May 27, 2023

Hello all,
The Red-N Weekly Cyber Security News newsletter is below the Notable Callouts as usual. We don’t have an “A” headline item this week, but we do go from B to Z. So, let’s get to it.

Notable Callouts:

• Barracuda experienced a Zero-Day attack on their email gateways. Quite a few orgs were affected. The company has since patched the holes, but affected customers (being contacted by Barracuda) need to take additional action.
• CISA has announced the formation of a Joint Ransomware Task Force with the goal of serving “as the central body for coordinating an ongoing nationwide campaign against ransomware attacks…”
• D-Link makes a network management suite named D-View 8, who knew? Well, they just patched six vulnerabilities, two of which were classified as critical-severity.
• Git-Lab is urging upgrades to fix no less than 5 vulnerabilities that affect versions 2.40.0 and lower.
• Google has proposed a plan to drastically shorten the lifespan of Transport Layer Security (TLS) digital certificates, from 398 days to 90 days. If implemented, this will necessitate a change in how these certificates are managed and maintained.
• Microsoft has released their optional May Cumulative updates for both Windows 10 and 11 with a significant number of fixes. As with any of their “optional” updates, they may not be fully baked yet, but if you are experiencing any issues described in the links, you may want to try them.
• Sonos was exploited via three different vulnerabilities in Toronto during Pwn2Own. Upgrade to the version 15.4 or higher to mitigate these holes.
• WordPress has released version 6.2.2 very rapidly in response to broken functionality and security vulnerabilities.
• Zyxel has released a security advisory regarding multiple buffer overflow vulnerabilities in some of their firewalls.

• In Ransomware, Malware, and Vulnerabilities News, a new ransomware group named Obsidian Orb is demanding ransom payments via gift cards. And, Wireshark has released version 4.0.6 to fix 9 vulnerabilities.
• In Other News Events of Note and Interest, a new issue with copying and saving files has shown up in Microsoft Windows when the app doing the copying is 32 bit vs. 64 bit. ChatGPT has released over 80 new plugins.
• In Cyber Insurance News, new data suggests that cyber insurance may need to rethink ransom payments.

As computing power continues to increase, will our ability to harness and fully exploit it continue, or will it require AI? And, once the old limit is reached, will AI then be able to create new computing power in a self-sustaining cycle?

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Barracuda warns of email gateways breached via zero-day flaw
• CISA – Joint Ransomware Task Force
• D-Link fixes auth bypass and RCE flaws in D-View 8 software
• Enterprises Must Prepare Now for Shorter TLS Certificate Lifespans
• GitLab ‘strongly recommends’ patching max severity flaw ASAP
• Windows 10 KB5026435 update released with 2 new features, 18 fixes
• Windows 11 KB5026436 fixes printing and audio playback issues
• Windows 11 KB5026436 update fixes SMB, LSASS, printer, NTFS issues, and more
• WordPress 6.2.2 Restores Shortcode Support in Block Templates, Fixes Security Issue
• Zero Day Initiative — Exploiting the Sonos One Speaker Three Different Ways
• Zyxel security advisory for multiple buffer overflow vulnerabilities of firewalls

Ransomware, Malware, and Vulnerabilities News

• An AI-based Chrome Extension Against Phishing, Malware, and Ransomware
• #StopRansomware Guide Released by NSA and Partners
• Lazarus Group Targeting Microsoft Web Servers to Launch Espionage Malware
• Microsoft reports jump in business email compromise activity
• Microsoft 365 phishing attacks use encrypted RPMSG messages
• Advanced Phishing Attacks Surge 356% in 2022
• Chinese hackers breach US critical infrastructure in stealthy attacks
• New PowerExchange malware backdoors Microsoft Exchange servers
• Pentagon Outlines Upcoming Contractor Cybersecurity Plan
• Cyberattack of Amazon’s PillPack compromised user health info
• Child hackers: How are kids becoming sophisticated cyber criminals?
• Iranian Agrius Hackers Targeting Israeli Organizations with Moneybird Ransomware
• Tracking down a trojan: An inside look at threat hunting in a corporate network
• Android phones are vulnerable to fingerprint brute-force attacks
• Robert Downey Jr. tells 60 Minutes about being hacked
• Cyber scammers target parents, grandparents for digital theft | 60 Minutes
• IcedID Macro Ends in Nokoyawa Ransomware – The DFIR Report
• BlackByte ransomware crew lists city of Augusta after cyber ‘incident’
• Coca-Cola bottler reportedly hit with ransomware
• K. Fraudster Behind iSpoof Scam Receives 13-Year Jail Term for Cyber Crimes
• Veeam Research Finds 93% of Cyber Attacks Target Backup Storage to Force Ransom Payment
• BEC Scammers Use Residential IPs to Evade Detection
• Meta hit with record-breaking $1.3 billion fine over Facebook data transfers to the US
• BlackCat Ransomware Deploys New Signed Kernel Driver
• $5.9 Million Stolen By Scam as a Service Provider Called Inferno Drainer
• Cloud-Based Malware Delivery: The Evolution of GuLoader
• Verizon issues warning about “smishing,” texts that are sent to your phone to rip you off
• Buhti: New Ransomware Operation Relies on Repurposed Payloads
• Mazars Group allegedly breached by BlackCat
• Lawmakers, experts fear key cyber vacancy leaves US vulnerable to attacks
• Biden nominates Lt. Gen. Timothy Haugh to lead NSA, Cyber Command
• Cybersecurity firms’ earnings set to benefit from growing threat of hacks
• Kimsuky | Ongoing Campaign Using Tailored Reconnaissance Toolkit
• Avid Telecom facilitated billions of spam calls, state AGs allege
• Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking
• Backup Repositories Targeted in 93% of Ransomware Attacks
• Surprise: A Small Change Leads to Big Results for Computer Security
• US sanctions orgs behind North Korea’s ‘illicit’ IT worker army
• Dole ransomware incident affected half of its legacy servers with direct costs reaching $10.5 million
• CISO Criminalization, Vague Cyber Disclosure Rules Create Angst for Security Teams
• Army putting offensive and defensive cyber portfolios under a single office
• US govt contractor ABB confirms ransomware attack, data theft
• Wireshark 4.0.6 Released – Fix for 9 vulnerabilities
• Emby shuts down user media servers hacked in recent attack
• Mercenary mayhem: A technical analysis of Intellexa’s PREDATOR spyware
• Iranian Hackers Using New Windows Kernel Driver in Attacks
• Cybersecurity Playbook for SOC – Security Investigation
• A huge data leak at Tesla could lead to a record-breaking fine
• Major Massachusetts Health Insurer Hit by Ransomware Attack, Member Data May Be Compromised
• New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets
• Cyble — Obsidian ORB Ransomware Demands Gift Cards as Payment
• DoD looks to expand Cyber Excepted Service, won’t implement new SSR for IT workforce
• Travel-Themed Phishing, BEC Campaigns Get Smarter as Summer Season Arrives
• Dish Ransomware Attack Impacted Nearly 300,000 People
• Audiovox electronics claimed by BlackCat ransom gang
• SuperMailer Abuse Bypasses Email Security for Super-Sized Credential Theft
• ‘Hot Pixel’ Attack Steals Data From Apple, Intel, Nvidia, and AMD Chips via Frequency, Power and Temperature Info
• Exploring Three Remote Code Execution Vulnerabilities in RPC Runtime
• CISA Vulnerability Summary for the Week of May 15, 2023

Other News Events of Note and Interest

• OpenAI says it could ‘cease operating’ in the EU if it can’t comply with future regulation
• Regulators take aim at AI to protect consumers and workers
• Google Launches New AI Search Engine: How to Sign Up
• PyPI temporarily pauses new users, projects amid high volume of malware
• Europe’s biggest city council faces £100M bill in Oracle ERP project disaster
• Microsoft: Windows issue causes file copying, saving failures
• TikTok CEO Says Oracle Has Begun Reviewing Its Source Code
• You Can Now Make Bootable ChromeOS Flex USB on Linux
• China Says Micron Products Failed in Cybersecurity Review
• Microsoft announces public rollout of Edge Workspaces
• Microsoft wants to help you build a website with Copilot AI
• FTC signals tougher rules for health companies’ use of data
• iOS 16.5 renders popular iPhone and iPad adapter useless
• SentinelOne CEO On Microsoft’s Security Copilot: ‘It’s A Nice Chatbot’
• Microsoft enables booting physical PCs directly into cloud PCs
• Microsoft announces Windows Copilot, an AI ‘personal assistant’ for Windows 11
• Microsoft brings back Taskbar app ungrouping on Windows 11, but with a smart new twist
• Microsoft releases new Windows Backup app for Windows 11
• Microsoft Defender Antivirus gets ‘performance mode’ for Dev Drives
• Parallels Desktop Update Adds Support for Ubuntu 23.04 VMs
• 28 years later, Windows finally supports RAR files
• Microsoft Edge is getting ‘Edge for Gamers’ mode
• Leaked EU Document Shows Spain Wants to Ban End-to-End Encryption
• You can create your own avatar in Microsoft Teams Business and Enterprise starting this week
• Google launches bug bounty program for its Android applications
• Microsoft’s new free Windows 11 virtual machines are now available for download
• Microsoft shakes up Teams meetings with new breakout rooms feature
• Synology BeeDrive – personal backup hub
• Forget Photoshop — AI imaging tool lets you edit photos with no experience
• How To Use Third-Party Plugins In ChatGPT? 80+ Plugins Just Added by ChatGPT For Public

Cyber Insurance News

• Cyber Insurance Market in Turmoil Over State-Backed Attacks
• Cyber Insurers May Want To Rethink Ransom Payments Based On This New Data
• Global cyber and E&O insurance market shifts to buyer-friendly environment in 2023
• Corvus Insurance Unveils Corvus Signal™, a Cyber Risk Prevention Solution