to inform me of events if there’s a massive internet failure? How long could I function without my digital interconnected world? What alternatives exist, and have I prepared? The time to do that is before, not when a crisis hits. Don’t wait for the Cylons to show up.

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Like this: