March 30, 2024

Hello all,

This has been an interesting news-cycle week. An inordinate amount of electrons have been devoted to reporting about the Middle Kingdom’s activities and citizens. China is under scrutiny for an assortment of cyber-attacks and fear is growing regarding them gaining a technological advantage over western nations. So, read on for more details about this and other items regarding various vulnerabilities, exploits, and some cool technology wins.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

• Apple has released updates to address newly revealed vulnerabilities, and to fix their debacle with macOS 14.4 disabling USB hubs, printers, Java, and more If you have iFruit, update for both stability and security as soon as you’re able.
• AT&T has been denying or downplaying reports of a massive data breach involving over 70 million customers. Welp, this week they confirmed that it is real and reset millions of customer passcodes in response. They will also be offering credit monitoring and the like. Ouch.
• BlueDucky. No, this isn’t something a Jeep owner finds on their hood. Actually, they might. But this particular BlueDucky is a tool that allows anyone to exploit CVE-2023-45866 with little to no effort, and it requires zero-clicks on the part of the victim. Bottom line, if your device can’t get updates for this Bluetooth vulnerability, turn Bluetooth off, or replace your device.
• China has been accused by the governments of Finland, New Zealand, United Kingdom, and United States of actively sponsoring, supporting, and / or turning a blind eye toward hacking attacks against their countries and citizens. China vehemently denies the charges. Both the UK and the US have issued sanctions against Chinese nationals, and the US is offering a reward of up to $10 million regarding the men. Additional reports in our Other News Events of Notes and Interest section show China wanting to secure high-density chip fabrication technology, and the impact import restrictions are having on those ambitions and the fallout that corporations such as Intel, Microsoft, and HP are experiencing due to sanctions and embargoes.
• Cisco warns of password-spraying attacks against VPN services. Here’s a thought Cisco, include native 2FA, at no additional cost, in your devices that offer VPN services. Problem solved.
• Neuralink has shown a quadriplegic person with their implanted technology playing Mario Kart using the interface. It looks like Ray Kurzweil’s prediction of “singularity” may be coming ever closer to reality in our lifetimes.
• XZ tools is used by most Linux distributions. Some creative bad guy managed to sneak in malicious code into the source repository. RedHat and others are urging immediate action to mitigate the backdoor this hack introduced.
• Zero-days that were exploited in the wild jumped by 50% in 2023. That means that attack vectors that we didn’t know existed and could do little about before the bad guys used them doubled last year. And 2024 is shaping up to be similar.

In Ransomware, Malware, and Vulnerabilities News:

• German Police along with Lithuania, and the US, seized the Nemesis Market, a Darknet crime shop for buying stolen credentials, initial access, purloined data, and more. Score one for the good guys!
• Edge, Google Chrome, and Mozilla Firefox all received updates this week to patch zero-day vulnerabilities that were exploited recently in Pwn2Own in Vancouver, Canada. Check your browser for updates and do it. There are rumors that one of the Chromium zero-days is a drive-by, implying that no user interaction, other than opening a site is needed.

In Other News Events of Note and Interest:

• Gmail turns 20 years old this week, can you believe it? In a time when email boxes had paltry amounts of storage measured in MBs, Google came out of the gate offering 1GB of space. The world hasn’t been the same since.
• Russia, both Microsoft and HP have shut down most operations in Russia this week. Microsoft pulled their cloud services, and HP shut down their Russian support website.

In Cyber Insurance News:

• Beware war exclusions in cyber insurance. The ongoing war between Russia and Ukraine have had some nasty spill-over effects to parts of the world not actively engaged in conflict. However, if cyber-warriors from either side of that conflict cause your company damage, would that fall under the “Acts of War” exclusion for coverage? The time to find out is now, and ensure you’re protected. Not once an event happens.

Familiarity, fatigue, and fog of war. We’re faced with it every day in the cyber security industry. Another ransomware incident, another data breach, another authentication bypass, another DDoS attack, another… you get the gist. Yet we cannot yield, we must remain on guard and ever watchful as if the digital lives of our charges depend on it, for they truly do.

Keep the shields up. They really are out to get you.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

 

• Apple releases macOS 14.4.1 with fixes for USB hubs, Java, and more
• Apple Patches Code Execution Vulnerability in iOS, macOS
• AT&T confirms data breach and resets millions of customer passcodes
• BlueDucky: A New Tool Exploits Bluetooth Vulnerability
• Cisco warns of password-spraying attacks targeting VPN services
• Video Shows First Neuralink Patient Playing Mario Kart With His Mind
• New Zealand accuses China of hacking parliament, condemns activity
• Finland confirms APT31 hackers behind 2021 parliament breach
• UK imposes sanctions after Chinese-backed cyber-attacks
• US sanctions, indicts China-based hackers for allegedly targeting critical infrastructure
• Red Hat warns of backdoor in XZ tools used by most Linux distros
• Zero-days exploited in the wild jumped 50% in 2023, fueled by spyware vendors

Ransomware, Malware, and Vulnerabilities News

 

• New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts
• Easy-to-use make-me-root exploit lands for recent Linux kernels. Get patching
• Organizations Informed of 10 Vulnerabilities in Rockwell Automation Products
• CISA tags Microsoft SharePoint RCE bug as actively exploited
• German Police Seize ‘Nemesis Market’ in Major International Darknet Raid
• Bluetooth vulnerability allows unauthorized user to record and play audio on Bluetooth speakers
• Hackers Claiming Unauthorized Access to the Fortinet Devices
• Nvidia’s new ChatGPT-like AI chatbot falls victim to high-severity security vulnerabilities
• Popular open-source AI framework under siege, critical flaw has no patch
• Multiple Splunk Vulnerabilities Attackers Bypass SPL Safeguards
• Apple users targeted by new phishing attack to reset ID password
• Flashpoint report warns organizations to adapt rapidly amid increases in data breaches
• A Minecraft exploit is reportedly allowing co-ordinated attackers to get any Xbox
• Activision investigating password-stealing malware targeting game players
• US offers $10 million bounty for info on ‘Blackcat’ hackers who hit UnitedHealth
• Illinois county government, local college affected by ransomware attacks
• Cloud most recent in string of Florida cities hit with ransomware
• Cybersecurity expert warns residents after Tarrant Appraisal District, TX ransomware attack
• Municipalities in Texas, Georgia see services disrupted following ransomware attacks
• Cyber incident against The Big Issue confirmed after Qilin ransomware claims
• Fujitsu’s Business PCs Infected by Malware in a Cyber Attack That Leaked Customer Data
• Cloud Email Filtering Bypass Attack Works 80% of the Time
• Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware
• Cyber gangs stealing loads from US truckers, double brokering
• ‘Darcula’ Phishing-as-a-Service Operation Bleeds Victims Worldwide
• Canada targeted by same Chinese hackers the U.S., U.K. accuse of cyberespionage that hit millions
• China cyber-attacks explained: who is behind the hacking operation against the US and UK?
• Western governments struggle to coordinate response to Chinese hacking
• China hits out at US and UK over cyber hack claims
• North Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks
• Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks
• Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries
• Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords
• 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns
• TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service
• Agenda Ransomware Propagates to vCenters and ESXi via Custom PowerShell Script
• Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own
• Google fixes Chrome zero-days exploited at Pwn2Own 2024
• Microsoft Edge gets fixes for zero-day vulnerabilities exploited in the wild
• Ex-DoD Official Says Chinese-Made PCBs Plague U.S. Systems
• Hackers exploit Ray framework flaw to breach servers, hijack resources
• Rank Math WordPress SEO Plugin Vulnerability Affects +2 Million Sites
• WordPress Astra Theme Vulnerability Affects +1 Million Sites
• 2M+ WordPress Sites Hit By Essential Addons For Elementor Vulnerability

Other News Events of Note and Interest

 

• Ross Anderson, professor and famed author of ‘Security Engineering,’ passes away
• Plan to resuscitate beleaguered vulnerability database draws criticism
• Cool Tool: Wireeshark 4.2.4 Released
• 20 years of Gmail
• Hillsboro, OR Becomes National Power In Data Center Game, Massive Buildings Take Over Skyline
• Apple blunder resulted in all AirTag units in the world receiving a new update at the same time
• Australia Doubles Down On Cybersecurity After Attacks
• Corporations With Cyber Governance Create 4X More Value
• CISA: Nearly 311,000 ‘Small Entities’ Covered By Proposed Cyberattack Reporting Rules
• Congress bans staff use of Microsoft’s AI Copilot chatbot
• Broadcom slammed by European cloud group for VMware moves
• LibreOffice 24.2.2 Is Now Available for Download with More Than 70 Bug Fixes
• Majority of Americans now use ad blockers
• China Deals a Blow to Intel’s Turnaround
• China’s president says it doesn’t need ASML — tells Dutch PM it will continue with advanced technological progress regardless
• TSMC’s 3nm node will reportedly account for over 20% of its revenue in 2024
• Commentary: U.S.-led chip alliance could be OPEC-style cartel for digital age
• US must establish independent military cyber service to fix ‘alarming’ problems
• US fines man $9.9 million for thousands of disturbing robocalls
• XenServer is back, with a rebranded Citrix Hypervisor and a tasty three-host freebie
• Meet Jan: An Open-Source ChatGPT Alternative that Runs Completely Offline on Computer
• You can now sign-in to Google services using Windows Hello face and fingerprint unlock on PC
• HP ends ties with Russia, shutting down its Russian website
• Microsoft says Russian companies will be forced off its cloud services within days
• Updated DC hardening timeline for Secure Boot, DCOM, Kerberos, Netlogon shared by Microsoft
• Microsoft Edge Introduces a Built-in RAM Limiter
• Microsoft, OpenAI plan $100 billion data-center project, media report says
• Mustafa Suleyman: the new head of Microsoft AI with concerns about his trade
• Microsoft is finally fixing Chrome’s font issues on Windows 10 & 11

Cyber Insurance News

 

• Cyber insurance is ‘inaccessible’ for SMEs
• Coalition adds new Affirmative AI Endorsement to cyber insurance policies
• Managed Service Providers (MSPs) Have Been Left Out Of The Cyber Insurance Game
• Beware war exclusions in cyber insurance, risk managers told