May 25, 2024

Hello all,

Thankfully, this week has been somewhat low in major vulnerability and attack reveals. There are still enough, and if a product or service that you use is mentioned in our lists below, then to your organization it is major and needs to be treated as such. Google appears to be throwing some stones at Microsoft, but their glass house is getting some chips while they’re at it. Read on.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

• Fortinet patched flaws in FortiOS and FortiProxy SSL-VPN. Since threat actors search for theses like ravenous wolves, it is critical to patch ASAP.
• Google Chrome received several update cycles this past week, including a fix for the eighth actively exploited zero day this year. Update your browser now.
• Google has come out and said that, based on the US Government’s report about Microsoft’s security lapses, it is clear that Microsoft is insecure and government entities and corporations should switch to Google. Microsoft, for their part, has doubled down on their security efforts and are even tying executive compensation to security. However, Google isn’t quite the shining star they make themselves out to be. Read on below.
• Microsoft announced a new feature for Windows 11 called Recall for Copilot+PCs. Critics immediately pounced on it, calling it spyware – which by definition it actually is. It’ll be interesting to see how this plays out. But for now, you’re safe. Due to power requirements, it will need one of the new spiffy Copilot+PCs that were just unveiled.
• Ivanti, just reading the name in the news makes me shudder, released patches this week. Several vulnerabilities were plugged in Endpoint Manager. Update now. Stop reading and go do it. We’ll still be here.
• QNAP patched a few more items that needed fixing, with a few still pending. Update as appropriate.
• Rockwell Automation issued an advisory “…urging all customers to take IMMEDIATE action to assess whether they have devices facing the public internet and, if so, urgently remove that connectivity for devices not specifically designed for public internet connectivity”. Rockwell further advised that clients should ensure that all devices were checked for outstanding updates. CISA followed suit and issued a notice reiterating what Rockwell published.

In Ransomware, Malware, and Vulnerabilities News:

• Deepfakes Rank as the Second Most Common Cybersecurity Incident. That is staggering, and scary. That was fast. What will the next 12 months bring?
• Scattered Spider was responsible for several very high-profile casino attacks. Good news from the FBI is that they are closing in on the criminals. Some arrests have already been made, and more are on the way. Hooray for the good guys!

In Other News Events of Note and Interest:

• Google, as promised above, recently lost everything belonging to a very large client. The only way the client was able to recover was because they’d created backups that were not being held by Google. And in another “don’t throw stones” event, Google’s cloud went down twice this month already. I think losing everything would be worse than having someone exfil. But what do I know?
• Malwarebytes apparently has a scanning tool that will let you know if you’ve had data breached and more. Check it out.

In Cyber Insurance News:

• SEC turns up heat, boosting importance of cyber insurance. A good quote from the article reads, “Any business that has customers, a bank account or holds information about any customer or client should have cybersecurity coverage”. Did that leave anyone out?

It is only May, and unfortunately the airborne army of darkness, aka mosquitoes, are out in force where I live. They are blood-thirsty, horrible, merciless, relentless, unwanted invaders that will do anything to get at their desired goal – a gallon of my blood! And if they get any blood, they’ll just breed more! They remind me of cyber criminals, blood-thirsty, horrible, merciless, relentless, unwanted invaders that will do anything to get at their desired goal – your money or secrets. And if cyber criminals get paid, it’ll just breed more. So, just like with the diminutive menaces, make sure you employ the correct defenses. Otherwise, you’re in for a painful experience when they bite.

And remember, keep the shields up. They really are out to get you.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• FortiOS & FortiProxy SSL-VPN Flaw Allows IP Spoofing
• Google: Microsoft Is Unable to Keep Customers Safe From Cyberattacks
• Chrome 125 Update Patches High-Severity Vulnerabilities
• Google fixes eighth actively exploited Chrome zero-day this year
• Microsoft’s new Recall for Copilot+PCs criticized as spyware
• PoC exploit for Ivanti EPMM privilege escalation flaw released
• Ivanti Patches Critical Code Execution Vulnerabilities in Endpoint Manager
• QNAP QTS zero-day in Share feature gets public RCE exploit
• Rockwell Automation warns admins to take ICS devices offline

Ransomware, Malware, and Vulnerabilities News

• Apple Releases iOS 17.5.1 With Fix for Reappearing Photos Bug
• CISA Warns of Actively Exploited Apache Flink Security Vulnerability
• Cyberattacks Over Work Email Most Used; Ransomware Hits Victims Hard
• Deepfakes Rank as the Second Most Common Cybersecurity Incident for US Businesses
• Keylogger Embedded Microsoft Exchange Server Steals Login Credentials
• New DoS Attack ‘DNSBomb’ Exploiting DNS Queries & Responses
• Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms
• NextGen Healthcare Mirth Connect Under Attack – CISA Issues Urgent Warning
• EPA warns of increasing cyberattacks on water systems, urges utilities to take immediate action
• Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal
• Hackers Sell Fake Pegasus Spyware on Clearnet and Dark Web
• Hacker defaces spyware app’s site, dumps database and source code
• WinRAR Flaw Let Attackers Deceive Users with ANSI Escape Sequences
• SolarMarker Malware Evolves to Resist Takedown Attempts with Multi-Tiered Infrastructure
• Malvertising campaign exploits WinSCP, PuTTy for ransomware
• Phishing statistics that will make you think twice before clicking
• Latrodectus Malware Loader Emerges as IcedID’s Successor in Phishing Campaigns
• Conservative cell carrier Patriot Mobile hit by data breach
• Critical Netflix Genie Bug Opens Big Data Orchestration to RCE
• GitHub warns of SAML auth bypass flaw in Enterprise Server
• Crooks plant backdoor in software used by courtrooms around the world
• A Leak of Biometric Police Data Is a Sign of Things to Come
• Santander Falls Victim to Data Breach Involving Third-Party Provider
• Report: Cat-phishing of legitimate websites on the rise
• Zscaler annual phishing report finds a near 60% increase in phishing attacks in 2023
• Kroll cyber threat landscape report: AI assists attackers
• Chinese hackers hide on military and govt networks for 6 years
• Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia
• Casino cyberattacks put a bullseye on Scattered Spider – and the FBI is closing in
• Consumer-grade spyware found running on hotel guest PCs contains serious security flaw that lets anyone see recent screenshots
• Good luck keeping the past private now —criminal records of millions of Americans leaked online
• VMware Abused in Recent MITRE Hack for Persistence, Evasion
• Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern
• GhostEngine mining attacks kill EDR security using vulnerable drivers
• State hackers turn to massive ORB proxy networks to evade detection
• LockBit no longer world’s No. 1 ransomware gang
• 2024 sees continued increase in ransomware activity
• Self-managed VPNs targeted in 58% of ransomware attacks
• Canada’s London Drugs confirms ransomware attack after LockBit demands $25M
• Hackers release corporate data stolen from London Drugs
• Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors
• Rockford schools technology mostly restored following ransomware attack
• American Radio Relay League cyberattack takes Logbook of the World offline
• Japanese Experts Warn of BLOODALCHEMY Malware Targeting Government Agencies
• Beware: These Fake Antivirus Sites Spreading Android and Windows Malware
• Two students find security bug that could let millions do laundry for free
• Veeam warns of critical Backup Enterprise Manager auth bypass bug
• YouTube has become a significant channel for cybercrime

Other News Events of Note and Interest

• Cool Tool: UniGetUI (formerly WinGetUI) 3.1.0 preview now available
• Cool Tool: Ventoy 1.0.98
• Cool Tool: Rufus 4.5.2180
• Malwarebytes has a free data breach scanning tool
• Cleaning Crew Discovers One of the World’s Oldest Surviving Desktop Computers
• “Unprecedented” Google Cloud event wipes out customer account and its backups
• Google Cloud has just knocked a load of customers offline for the second time this month
• A root-server at the Internet’s core lost touch with its peers. We still don’t know why
• Kevin Mandia Stepping Down As CEO At Google-Owned Mandiant
• Confused by the SEC’s IT security breach reporting rules? Read this
• The Real Danger Lurking in the NVD Backlog
• Decades-old programming languages Fortran and Cobol are still thriving
• Starlink offers ‘unusually hostile environment’ to TCP
• Remote Desktop Protocol: The Series
• It looks a lot like VMware just lost a 24,000-VM customer
• LastPass is now encrypting URLs in password vaults for better security
• After a big hack, Microsoft is tying top executive pay to cyberthreats
• Microsoft Reportedly Readies $16 Billion Bid to Acquire Valve / Steam
• Microsoft outage affects Bing, Copilot, DuckDuckGo and ChatGPT internet search
• Microsoft Surface and Copilot Event: Everything announced
• Microsoft’s “Copilot+” AI PC requirements are embarrassing for Intel and AMD
• Microsoft is turning Windows Copilot into a regular app – and here’s why you’ll like it
• Microsoft Paint is getting an AI-powered image generator that responds to your text prompts and doodles
• Windows 11 KB5037771 issues: a few hiccups, but May 2024 Update is stable
• Microsoft pushes emergency fix for Windows Server 2019 update errors
• Microsoft reveals a partial timeline for its Windows VBScript deprecation plans

Cyber Insurance News

• State insurance commissioner encourages businesses to consider cyber insurance
• SEC turns up heat on cybersecurity, boosting importance of insurance line
• Cybersecurity breaches can be stunningly expensive, disruptive
• SEC Adopts Updated Cybersecurity Rules