Hello all,
The Red-N Weekly Cyber Security News newsletter is below the Notable Callouts as usual.
Notable Callouts:
- Cisco leads the list this week with a vulnerability that is exploited via SNMP on routers, and a separate vulnerability in their Cisco Industrial Network Director.
- VMware has two as well, one in vRealize, and the other in Aria Operations for Logs
- Google rapidly followed last week’s zero-day patch with another one this week
- PaperCut has a critical vulnerability that is under active exploitation. If you have it, patch it immediately. Stop reading, go patch – now!
- Microsoft Patch Tuesday bug fixes have apparently broken some printing.
- Ubuntu now can be Azure AD authenticated.
- SAN ICS Security has a fascinating video about their revolutionary HyperEncbulator.
- In Ransomware, Malware, and Vulnerabilities News, a county adjacent to the Viscount’s own was just duped out of nearly $1 million via BEC (Business Email Compromise).
- In Other News Event of Note and Interest, CatGPT – actually is the cat’s meow.
In light of the advent of CatGPT, perhaps the best use of the internet truly is cat memes and videos.
Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News
Headline NEWS
- Threat Actors Exploiting SNMP Vulnerabilities in Cisco Routers
- Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products
- Hackers actively exploit critical RCE bug in PaperCut servers
- New Google Chrome Zero-Day Bug Actively Exploited in Wide
- Shock, horror – a Windows 10 update has broken some printers… again
- VMware fixes vRealize bug that let attackers run code as root
- Ubuntu Desktop 23.04 Arrives with Azure AD Authentication
- SANS ICS HyperEncabulator -At SANS ICS Security, when we’re not innovating,.. we’re encablulating
Ransomware, Malware, and Vulnerabilities News
- Security researchers find LockBit ransomware can target macOS devices
- Cyber criminals dupe Manatee County out of nearly $1 million
- GhostToken GCP flaw let attackers backdoor Google accounts
- Google ads push BumbleBee malware used by ransomware gangs
- Capita Confirms Data Breach After Ransomware Group Offers to Sell Stolen Information
- Oracle April 2023 Critical Patch Update Addresses 231 CVEs
- EvilExtractor malware activity spikes in Europe and the U.S.
- Microsoft Will Name Threat Actors After Weather Events
- Kansas healthcare company hit by ransomware
- NSO Group Is Back in Business With 3 New iOS Zero-Click Exploits
- American Bar Association data breach hits 1.4 million members
- Raspberry Robin Adopts Unique Evasion Techniques
- Lazarus hackers now push Linux malware via fake job offers
- Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land
- Why xIoT Devices Are Cyberattackers’ Gateway Drug for Lateral Movement
- ChatGPT Account Take Over Bug Let Hackers Gain Online Account
- Hackers publish sensitive employee data stolen during CommScope ransomware attack
- New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware
- QBot changes tactic, remains a menace to business networks
- Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access
- 153K Connecticut customers impacted in Webster Bank data breach
- ‘AuKill’ EDR killer malware abuses Process Explorer driver
- Hackers abuse Google Command and Control red team tool in attacks
- Living Off the Land (LOTL) attacks: Detecting ransomware gangs hiding in plain sight
- New Zaraza Bot Credential-Stealer Sold on Telegram Targeting 38 Web Browsers
- Offensive cyber company QuaDream shutting down amidst spyware accusations
- You Can Apparently Use a “USB Condom” to Protect Against the FBI’s Latest Boogeyman
- Medusa ransomware crew brags about spreading Bing, Cortana source code
- ME – Shields Health Breach Exposes 2.3M Users’ Data
- Wave of Cyber Attacks on Israel: Russians Join Iranian Hackers
- Hackers Storing Malware in Google Drive as Encrypted ZIP Files
- The Attacks that can Target your Windows Active Directory
- Giving a Face to the Malware Proxy Service ‘Faceless’
- Recycled Core Routers Expose Sensitive Corporate Network Info
- Using Untitled Goose to Investigate Compromises | Practical365
- Microsoft: Iranian hackers behind retaliatory cyberattacks on US orgs
- US, UK warn of govt hackers using custom malware on Cisco routers
- Phishing Attacks Surge as Threat Actors Leverage New AI Tools
- Fake Chrome updates spread malware
- Critical Flaws in vm2 JavaScript Library Can Lead to Remote Code Execution
- Credential harvesting malware appears on deep web
- Russian hackers targeting Western critical infrastructure, UK says
- March 2023 broke ransomware attack records with 459 incidents
- MacStealer – newly-discovered malware steals passwords and exfiltrates data from infected Macs
- Britain sounds alarm on spyware, mercenary hacking market
- Microsoft SQL servers hacked to deploy Trigona ransomware
- MA – State’s second-largest health insurer suffers cybersecurity attack
- NationsBenefits confirms thousands had personal data stolen in Fortra breach
- Attackers use abandoned WordPress plugin to backdoor websites
- First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters
- Mandiant Security Update – Initial Intrusion Vector | 3CX
- Fortra Sheds Light on GoAnywhere MFT Zero-Day Exploit Used in Ransomware Attacks
Other News Events of Note and Interest
- CatGPT is the best use of AI yet
- NJ – Vintage Computer Festival East Was A Retro Madhouse
- Is there really a march from the public cloud back on-prem?
- Proton releases end-to-end encrypted password manager for desktop and mobile
- Microsoft Defender floods users with false password notifications
- Yubico is merging with ACQ Bure: merged company intends to go public
- Appeals court spares Google from $20m patent payout over Chrome
- Mozilla removes Bypass Paywalls Clean extension from its add-ons repository
- Seagate hit with $300m penalty for selling sanctioned storage to Huawei
- Microsoft 365 outage blocks access to web apps and services
- Microsoft DirectStorage 1.2 Now Available: Could Make Load Times On HDDs Faster
- Google May Lose Search on Samsung Devices to Microsoft
- You can now send much longer links with Microsoft Outlook thanks to bug fix
- Use Azure Bastion as a jump host for RDP and SSH
- Microsoft Defender update causes Windows Hardware Stack Protection mess
- Security Is a Revenue Booster, Not a Cost Center
- Windows 11’s Start menu will pester you for using a local account
- CISA updates zero trust maturity model to provide an easier launch
- The crackdown on pixel tracking in telehealth is a warning for every startup
- Bug in iOS causes iPhone users to freak out, with constant requests for Apple ID passwords
- Microsoft opens up Defender threat intel library with file hash, URL search
- Local admin/privilege management with Intune
- How to use Microsoft Loop in Outlook and Teams