March 25, 2023

Hello all,
The Red-N Weekly Cyber Security News newsletter is below the Notable Callouts as usual.

Notable Callouts:

• The FBI announced the arrest of Breach Forums owner, Connor Brian Fitzpatrick (aka Pompompurin) last week. This week Breach Hacking Forum shut down, fearing that the FBI had infiltrated and had access. Later in the week the FBI confirmed that they indeed did.
• Netgear Orbi routers have several critical vulnerabilities that Cisco Talos uncovered. Most now have patches available. However, the 90-day quiet period has expired, so Talos published their findings. A PoC exploit is already out there. If you have Orbi routers, patch them immediately, and watch for further updates.
• Veeam patched a critical vulnerability a few weeks ago. There is now an exploit in the wild that takes advantage of the unpatched flaw. Patch or mitigate now to prevent credential theft.
• The Pwn2Own conference just concluded in Canada. As expected, there was a goodly number of new exploits and vulnerabilities exposed. Expect incoming patches from the likes of Microsoft for Windows and Teams, Oracle for VirtualBox, Ubuntu Desktop, and even Tesla. In all 27 new zero-day exploits were used.
• The 2023 Cybersecurity Maturity Model Report from Cye Security reveals that most organizations are not prepared for cyber-attacks. The report determined that most companies have sufficient tools in place. It recommends, “…organizations should invest in capabilities, rather than tools; perform comprehensive assessments to prevent hackers from exploiting vulnerabilities…”
• The Microsoft Outlook vulnerability from two weeks ago is still dominating news headlines. Most organizations have now patched, now they are going through the time-consuming process of scanning Exchange databases for prior use of the vulnerability. Microsoft released some new tools and guidance to aid in that effort.
• In Ransomware, Malware, and Vulnerabilities News, Dish network is still experiencing major issues, with customers trying to reach someone for help, remaining on hold for 14 hours or more.
• In Other News Events of Note and Interest, Microsoft botched a Geo-location IP update and identified a large swath of the internet as being in Uzbekistan. The net effect was that it blocked logins for the unfortunate ones identified – if they had policies in place that used Geo-IP blocking.
• In Cyber Insurance News, CFC Underwriting has made available a rather nifty 28 page downloadable cyber insurance guide.

There’s a musical group named 1023MB. However, they’re mostly unknown. They haven’t had a gig yet.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Breached hacking forum shuts down, fears it’s not ‘safe’ from FBI
• Vulnerability Spotlight: Netgear Orbi router vulnerable to arbitrary command execution
• PoC exploits released for Netgear Orbi router vulnerabilities
• Exploit released for Veeam bug allowing cleartext credential theft
• Microsoft Teams, Virtualbox, Tesla zero-days exploited at Pwn2Own
• Windows, Ubuntu, and VMWare Workstation hacked on last day of Pwn2Own
• 2023 Cybersecurity Maturity Report Reveals Organizational Unpreparedness for Cyberattacks
• Microsoft shares tips on detecting Outlook zero-day exploitation
• com rotates its exposed private SSH key

Ransomware, Malware, and Vulnerabilities News

• BECs Double In 2022, Overtaking Ransomware
• FBI confirms access to Breached cybercrime forum database
• K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals
• Phishing through SharePoint
• Microsoft Azure Warns on Killnet’s Growing DDoS Onslaught Against Healthcare
• Samsung devices that are affected by the Exynos modem vulnerabilities
• New CISA tool detects hacking activity in Microsoft cloud services
• Controlling Third-Party Data Risk Should Be a Top Cybersecurity Priority
• Clop Ransomware Attacks Hitachi Energy, Company Confirms
• Google urges Android phone users to switch off Wi-Fi calling to avoid getting hacked
• Python info-stealing malware uses Unicode to evade detection
• Hackers target .NET developers with malicious NuGet packages
• Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace
• Frustrated Dish customers still spending hours on hold weeks after ransomware attack, they say
• General Bytes Bitcoin ATMs hacked using zero-day, $1.5M stolen
• FBI arrests alleged operator of site that hosted hacked congressional health data
• Dole discloses employee data breach after ransomware attack
• New Cyber Platform Lab 1 Decodes Dark Web Data to Uncover Hidden Supply Chain Breaches
• Ferrari discloses data breach after receiving ransom demand
• Malicious JavaScript Injection Campaign Infects 51k Websites
• New DotRunpeX Malware Delivers Multiple Malware Families via Malicious Ads
• Most mid-sized businesses lack cybersecurity experts, incident response plans
• New ShellBot DDoS Malware Variants Targeting Poorly Managed Linux Servers
• Hackers use new PowerMagic and CommonMagic malware to steal data
• Custom ‘Naplistener’ Malware a Nightmare for Network-Based Detection
• Emotet resumes spam operations, switches to OneNote
• Gmail and Microsoft Outlook users issued red alert warning
• CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws
• Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
• Researchers Shed Light on CatB Ransomware’s Evasion Techniques
• Operation Tainted Love | Chinese APTs Target Telcos in New Attacks
• Threat actors are experimenting with QR codes
• LockBit ransomware gang now also claims City of Oakland breach
• Hacker tied to D.C. Health Link breach says attack ‘born out of Russian patriotism’
• Shining Light on Dark Power: Yet Another Ransomware Gang
• New victims come forward after mass-ransomware attack on GoAnywhere transfer tool
• Hacktivists Increasingly Claim Targeting of OT Systems
• Facebook accounts hijacked by new malicious ChatGPT Chrome extension
• North Korean hackers using Chrome extensions to steal Gmail emails
• Hackers inject credit card stealers into payment processing modules
• Malware Trends: What’s Old Is Still New
• Personal data of 250,000 Medicare recipients compromised by subcontractor during ransomware attack
• CISA Alerts on Critical Security Vulnerabilities in Industrial Control Systems
• Expert speaks out after City of Allen Park hit with ransomware attack
• City of Oak Ridge offices closed to public because of malware attack
• Ottawa County, OH ransomware attack
• Business owner’s life upended by major ransomware attack
• Shoreline Community College cyberattack prompts concerns from students, families
• South Korea fines McDonald’s for data leak from raw SMB share
• Malware creator who compromised 10,000 computers arrested
• Microsoft’s Plan to Block Old Exchange Servers
• Okta Post-Exploitation Method Exposes User Passwords
• New Android Malware Targets Customers of 450 Financial Institutions Worldwide
• Kenworth Adjusts after Parts Manufacturer Hacked by Ransomware
• CloudPanel installations use the same SSL certificate private key
• CISA CPGs reorganized, reordered, renumbered to align with NIST CSF functions
• Joomla! CVE-2023-23752 to Remote Code Execution – Blog
• Massive Phishing Campaign Bypasses MFA and Mimics Microsoft Office
• Critical WooCommerce Payments Plugin Flaw Patched for 500,000+ WordPress Sites
• As critical Microsoft vulnerabilities drop, attackers may adopt new techniques
• Ukraine War Shows Difficulty of Large-Scale Cyberattacks, NSA Director Says
• Average enterprise storage/backup device has 14 vulnerabilities, three high or critical risks
• Inaudible ultrasound attack can stealthily control your phone, smart speaker
• These next-level phishing scams use PayPal or Google Docs to steal your data
• Microsoft: Defender update behind Windows LSA protection warnings

Other News Events of Note and Interest

• Microsoft breaks geolocation, locking users out of Azure and M365
• The cloud backlash has begun: Why big data is pulling compute back on premises
• Microsoft Loop and the Future of Collaborative Experiences | by Microsoft Design
• uBlock Origin’s icon now tells you if it’s ready to block ads at browser launch
• Rufus 3.22 Beta adds an option to disable BitLocker, removes ISO downloads on Windows 7
• Microsoft starts shaming unsupported Windows 11 PCs, but offers a way to deal with it
• Windows 11 may be slowing down your SSD again
• Google Rolls Out Its Bard Chatbot to Battle ChatGPT
• Microsoft Authenticator Lite: Streamlining Your MFA Experience
• Sync folder vs. Sync Library in SharePoint and OneDrive
• Google Cloud’s US-East load balancers are lousy with latency
• CISA lays out post-EINSTEIN future with shift to ‘Cyber Analytics and Data System
• The Different Methods and Stages of Penetration Testing
• Meta Proposes Revamped Approach to Online Kill Chain Frameworks
• Mozilla Firefox 111.0.1 fixes Windows 11 and macOS crashes
• Microsoft Teams to Get New Files Experience Next Month
• The Best Defense Against Cyber Threats for Lean Security Teams
• Microsoft launches Loop, its Notion competitor, in public preview
• 9 attack surface discovery and management tools
• ESF Partners, NSA, and CISA Release IAM Recommended Best Practices for Administrators
• Windows 10 and 11 snipping tools are saving data you thought you had deleted
• Microsoft’s blunders with new Windows 10 update are causing serious headaches
• 5 Must Know Device-based Conditional Access Policies in Microsoft 365
• Microsoft slightly improves OOBE on Windows 11 22H2, 21H2, as well as on Windows 10
• MSTSC: The Ultimate CLI Tool for Remote Control and Access
• Windows 10 KB5023773 preview update released with 10 fixes
• MITRE Rolls Out Supply Chain Security Prototype
• Proxmox VE 7.4 Released with Dark Mode Support

Cyber Insurance News

• SMBs don’t see need for cyber insurance since they won’t experience security incidents
• CFC Underwriting launches cyber insurance guide
• Cyber market cooling as more solutions needed for systemic risks
• Cyber insurance market size to grow by USD 42,812.64 million between 2022 and 2027
• Cyber Insurance Market Set to Surge Significantly and Expected to Grow at a CAGR of 23.78% to 2031
• Insurer Spots Cybersecurity Weakness With Model Simulating Catastrophic Attacks
• Cyber insurance carriers expanding role in incident response
• Sophos and Cowbell form Cyber Insurance Pact