November 16, 2024

Hello all,

Tuesday saw the monthly cavalcade of patches to fix bugs, defects and flaws from a good number of vendors. Additionally, this past week saw a significant quantity of non-scheduled warnings and updates. If you’re thinking that there seems to be an ever-increasing slew of these being pushed out, you’re not alone. The “Five Eyes Alliance” of U.S., U.K., Australia, Canada and New Zealand have announced that increasing numbers of zero-day vulnerabilities being exploited is “the new normal”, and NIST reports that it is still struggling to catch up from a massive backlog of vulnerabilities reported to them. So, as we get onto the headlines of the week, Manent Semper Vigilans! 

As usual, my commentary is followed by a plethora of links to other items that are worth skimming to see if they interest you or pertain to your particular environment or of those you support.

Headline NEWS:

• Citrix starts our list with about a dozen defects in a handful of products requiring patching. A few of these are already being exploited, so don’t wait.
• CrushFTP is a cross-platform SFTP program that I discovered several years ago. It is feature rich and works very well. They just released a patch for a defect involving password resets that could allow someone to take over the system. The vendor advises “update immediately to 10.8.3+ or v11.2.3+” – referring to version numbers.
• Fortinet continues to roll out fixes on a regular basis. It would be nice if they didn’t have to release them so frequently, but at least they do patch the holes when they find them. This time there is a defect in their VPN app that could allow for Privilege Escalation and malware insertion. So far there is no evidence of active exploitation, but with any firewall flaw, it is only a matter of time.
• IBM and AMD have both released patches for their products. There’s quite a few of them, so check if you’re affected.
• Ivanti dropped a rather hefty load of patches, plugging at least 50 different vulnerabilities across Endpoint Manager, Avalanche, Connect Secure, Policy Secure, and Secure Access Client. This company’s defects are especially sought after by evil cybercriminals, patch fast.
• Microsoft unleashed 89 fixes for their products on Tuesday last week, with at least two of them being zero-days in active exploitation. Vet quickly and update.
• Palo Alto Networks is back in the headlines. Last week there was a “potential Remote Code Execution (RCE) vulnerability in their Pan-OS”. That has now been confirmed. There is no patch yet. However, last week’s mitigation guidance remains the same – “block access from the Internet to their firewalls’ PAN-OS management interface and only allow connections from trusted internal IP addresses.”
• Veeam has released an updated version of an earlier patch for a “high-severity vulnerability in Backup Enterprise Manager that could be exploited remotely, without authentication”. Apply the hotfix as soon as possible.

In Ransomware, Malware, and Vulnerabilities News:

• China continues to dominate tech news, mostly for bad reasons. For the past couple of weeks there have been increasing reports from various news outlets and three- and four-letter agencies of breaches into US telecom provider’s networks. Additionally, news outlets are starting to notice that China has a massive army of very well trained and disciplined cyber attackers that are actively engaged in electronic warfare against – well – everyone else.

In Other News Events of Note and Interest:

• The United Nations is getting ready to adopt a new Cybercrime Convention. This treaty would define cybercrime, malicious activity, hacking, and intrusion. However, there is little exception being considered for ethical hacking and security research. This could have a chilling effect on countries that adopt the convention wholescale without enacting protections. This is definitely one to watch lest it slip under the radar and criminalize the good guys.

In Cyber Insurance News:

• Insurance Firm Introduces Liability Coverage for CISOs describes a looming issue for many of these C-Suite defenders – being held liable for breaches and successful attacks against companies they support. The article notes that “38% of CISOs are not covered under their organizations’ corporate director and officer insurance (D&O) policies and 18% not knowing if they’re covered.” The insurer in this article provides personal liability coverage for these cyber warriors.

Musings:

The Chinese hacks into our telecommunication carriers shows that the attack-surface is continuing to get ever more personal, necessitating that we evolve our behaviors to help combat this threat. Our National Security Agency has renewed their call for the public to restart their phones at least once per week. Apple’s new iOS18 reboots phones automatically if they haven’t been unlocked in 72 hours. Hmm, what does Apple know that we don’t? I think that we might want to heed the NSA’s advice.

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Citrix Zero-Day Bug Allows Unauthenticated RCE
• Citrix Issues Patches for Zero-Day Recording Manager Bugs
• CrushFTP vulnerability in v10/v11
• Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost
• Chipmaker Patch Tuesday: Intel Publishes 44 and AMD Publishes 8 New Advisories
• Ivanti Patches 50 Vulnerabilities Across Several Products
• Microsoft Confirms Zero-Day Exploitation of Task Scheduler Flaw
• Microsoft Releases November 2024 Patch Tuesday Updates
• Palo Alto Networks Confirms New Firewall Zero-Day Exploitation
• Veeam Patches High-Severity Vulnerability as Exploitation of Previous Flaw Expands
• Windows 11 (KB5046617, KB5046633) November 2024 Patch Tuesday out 

Ransomware, Malware, and Vulnerabilities News

• New ShrinkLocker ransomware decryptor recovers BitLocker password
• CISA warns of more Palo Alto Networks bugs exploited in attacks
• FBI, CISA say Chinese hackers breached multiple US telecom providers in targeted attack
• T-Mobile hacked in massive Chinese breach of telecom networks, WSJ reports
• FBI issues warning as crooks ramp up emergency data request scams
• Surge in exploits of zero-day vulnerabilities is ‘new normal’ warns Five Eyes alliance
• Zero-day vulnerability exploitation escalates
• CISA Annual Top Exploited Vulnerabilities List Finds Zero-Days On the Rise, Log4Shell Still A Problem
• Idaho man sentenced for hacking a GA city, medical clinic, more
• Major ICS Players Offer Key Security Updates
• Experts Uncover 70,000 Hijacked Domains in Widespread ‘Sitting Ducks’ Attack Scheme
• Gone phishing: The need to create a culture of cybersecurity awareness
• Epson Devices Vulnerability Let Attackers Create Rogue Admin Accounts
• New NAND Chip Attack Lets Attackers Uncover Secrets & Reverse Engineer
• Intel Releases New CPU Microcode For Two New Security Advisories
• Microsoft Power Pages misconfigurations exposing sensitive data
• Microsoft Active Directory Certificate Services Vulnerability (CVE-2024-49019)
• High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables
• Man Arrested for Snowflake Hacking Spree Faces US Extradition
• AT&T, Ticketmaster data breach hackers charged with stealing 50 billion records
• Amazon confirms employee data stolen after hacker claims MOVEit breach
• MOVEit fallout: hackers leak employee data from Amazon, MetLife, HSBC, and other major companies
• Hackers Leveraging Microsoft Visio Files & SharePoint For Two-Step Phishing Attack
• Flexible Structure of Zip Archives Exploited to Hide Malware Undetected
• Google Chrome extensions remain a security risk as Manifest V3 fails to prevent data theft and malware exploitation
• New Glove infostealer malware bypasses Chrome’s cookie encryption
• Hackers Abusing Google Ads To Deliver Fakebat Malware
• Hackers can wirelessly watch your screen via HDMI radiation
• Fake AI video generators infect Windows, macOS with infostealers
• Cyberattack Cost Oil Giant Halliburton $35 Million
• Iran Using Fake ‘Dream Job’ Offers in Cyber Attacks on US Allies
• China’s Hacker Army Outshines America
• China is catching up with the West on tech, Microsoft president says
• Volt Typhoon rebuilds malware botnet following FBI disruption
• Dismantled Volt Typhoon botnet’s restoration underway
• Wisconsin city of Sheboygan says ransom demanded after cyberattack
• Food Lion acknowledges they were hit by cyberattack
• New England grocery stores, pharmacies impacted by cyber attack
• Investigation underway after Alberta Crown corporation hit by cyberattack
• Embargo Ransomware Gang Sets Deadline to Leak Hospital Data
• American Associated Pharmacies allegedly breached by Embargo ransomware
• Cloud Ransomware Flexes Fresh Scripts Against Web Apps
• Newpark Resources discloses October ransomware attack
• New Ymir ransomware partners with RustyStealer in attacks
• Hackers use macOS extended file attributes to hide malicious code
• Threat Actors Attacking macOS Users with New Multi-Stage Malware
• North Korean Hackers Craft Malware Apps That Bypass macOS Security
• Major breach at American debt services firm exposes data of over a million customers
• Have I Been Pwnd notifies 57 million people of Hot Topic data breach
• 4,000,000 WordPress Sites Using Really Simple Security, Critical Authentication Bypass Vulnerability 

Other News Events of Note and Interest

• Cool Tool: LibreOffice 24.8.3 Office Suite Is Now Available for Download with 88 Bug Fixes
• Cool Tool: VMware Workstation is Now Free for Commercial Use Too
• Please Don’t Use Any of These Passwords
• Tiny light hurricanes make fiber optic data transfer 16x faster
• The UN cybercrime convention threatens security research. The US should do something about it
• NSA Releases Trusted Platform Module Usage Guidance
• NIST Explains Why It Failed to Clear CVE Backlog
• TikTok launches integration with Lemon8, as US ban looms
• Judge dismisses GoDaddy expired domain clawback lawsuit
• How to run Android apps on Linux
• New Apple security feature reboots iPhones after 3 days, researchers confirm
• Amazon developing driver eyeglasses to shave seconds off deliveries, sources say
• DNA testing company vanishes along with its customers’ genetic data
• Cisco combines Meraki and Catalyst into single wireless brand
• NordVPN maker’s new identity theft protection service will reimburse you up to $1 million for expenses
• Prompt Injecting Your Way To Shell: OpenAI’s Containerized ChatGPT Environment
• Denmark lays out EU AI Act compliance blueprint with Microsoft backing
• Windows Me Was More Revolutionary Than We Think
• MSN brand is back with a fresh new logo to replace ‘Microsoft Start’
• The New Chat & Channels Experience in Microsoft Teams!
• Microsoft pulls Exchange security updates over mail delivery issues
• Microsoft unveils Magentic-One — an AI agent that can browse the web and write code
• Microsoft tests AI-powered editing in Notepad
• Microsoft Edge is trying to forcefully get your Chrome tabs again
• Microsoft investigates OneDrive issue causing macOS app freezes
• Microsoft begins promoting Windows 11 24H2 on Windows 10 to push migration
• Microsoft shares new group policy to stop Windows Update catastrophes like KB5044284
• Microsoft just killed the Windows 10 Beta Channel again
• Microsoft Windows 10 KB5046613 update released with fixes for printer bugs
• Microsoft Windows 11 23H2 bug causes “end of service”, “get the newer version of Windows” alerts
• Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues 

Cyber Insurance News

• Insurance Firm Introduces Liability Coverage for CISOs
• Why are cyber risks for directors going up?
• Biba boss says cyber protection gap becoming ‘even more worrying’
• A digital safety net