March 15, 2025

(For a video version of the introduction below, click here)

Hello all,

Patch Tuesday from Microsoft and others came in with the March winds and left us a bit of a mess. Microsoft has six zero-days and six critical updates. A large quantity of other vendors, such as, Adobe, AMD, Apple, Commvault, Cisco, Fortinet, GitLab, Juniper, Mozilla, PHP, SAP, Veritas, and VMware, all released patches for their products. Some of these are called out below. It would be wise to check any products you use for updates on a regular basis and when they reach End-Of-Life, replace them.

Now on to details about these and other headline items.

Headline NEWS:

  • Apple released an emergency update to fix a vulnerability in their WebKit that is already under limited exploitation. It is limited because it is an “extremely sophisticated” attack that affects most of their devices.
  • Cisco made patches available for their IOS XR, a carrier-grade operating system for their Network Convergence routers. Attackers, if successful in exploiting the vulnerability, would be able to gain root access. Additional patches were to stop Denial of Service (DoS), including crashing of the Border Gateway Protocol (BGP) engine, and a secure-boot bypass that would allow malicious code to be loaded.
  • Fortinet has unleashed a large panoply of defect fixes, plugging 18 holes in what seems like much of what they make, FortiOS, FortiProxy, FortiPAM, FortiSRA, FortiAnalyzer, FortiIsolator, FortiManager, FortiAnalyzer-BigData, FortiSandbox, FortiNDR, FortiWeb, FortiSIEM and FortiADC. If you own Fortinet gear, you already know the drill, as this is a regular occurrence. Patch, and patch again.
  • Juniper Networks released fixes for their JunoOS to close holes that Chinese threat actors, and who knows who else, have been exploiting in order to leave open holes for persistent access. The list of products affected is extensive, so if you use Juniper, vet quickly and follow their guidance on securing your gear.
  • Microsoft dropped a fun load of patches on us this past week with six zero days already under active exploitation, and six critical defects that are sure to be weaponized quickly by the dirtbags out there. All told there were 57 defects patched across a range of products and operating systems. Don’t wait to be exploited, patch now.
  • Microsoft Exchange Online has been having a very bad week with huge numbers of people experiencing issues with being able to connect, send and receive email, and receive Non-Delivery Reports (NDR) when sending emails with attachments other than ZIP files. Big Redmond says that they’ve been restarting machines and are watching to see if improvements happen.
  • Mozilla Firefox had a root certificate expire on Friday and has been urging users to upgrade to at least Firefox 128 (released in July 2024) or later to be able to keep using the browser uninterrupted. If you waited all is not lost, you can use another browser to download a newer version of Mozilla Firefox from their website.

In Ransomware, Malware, and Vulnerabilities News:

  • Ransomware attacks soared to new heights last month, with 962 organizations reported as being impacted, with a third of those attributed to the Cl0p group. CISA also reported that the Medusa group has compromised over 300 companies since 2021. New reports show that successful attacks on “perimeter security devices” such as VPNs, routers, and firewalls are responsible for 58% of successful ransomware attacks, with 18% attributed to Remote Desktop Protocol products. Recent high-profile takedowns and arrests have made a dent in the ransomware criminal ecosystem, causing it to fragment, but as can be seen from the numbers, it is still very potent. Blackfog Security reports that 94% of ransomware attacks exfiltrate data and despite increased ability for organizations to restore and rebuild after a successful attack due to better backup hygeine, double and even triple extortion demands by the criminals is increasing.

In Other News Events of Note and Interest:

  • New HIPAA regulation is coming. The public comment period has ended for the proposed revisions to HIPAA regulations. There were over 4000 public comments, so it may be a while before they’re all evaluated, but clearly the current HIPAA regulations are not enough. Every week there are reports of yet another breach involving thousands if not millions of individuals supposed protected health information being made public. The new revisions to HIPAA will be incredibly difficult and expensive to implement and maintain due to how comprehensive they are. But they are sorely needed.

Musings:

I wonder how many of us realize that we are on the cusp of a new age as profound as the industrial revolution, when we went from mainly agrarian and rural lifestyles to working in factories and living in cities? We’ve witnessed the digital revolution slowly transform huge swaths of the workforce into one that is remote and capable of working from anywhere – no longer bound to the proximity of the factory or city where their employer is located. This has resulted in a de-urbanization in some areas as remote workers move to more rural and pastoral environs. As we transition into the AI age, we will soon have virtual digital assistants that will perform much of the knowledge gathering, correlation, and compilation tasks that we once did. Our function will be to know how to ask the right questions of our assistants so that we get the output desired. Similarly, as AI progresses, robotics will advance to the point where repetitive manual labor will become fully automated. What does this mean for humanity? I don’t know. But I do know that it is coming. However, it isn’t something to fear, but unless you’re aware, watching, learning, and preparing, you may soon find that you’re an anachronism pining for the “good ole days”.

Visc. Jan Broucinek

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS
Ransomware, Malware, and Vulnerabilities News
Other News Events of Note and Interest

 

Tags
Share this with: