May 10, 2025

Hello all,

After a slow start to the week, we closed it out with a few very serious vulnerabilities made public by Cisco, SonicWall, and Ubiquiti. This coming week is Patch Tuesday and if historic numbers are a valid guide, I expect about 40 items to be patched by Microsoft, and a normal smattering from other vendors.

Headline NEWS:

  • Cisco released patches to plug 35 holes and defects across several products, the most severe of these has a CVSS of 10.0 and can enable full root access. These defects are in Cisco IOS XE Wireless Controllers, the management API of Catalyst Center, and the CLI of Catalyst SD-WAN Manager. Additionally, they updated their list of products affected by the critical Erlang/OTP SSH security defect, as well as the status of any patches.
  • Microsoft has announced a new OneDrive feature that is slated for release next month – the ability to sync both personal OneDrive and Corporate OneDrive content. While this sounds like a great productivity boost, it is massive vulnerability being created by Big Redmond that will facilitate simple exfiltration of files, and it will be enabled by default! What are they thinking? This is not “Secure by Design”. If you manage systems and don’t want this glaring hole available, you’ll need to disable this newly announced “feature” via Intune policy, Group Policy Object, or Registry change.
  • SonicWall sent out notices to customers that SMA100 Series VPN appliances need patching to fix three defects. If not patched, attackers can gain root access. Amazingly, their email to customers essentially said that these older VPN technology devices should be replaced with new technologies – even though they are still being supported – due to the difficulty in securing VPNs.
  • SysAid, an IT Management product, revealed four critical defects that can be used to enable root access in the on-premise versions of their software. The fix is to update to the latest version, and you should do so quickly since a Proof of Concept (PoC) exploit is already available. The last one of these a couple of years ago was used by ransomware operators to wreak havoc on SysAid customers.
  • TeleMessage is an encrypted communication platform used by the US Government. It was hacked, leaking sensitive conversations, contact information of government officials, back-end login credentials for TeleMessage; and more. The application itself was not the issue, but instead the message archive location was not encrypted and that’s where data was able to be extracted. Smarsh, the company that owns TeleMessage is still investigating.
  • Ubiquiti released updates to their UniFi Protect Cameras and the UniFi Protect Application to plug holes that can allow Remote Code Execution (RCE). These defects have a CVSS of 10.0, so make sure to get this applied quickly to avoid being compromised.

In Ransomware, Malware, and Vulnerabilities News:

  • PowerSchool was exfiltrated and ransomwared in December of 2024. At the time, PowerSchool paid the ransom in an attempt to keep the stolen data from ever becoming public. And the criminals behind the attack promised that they’d deleted the data. Well, they lied. Schools across North America have started receiving emails demanding payment to prevent release of information which has been shown to contain, “students’ and staffers’ names, contact information, birthdays, medical information, parental information, and in some cases Social Security numbers”. I guess you can’t trust criminals to keep their word, who knew?
  • LockBit Ransomware Gang Hacked in a bit of vigilante justice, XOXO from Prague has struck again and hacked into some of LockBit’s infrastructure and has released a nice trove of information to the world. The parting shot on LockBit’s admin panels all read, “Don’t do crime CRIME IS BAD xoxo from Prague”. Thank you Czech Mate.

In Other News Events of Note and Interest:

  • Energy use in Kuwait fell by over 50% after crypto mining crackdown is a startling statistic that shows how much power is needed to perform this activity. The locations that were shut down were consuming 20 times more power per month than the average Kuwaiti home. In a somewhat related article, Google agrees to fund the development of three new nuclear sites, adding to one other that they’ve already committed to purchasing power from. This need for power is driven by the rapid expansion of AI and the voracious power needs of the datacenters to enable our new overlords’ functions.

Musings:

Since this is coming out on Mother’s Day Weekend, here in the USA, I’m taking a moment to honor the legacy of the Mother of Modern Programming, Admiral Grace Hopper December 9, 1906 – January 1, 1992. She was singularly responsible for revolutionizing how we interacted with and programmed computers, coming up with the idea of a compiler that converted English terms into Computer programming code. And she succeeded, radically transforming programming. Her opus was to create COBOL (an acronym for COmmon Business-Oriented Language) a programing language which is still in use today. To all of the mothers out there, Happy Mother’s Day!

Visc. Jan Broucinek

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

 

Tags
Share this with: