March 22, 2025 - Red Dot Security

(For a video version of the introduction below, click here)

Hello all,

Unlike last week’s patch-release frenzy, things dropped back to our normal harried pace this week. We did receive warnings about some pretty nasty defects from the likes of IBM, Synology, TP-Link, Veeam, and WhatsApp, just to name a few. So let’s move onto the notable news items of the week.

Headline NEWS:

Google made the headlines a few times, the first was as a result of their $32 billion acquisition of the Israeli Cybersecurity firm Wiz, which specializes in cloud security. Both Google and Wiz have assured clients that Wiz’s multi-cloud functionality will continue, and Wiz will not become Google Cloud only. Couple this news with Google’s recent purchase of security firm Mandiant and it paints a clear picture that Cybersecurity is a major focus at the Googleplex.
Also in Google news, the US Justice Department wants Google to sell off their Chrome browser and possibly even Android business, stating that “Google’s anticompetitive conduct has denied users of a basic American value—the ability to choose in the marketplace.” It is the reward for being a successful business, being told that you’re too big. The implications of this draconian action are far-reaching as Mozilla Firefox derives a major portion of their income from promoting Google search, and if that source dries up, the red fox may starve.
IBM has a couple of holes apparently large enough to be seen from China. They scored a perfect 10 out of 10 on the Common Vulnerabilities Scoring System (CVSS) for one, and a 9.8 for the other. They are in their Advanced Interactive eXecutive operating system (AIX OS). This is used in an estimated 9,000 organizations, running critical applications. If this is you, patch immediately!
TP-Link has a newly published hole in their TL-WR845N routers. They also got a 9.8 on CVSS. Unfortunately, as of publication time, there was no patch yet from TP-Link. There is some mitigation guidance in our linked article, follow it if you have one of these devices, and I’d recommend that you replace it with another brand as soon as possible as this seems to be a regular occurrence with this vendor.
Veeam issued a patch for a critical defect in their Backup and Replication software that scored a 9.9 on CVSS, which, if exploited could allow “remote code execution (RCE) by authenticated domain users”. There is a glimmer of good news. If you followed their best practices and didn’t domain-join your Veeam server, you are not susceptible to this defect. Nevertheless, you should apply this patch as soon as possible to plug this hole and any ancillary ones that could be lurking.

In Ransomware, Malware, and Vulnerabilities News:

Why Are Young Adults Vulnerable to Phishing Scams is a fascinating dive into this troubling phenomenon that exists among a population that we generally consider to be highly digitally literate. It turns out that the reason is “FOMO”, Fear Of Missing Out.” Rather than scrutinizing a suspicious link, they often simply check if the sender is familiar.” Scammers are well aware of the lower impulse control of youth and are actively phishing this demographic on social media sites. The article encourages more cybersecurity training at an earlier age in schools. I fully agree. We have driver’s education for a reason, we should also have cybersecurity education for very similar reasons.

In Other News Events of Note and Interest:

Microsoft Patch Tuesday uninstalled Copilot for many people when it rolled out last week. Unfortunately for the opponents of the AI apocalypse, their rejoicing was cut short when Microsoft noticed their error and restored their digital spy.

Musings:

Automatic updates are both a godsend and a bane. When they work, they are wonderful in that your product is automatically secured by your software or hardware vendor at regular intervals or when warranted. Unfortunately, there is the flip side when automatic updates go wrong. The result can be a bit of inconvenience when something doesn’t work, or it can be CrowdStrike catastrophic and take down massive portions of what you or your enterprise need to do business. It is high time that we have reliable auto-updates in all of our products. For our part, as defenders, we can ensure that we have backups and snapshots to restore to if something does fail. But we also need to examine our complex interactions of hardware and multiple software products and simplify so that automatic updates are trivial, allowing us to activate them. The only alternative is to carefully vet that any updates are pre-tested against our particular configuration before rolling it out to production. I’m truly hopeful that AI will be the magic bullet that will be able to model the various software and hardware interactions involved, finally making error-free patching a reality.

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Like this: