November 1, 2025

Hello all,

Last week I excoriated Amazon for their spectacular day-long failure. This past week, Microsoft decided it was their turn and because of a self-inflicted Domain Name System (DNS) issue, major portions of their network were inaccessible. At least they were kind enough to wait until Wednesday, unlike AWS which took much of the internet down at the start of business on Monday the week prior. Late in the day on Wednesday, most Microsoft services were responding normally again.

This email and video commentary is from the RedDotSecurity.news website that contains a plethora of links to other items, not mentioned here, that are worth skimming to see if they interest you or pertain to your particular environment or of those you support. There is a lot more than what is provided in these opening comments. So, on to the headline news.

Headline NEWS:

• Critical Dell Storage Manager Bugs Enable Remote System Compromise. If you use this in your environment, don’t wait to patch these defects. The most severe of these could allow an unauthenticated attacker access to the systems.
• Microsoft was mostly down on Wednesday. If you were not affected, consider yourself blessed. For most of us, we experienced portals not loading or reporting errors, API based integrations failing to provide needed telemetry to third party tools and vendors, and a host of other problems. These back-to-back failures by major cloud providers are making many rethink their strategies for business resiliency. Perhaps your Disaster Recovery and Business Continuity Plans should plan for these seemingly increasing occurrences.
• QNAP warns of critical ASP.NET flaw in Windows backup software. This particular vulnerability defect stems from a Microsoft bug that now has a patch. But, as with most third-party software, you often need to update the integration yourself. In this case, QNAP recommends that you uninstall and then reinstall their NetBak PC Agent, which will then install the correct patched version of ASP.NET. Alternatively, you could locate the ASP.NET update from Microsoft and install it.
• Windows Server Update Service (WSUS) warnings are sounding throughout the industry due to opportunistic scum pouncing on the massive defect in escalating numbers. As mentioned last week, if you cannot patch your WSUS server, disable the service. If you hadn’t patched yet be sure to check for evidence of compromise before letting your server begin serving up patches again.

In Ransomware, Malware, and Vulnerabilities News:

• Active Directory at Risk Due to Domain-Join Account Misconfigurations is a disturbing article. Apparently, most of us have been domain joining workstations and servers in an insecure manner for years, even if we are using special accounts designated only for this function. However, we are not completely at fault since Microsoft didn’t publish official guidance on how to securely perform this process until August 2025. You read that right, this year! Thankfully the article does a good job of outlining the complex process. Security teams now need to evaluate “Whether the juice is worth the squeeze”, as a friend of mine says.

In Other News Events of Note and Interest:

• Living tissue could fuel robots that grow, heal and move like humans. Do these people not read or watch science fiction? I have, and experiments like this usually don’t end up too great for humanity. Maybe another Carrington size event, which is another article linked in this section, will provide our salvation after the machines take over.

Musings:

I consider what I do to be important, and it is. I manage a team of cybersecurity professionals that help to keep hundreds of companies safe and respond rapidly if something should go amiss in a client’s environment. But I have become quite introspective lately due to some recent changes in my personal world (no it isn’t health related). How long would it take my company to replace me and I’d quickly become just a distant memory in the minds of my colleagues? Some might think fondly of me for a few months, maybe one or two would recall me on notable calendar dates. But the company would quickly move on. However, in the case of my family, my role is irreplaceable. My life’s calling is serving those that God has placed under my authority, whether that be those who report to me in the workplace, or my friends, and especially my family. I need to create margin in my life so that I can be available to fill my irreplaceable role. This is yet another shield that must be raised, the one of protecting the precious 168 hours a week that I’m given, and choosing what matters most.

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Critical Dell Storage Manager Bugs Enable Remote System Compromise
• Microsoft Azure cloud service hit with outage
• Microsoft: DNS outage impacts Azure and Microsoft 365 services
• Microsoft Azure’s Services Restored After Global Outage
• QNAP warns of critical ASP.NET flaw in its Windows backup software
• Critical .NET Vulnerability Lets Attacker Bypass Security in QNAP Backup Software
• Warnings Mount Over Windows Server Update Services Hacks

Ransomware, Malware, and Vulnerabilities News

• Good News, Government News, and Interesting
• US Crypto Bust Offers Hope Against Cybercrime Groups
• Ukrainian extradited from Ireland on Conti ransomware charges
• Microsoft’s digital crimes unit battles cyber threats from Russia to Redmond
• A Florida university is building the next generation of intelligence professionals, one hands-on mission at a time
• MITRE Unveils ATT&CK v18 With Updates to Detections, Mobile, ICS
• CISA warns of two more actively exploited Dassault vulnerabilities
• CISA orders feds to patch VMware Tools flaw exploited by Chinese hackers
• CISA Shares New Threat Detections for Actively Exploited WSUS Vulnerability
• CISA: High-severity Linux flaw now exploited by ransomware gangs
• US government is getting closer to banning TP-Link routers
• Confidential data in the cloud: Too risky: Army chief Süssli says no to Microsoft Office 365
• New York State Department of Financial Services Issues Guidance on 3rd Party Cybersecurity Risks
• Vulnerabilities and Exploits
• Active Directory at Risk Due to Domain-Join Account Misconfigurations
• Next-gen firewalls, VPNs can increase security risks: At-Bay
• BiDi Swap: The bidirectional text trick that makes fake URLs look real
• Windows zero-day actively exploited to spy on European diplomats
• New Lampion Stealer Uses ClickFix Attack to Silently Steal Login Credentials
• Chrome 142 Released With Fix for 20 Vulnerabilities that Allows Malicious Code Execution
• 9 in 10 Exchange servers in Germany are out of support
• New “Brash” Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL
• PoC code drops for remotely exploitable BIND 9 DNS flaw (CVE-2025-40778)
• Former L3Harris Trenchant boss pleads guilty to selling zero-day exploits to Russian broker
• ChatGPT Atlas Browser Can Be Tricked by Fake URLs into Executing Hidden Commands
• Ex-CISA chief says AI could mean the end of cybersecurity
• Hackers Hijacking IIS Servers in The Wild Using Exposed ASP .NET Machine Keys to Inject Malicious Modules
• Microsoft Teams Access Token Theft: What IT Leaders Must Know
• Windows Accessibility Flaw Allows Stealthy Persistence and Lateral Movement via Narrator DLL Hijack
• Docker Compose Vulnerability Allow Attacks To Overwrite Arbitrary Files
• NPM flooded with malicious packages downloaded more than 86,000 times
• HashiCorp Vault Vulnerabilities Let Attack Bypass Authentication And Trigger DoS Attack
• Apache Tomcat Security Vulnerabilities Expose Servers to Remote Code Execution Attacks
• OpenVPN Vulnerability Exposes Linux, MacOS Systems To Script Injection Attacks
• TEE Fail attack breaks confidential computing on Intel, AMD, NVIDIA CPUs
• Ubiquiti UniFi Door Access App Vulnerability Exposes API Management Without Authentication
• Scammers try to trick LastPass users into giving up credentials by telling them they’re dead
• HikvisionExploiter – An Automated Exploitation Toolkit Targeting Hikvision IP Cameras
• New Attack Chains Ghost SPNs and Kerberos Reflection to Elevate SMB Privileges
• Microsoft Windows Cloud Files Minifilter Privilege Escalation Vulnerability Exploited
• Phishing, Malware, and similar
• Hackers Weaponizing Telegram Messenger with Dangerous Android Malware to Gain Full System Control
• LinkedIn phishing targets finance execs with fake board invites
• Massive China-Linked Smishing Campaign Leveraged 194,000 Domains
• Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices
• Researchers Expose GhostCall and GhostHire: BlueNoroff’s New Malware Chains
• New Gamaredon Phishing Attack Targeting Govt Entities Exploiting WinRAR Vulnerability
• Pegasus surveillance software coming to America
• New Android Trojan ‘Herodotus’ Outsmarts Anti-Fraud Systems by Typing Like a Human
• New Atroposia malware comes with a local vulnerability scanner
• 10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux
• RedTiger Malware Steals Data, Discord Tokens and Even Webcam Images
• Hackers Use NFC Relay Malware to Clone Tap-to-Pay Android Transactions
• Breaches, Leaks, and Ransomware
• Google disputes false claims of massive Gmail data breach
• AI agents can leak company data through simple web searches
• New CoPhish Attack Exploits Copilot Studio to Exfiltrate OAuth Tokens
• BPO giant Conduent confirms data breach impacts 10.5 million people
• First Zero Click Attack Exploits MCP and Connected Popular AI Agents To Exfiltrate Data Silently
• Industrial Giants Schneider Electric and Emerson Named as Victims of Oracle Hack
• DomeWatch Leak Exposed Personal Data of Capitol Hill Applicants
• Ransomware profits drop as victims stop paying hackers
• Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks
• Advertising giant Dentsu reports data breach at subsidiary Merkle
• Canada says hacktivists breached water and energy facilities
• Sweden’s power grid operator confirms data breach claimed by ransomware gang
• Tata Motors confirms it fixed security flaws, which exposed company and customer data
• Qilin Ransomware Leveraging Mspaint and Notepad to Find Files with Sensitive Information
• Qilin Targets Windows Hosts with Linux-Based Ransomware
• New Beast Ransomware Actively Scans for Active SMB Port from Breached System to Spread Across Network
• Akira Ransomware Allegedly Claims Theft of 23GB in Apache OpenOffice Breach

Other News Events of Note and Interest

• Cool Tool: Wave Link 3.0 – Redefining Creator Audio Control
• Cool Tool: UniGetUI 3.3.6
• Congress Eyes New Cyber and Communications Powers for the National Guard
• Ken Thompson Recalls Unix’s Rowdy, Lock-Picking Origins
• Grammarly rebrands to ‘Superhuman,’ launches a new AI assistant
• Scientists prepare for the next Carrington Event
• Musk’s Wikipedia rival Grokipedia crashes on first day
• How the CIA’s Kryptos Sculpture Gave Up Its Final Secret
• One week to opt out or be fodder for LinkedIn AI training
• X: Re-enroll 2FA security keys by November 10 or get locked out
• Bending Spoons is buying AOL for some reason
• Firefox 144.0.2 is out with fixes for crashes on Windows, OneDrive issues, and more
• Google Online Security Blog: HTTPS by default
• Google Chrome to warn users before opening insecure HTTP sites
• Keeping the Internet fast and secure: introducing Merkle Tree Certificates
• Austria Migrates 1,200 Workers from Microsoft 365 to Open-Source in 4 Months
• Google’s Quantum Computer Solved a Real Algorithm 13,000 Times Faster Than a Supercomputer
• Intel releases new Wi-Fi and Bluetooth drivers with Windows 11 25H2 support
• WhatsApp can now use passkeys to secure your backups
• Study concludes cybersecurity training doesn’t work
• AI, LLM’s, and Skynet
• Adobe puts AI in everything, everywhere, all at once
• Living tissue could fuel robots that grow, heal and move like humans
• Eli Lilly Partners With Nvidia to Build AI Supercomputer for Drug Discovery
• Microsoft 365 Copilot’s Researcher agent can now take action with ‘Computer Use’
• Elon Musk: Future Starlink Satellites Will Become Orbiting Data Centers
• Microsoft
• CISA and NSA share tips on securing Microsoft Exchange servers
• Microsoft ends volume pricing, potentially costing companies millions
• Australian watchdog sues Microsoft for misleading 2.7 million M365 users — deliberately hiding a cheaper Classic subscription plan without Copilot
• Microsoft: New policy removes pre-installed Microsoft Store apps
• No, Windows 11 isn’t broken if you see duplicate driver updates, Microsoft says
• Microsoft Investigation Teams text-to-speech Functionality Issue Impacting Users
• Microsoft 365 Copilot now enables you to build apps and workflows
• Microsoft makes Windows Update less irritating and fixes error 0x800f0983
• Microsoft admits long-standing Windows 11 driver 0x80070103 error, says it can’t fully fix the issue
• Windows 11 KB5067036 update rolls out Administrator Protection feature
• Windows 11 KB5067036 issue, Task Manager won’t close and duplicates, may hurt performance
• Windows 11 AI feature lets you copy texts from screen, images or PDFs, now rolling out
• “Update and shut down” no longer restarts PC, as Windows 11 25H2 patch addresses a decades-old bug