May 20, 2023

Hello all,
The Red-N Weekly Cyber Security News newsletter is below the Notable Callouts as usual. This week there’s an opportunity to earn a combined $25 million if you can breach LayerZero Labs and if you know where to find Mikhail Matveev.

Notable Callouts:

• Apple starts our roundup with 39 patched vulnerabilities, including 3 zero days.
• ASUS released a faulty security update that caused worldwide issues with their routers. A subsequent update fixed the glitch.
• Cisco sent out a warning that many of their small switches have critical bugs that require patching – and public exploits already exist.
• KeePass password manager has a massive hole that allows for retrieval of the master password.
• LayerZero Labs has put out a $15 million bug-bounty program.
• Microsoft is being very cautious with the rollout of their Secure Boot bug fix. It will take nearly a year to fully deploy. Of course, you can deploy the fix sooner yourself if desired.
• Toyota disclosed that they had a decades-long data leak that exposed 2.15 million customers’ data.
• The US State Department is offering up to $10 million for information leading to the capture of Mikhail Pavlovich Matveev, alleged mastermind behind Lockbit, Babuk, and Hive.
• The US Supreme Court left protections in place for internet companies in a recent decision.
• Zero Day Initiative reports that VMware Workstation needs patching applied, after the flaws were exploited at Pwn2Own in Ontario.

•  Ransomware, Malware, and Vulnerabilities News, an interesting report that Microsoft is scanning for malware inside of some password protected compressed files that traverse their network. And a new threat Actor, MalasLocker is encrypting Zimbra servers, but demands donations to a charity of their choosing to decrypt.

• In Other News Events of Note and Interest, an MSP favorite, Huntress., has gotten a $60 million in Series C financing, to propel them further. A troubling news item about open-source and AI regulations from the European Union that could stifle advances.

• In Cyber Insurance News, BOXX Insurance has launched Personal Cyber Insurance. Coalition reports that employee actions (clicking, falling for phishing, etc.) are driving cyber insurance claims, and they’ve found that just one unpatched vulnerability increases risk of a cyber event by 33%.

Q: How many computer service technicians does it take to change a light bulb?

A: Service has received your request concerning your hardware problem and has assigned your request Service Number 39712. Please use this number for any future reference regarding this light bulb issue. As soon as a technician becomes available, you will be contacted.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Apple iOS 16.5 patches 39 security flaws, 3 actively exploited
• ASUS routers knocked offline worldwide by bad security update
• Cisco warns of critical switch bugs with public exploit code
• KeePass flaw allows retrieval of master password, PoC is public
• LayerZero Labs Launches $15M Bug Bounty; Largest in the World
• Microsoft will take nearly a year to finish patching new 0-day Secure Boot bug
• Toyota Discloses Decade-Long Data Leak Exposing 2.15M Customers’ Data
• US Offers $10 Million Bounty for Capture of Notorious Russian Ransomware Operator
• US Supreme Court leaves protections for internet companies unscathed
• Zero Day Initiative — CVE-2023-20869/20870: Exploiting VMware Workstation at Pwn2Own

Ransomware, Malware, and Vulnerabilities News

• Android malware is stealing passwords and 2FA codes
• US Transportation Department Left Reeling After Massive Data Breach
• CISA announces that BianLian Ransomware Group now only steals no encryption
• ‘Strictly limit’ remote desktop – unless you like catching BianLian ransomware
• What NIST is hearing from industry about critical infrastructure cybersecurity
• Philadelphia Inquirer continues response to cyberattack that disrupted publication
• Arm acknowledges side-channel attack but denies Cortex-M is crocked
• Debt Collection Firm Credit Control Corporation Hit by Major Data Breach
• PaperCut vulnerability abused by several threat actors could impact 70,000 organizations
• Russian computer breached DC Metro system
• New ‘MichaelKors’ Ransomware-as-a-Service Targeting Linux and VMware ESXi Systems
• Notorious Cyber Gang FIN7 Returns Cl0p Ransomware in New Wave of Attacks
• Ransomware corrupts data, so backups can be faster and cheaper than paying up
• Some potential: How bad software updates could over-volt, brick remote servers
• Malicious Microsoft VSCode extensions steal passwords, open remote shells
• 8220 Gang Exploiting Oracle WebLogic Flaw to Hijack Servers and Mine Cryptocurrency
• Tactics, Techniques, and Procedures (TTPs) Every Security Practitioner Should Know
• Dallas ransomware attack: Officials expect weeks to fully recover
• Meet ‘Jack’ from Romania! Mastermind Behind Golden Chickens Malware
• ScanSource says ransomware attack behind multi-day outages
• New RA Group ransomware targets U.S. orgs in double-extortion attacks
• Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors
• Google’s .zip Top Level domain is already used in phishing attacks
• Unpatched Wemo Smart Plug Bug Opens Countless Networks to Cyberattacks
• Ransomware group claims 2.5 terabytes of stolen data less than a month after emerging online
• MalasLocker ransomware targets Zimbra servers, demands charity donation
• Researchers show ways to abuse Microsoft Teams accounts for lateral movement
• CISA: Several Old Linux Vulnerabilities Exploited in Attacks
• Geacon Brings Cobalt Strike Capabilities to macOS Threat Actors
• VirusTotal AI code analysis expands Windows, Linux script support
• Threat Assessment by PaloAlto Unit 42: Royal Ransomware
• Ransomware gang steals data of 5.8 million PharMerica patients
• CISA Launches RVWP, a New Ransomware Warning Pilot Program
• Microsoft is scanning the inside of password-protected zip files for malware
• Water Orthrus New Campaigns Deliver Rootkit and Phishing Modules
• Industrial Cellular Routers at Risk: 11 New Vulnerabilities Expose OT Networks
• Israel-based threat actors show growing sophistication of email attacks
• VMware’s ESXi security issues spur new ransomware gang into action
• The Phantom Menace: Brute Ratel remains rare and targeted
• L3Harris may have been hacked, defense data stolen
• Dark Web ChatGPT Unleashed: Meet DarkBERT
• Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts
• CopperStealer Malware Crew Resurfaces with New Rootkit and Phishing Kit Modules
• Hackers use Azure Serial Console for stealthy access to VMs
• FTC sues VoIP provider over ‘billions of illegal robocalls’
• BatLoader Impersonates ChatGPT and Midjourney in Cyber-Attacks
• Searching for AI Tools? Watch Out for Rogue Sites Distributing RedLine Malware
• Infostealer Malware Surges: Stolen Logs Up 670% on Russian Market
• Popular Android TV boxes sold on Amazon are laced with malware
• Energy Industry Faces Increasing Dark Web Cyber Threats
• Once Again, Malware Discovered Hidden in npm
• 3 Ways Hackers Use ChatGPT to Cause Security Headaches
• Dish Network likely paid ransom after recent ransomware attack
• Teen Charged in DraftKings Credential Stuffing Case
• Windows 11 suffers from a weird bug that messes with SATA SSDs and hard drives

Other News Events of Note and Interest

• Huntress Lands $60M, Eyes Potential IPO In Coming Years
• EU AI Act To Target US Open Source Software
• OpenAI Launches Official ChatGPT App for iPhone and iPad
• Defender Remover 12.4.2, you really can completely remove it
• Microsoft CEO Satya Nadella warns AI could cause ‘real displacement’ of human jobs
• ChatGPT Leveraged to Enhance Software Supply Chain Security
• First ever 64-bit version of Windows rediscovered … and a C compiler for it too
• I Finally Bought a ChatGPT Plus Subscription—and It’s Worth It
• Notepad++ Just Got an Update
• Montana is the first state to totally ban TikTok
• Apple restricts employees from using ChatGPT over fear of data leaks
• Microsoft decides it will be the one to choose which secure login method you use
• Nvidia and Microsoft Announce 10-Year GeForce Now Partnership
• New Tool Offers Life After Windows BSOD
• Death of Ownership: Companies Use Software, Subscriptions to Grab Money From Customers
• Best Password Practices to Defend Against Modern Cracking Attacks
• Microsoft will upgrade Windows 10 21H2 users automatically next month
• Google to delete accounts inactive for two years in security push
• Landmark crypto rules make exchanges liable for customer losses in EU
• Many believe it’s time for an independent uniformed cyber service. Here’s what it could look like
• New DOD doctrine officially outlines and defines ‘expeditionary cyberspace operations’
• Microsoft admits it couldn’t really fix Windows 11 Security and Defender LSA issues
• ChatGPT is about to revolutionize cybersecurity
• Microsoft releases Edge 113 to the Stable Channel, adds new features
• M-Files enhances integrations with Teams and Outlook – Technology Record
• Datto Founder Backs Cyber Warranty Firm Cork To ‘Give Control Back To MSPs
• Google offers certificate in cybersecurity, no dorm room required
• Mysterious Intel patch released for almost every modern CPU
• Google Calendar gets improved interoperability with Outlook
• Microsoft Completes Rollout of Basic iMessage Support on Windows 11
• Microsoft makes embarrassing Windows 11 U-turn after user revolt over ads
• A raft of free Cloudflare services for AI startups
• Amazon Gets $1 Billion Tax Break To Build New Data Centers, AWS Regions
• Advanced Cyber Security Interview Questions and Answers
• Millions of deleted files recovered in hard drives purchased online

Cyber Insurance News

• Insured companies more likely to be ransomware victims, sometimes more than once
• Radiology Group Sues Broker Over Lapsed Cyber Insurance Policy
• Clients Buy Higher Limits as Q1 Cyber Increases Follow Moderation Trend
• BOXX Insurance Launches Personal Cyber Insurance on its USA platform
• US cyber insurance premiums exceeded $7.2B last year
• Employee actions are driving cyber insurance claims
• Report finds just one unpatched vulnerability increases the risk of a cyber insurance claim by 33%