March 18, 2023

Hello all,
The Red-N Weekly Cyber Security News newsletter is below the Notable Callouts as usual. There’s a lot this week, so let’s get right to it.

Notable Callouts:

• Microsoft Patch Tuesday’s releases are the biggest news item this week, with the zero-user interaction Outlook vulnerability dominating tech headlines worldwide. We’ve learned that this particular zero-day vulnerability has been in use by state sponsored malactors since at least April 2022. Simply receiving, not even opening or viewing, the email is sufficient to execute the exploit. Organizations worldwide are scrambling to patch and search their Exchange databases for malicious emails (Microsoft has provided tools for this) that may have been received prior to the patch being applied. In total, Patch Tuesday brought two zero-day vulnerability fixes and 83 patches for other issues.
• Fortinet announced new firmware last week to patch actively exploited vulnerabilities. This week they are warning that active exploitation is underway, specifically against government networks.
• Adobe is warning that their Cold Fusion product has a zero-day that is being exploited in ‘very limited attacks’, whatever that means. If you’re using it, patch it. If not, remove it.
• SAP has released updates for critical vulnerabilities.
• CISA is going to start proactively scanning critical infrastructure and warning organizations if they determine that they are vulnerable.
• Microsoft is warning about large-scale use of phishing kits to send millions of emails daily to potential victims. In related news, Emotet is back with a vengeance and is part of the malicious email hailstorm being reported worldwide in support and chat forums.
• Ring Network is keeping quiet about a potential ransomware attack, even though there is mounting evidence of foul play.
• Dish Network is still trying to recover from their ransomware attack that hit them just as they were transitioning to a new cloud-based infrastructure.

“If you spend more on coffee than on IT security, you will be hacked.”– Richard Clarke.

Visc. Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Microsoft March 2023 Patch Tuesday fixes 2 zero-days, 83 flaws
• Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs
• A little something for everyone on a patchwork Patch Tuesday
• Microsoft fixes Outlook zero-day used by Russian hackers since April 2022
• Microsoft vulnerability can strike before users open ‘malicious’ email
• Fortinet: New FortiOS bug used as zero-day to attack govt networks
• Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day
• SAP releases security updates fixing five critical vulnerabilities

Ransomware, Malware, and Vulnerabilities News

• Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily
• Software for sale is fueling a torrent of phishing attacks that bypass MFA
• CISA now warns critical infrastructure of ransomware-vulnerable devices
• TSA Lays Out New Cybersecurity Requirements for Aviation Sector
• Americans lost $10.3 billion to internet scams in 2022, FBI says
• Ransomware hit 860 critical infrastructure orgs in 2022, FBI says
• Medusa ransomware gang picks up steam as it targets companies worldwide
• City of Solvang Falls Victim to Phishing Scam, Loses $538,000
• Mac Crypto Trojan Horse Discovered, Apple Chips A Rich Target
• Botnet that knows your name and quotes your email is back with new tricks
• Staples-owned Essendant facing multi-day “outage,” orders frozen
• Avenger Robert Downey Jr. fights cybercrime at SXSW panel in Austin
• Stolen credentials increasingly empower the cybercrime underground
• 5 Lessons Learned From Hundreds of Penetration Tests
• Adobe Acrobat Sign abused to push Redline info-stealing malware
• How to stay safe from phishing
• Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware
• Large-scale Cyber Attack Hijacks East Asian Websites for Adult Content Redirects
• LA housing authority discloses data breach after ransomware attack
• Unpatched Zero-Day Bugs in Smart Intercom Allow Eavesdropping
• More than 280 blockchains at risk of ‘zero-day’ exploits, warns security firm
• Counting ICS Vulnerabilities: Examining Variations in Numbers Reported by Security Firms
• Security giant Rubrik says hackers used Fortra zero-day to steal internal data
• Access Control Gap in Microsoft Active Directory Widens Enterprise Attack Surface
• GoBruteforcer: New Golang-Based Malware Breaches Web Servers Via Brute-Force Attacks
• Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets
• Ransomware attacks have entered a heinous new phase
• Magniber ransomware actors used a variant of Microsoft SmartScreen bypass
• Emotet, QSnatch Malware Dominate Malicious DNS Traffic
• Firefox 111 patches 11 holes, but not 1 zero-day among them
• Microsoft fixes Windows zero-day exploited in ransomware attacks
• LockBit brags: We’ll leak thousands of SpaceX blueprints stolen from supplier
• LockBit ransomware claims Essendant attack, company says “network outage”
• The Prolificacy of LockBit Ransomware
• 60GB Deutsche Bank data allegedly for sale on dark web
• The changing face of ransomware attacks
• Latitude cyberattack leads to data theft at two service providers
• Zoll Medical Data Breach Impacts 1 Million Individuals
• Universities and colleges cope silently with ransomware attacks
• Ring won’t say if it was hacked after ransomware gang claims attack
• New Hiatus malware campaign targets routers
• Key aerospace player leaks sensitive data
• UK Crypto Firm Loses $200m in Cyber-Attack
• 6 reasons why your anti-phishing strategy isn’t working
• Why Healthcare Boards Lag Other Industries in Preparing for Cyberattacks
• US federal agency hacked using old Telerik bug to steal data
• Hacker selling data allegedly stolen in US Marshals Service hack
• Dish customers kept in the dark as ransomware fallout continues
• More than 80,000 could be affected by data breach at Tuscaloosa ambulance service
• Halborn Finds Zero-Day Hacks Affecting Over 280 Crypto Networks
• Chinese and Russian Hackers Using SILKLOADER Malware to Evade Detection
• Conti-based ransomware ‘MeowCorp’ gets free decryptor
• BianLian Ransomware Pivots From Encryption to Pure Data-Theft Extortion
• Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration
• Dark Web ‘BreachForums’ Operator Charged With Computer Crime
• When and how to report a breach to the SEC
• BlackMamba ChatGPT Polymorphic Malware | A Case of Scareware or a Wake-up Call for Cyber Security?
• Hitachi Energy confirms data breach after Clop GoAnywhere attacks
• Minneapolis school district approves $1.5M antivirus contract following ransomware attack

Other News Events of Note and Interest

• Microsoft’s new Copilot will change Office documents forever
• NSA Releases Recommendations for Maturing Identity, Credential, and Access Management in Zero Trust
• Microsoft finally fixes Windows 11 slow file copy issues over SMB
• Patch Tuesday could break Cisco endpoint management
• How to turn an old tablet into a second PC monitor for free
• Outlook app to get built-in Microsoft 365 MFA on Android, iOS
• Chuck E. Cheese Is Weirdly Defensive About Its Floppy Disk-Powered Robots
• Lowe’s is testing Knightscope autonomous outdoor security robots at stores in Philly
• Pentagon seeks 21% boost in cyberspace spending
• Singapore software maker says own hardware in colo costs $400M less than cloud
• Kali Linux 2023.1 introduces ‘Purple’ distro for defensive security
• NordVPN makes its Meshnet private tunnel free for everyone
• Nvidia releases driver hotfix for Windows performance issues
• Viasat deploying ‘zero trust’ cybersecurity across global network
• Setting an Unreasonable Azure AD Sign-in Frequency is Bad
• Brave launches desktop VPN and cross-device subscriptions
• Analyze any URL safely using the Cloudflare Radar URL Scanner
• Quick Tip – How to download ESXi ISO image for all releases including patch updates
• How to organize all of your tabs on Chrome and other browsers
• Microsoft Edge Drop Makes File Sharing Easier
• Google Workspace launches annual plans, 20% price increase for monthly users
• Microsoft pauses delayed partner ecosystem security update to count its money
• Document Conditional Access Policies with IdPowerToys
• FCC orders phone companies to block scam text messages
• The Lesser-Known Apps Everyone Should Install on a New Windows PC
• AI-generated images from text can’t be copyrighted, US government rules
• Windows 11 incorrectly warns Local Security Authority protection is off
• Windows 11 March 2023 update causing major issues for some users

Cyber Insurance News

• Fenix24 Secures Funding from Leading InsurTech Investor Eos Venture Partner
• Hacked Hospital Says Prep to Qualify for Cyber Insurance Helped in Ransomware Attack
• Ransomware Attack on Minneapolis Schools Highlights Increase in Cyber Insurance Costs
• How can cyber insurers build muscle to tackle privacy risks?
• As cyber attacks on health care soar, so does the cost of cyber insurance
• Surprises continue in the 2023 cyber insurance market

For this week’s Red-N Weekly Cyber Security News in PDF format, click here.