November 18, 2023

Hello all,

Patch-mageddon happened this past week – Adobe, AMD, Fortinet, Intel, Microsoft, VMware, and others, released patches for fixes and vulnerabilities in their products. The sheer volume is a tad overwhelming, and as we’re seeing, it is showing no signs of slowing down. It is a continual struggle for defenders to keep up with the needed measures to maintain both function and security. So, without further ado, let’s get to the news so we can understand what’s out there and what to prioritize.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

• Adobe releases patches on the same cycle as Microsoft, so the fact that they released them this past Tuesday was no surprise. However, the volume was. Adobe put forth 72 patches and made special mention regarding Acrobat Reader which has 17 flaws that on unpatched Windows and macOS systems lead to arbitrary code execution and memory leaks.
• AMD and Intel both released a massive amount of updates – 130 of them together – to address recently revealed issues in their processors. AMD also released patches for graphics drivers.
• CrushFTP is a very capable graphical FTP server for both Windows and Linux. They’ve released updates for a critical vulnerability in their software. Anything below version 10.5.5 is vulnerable and needs to be upgraded.
• Fortinet has been quiet for a month and must have been needing to see their name in the patch cycle again. They’ve released patches for FortiClient, FortiGate, and FortiSIEM. They state, “Cyber threat actors may exploit some of these vulnerabilities to take control of an affected system.” So, check your versions and patch quickly if you are affected.
• Microsoft unleashed patches to address 64 vulnerabilities on Tuesday. 5 are classified as zero-day, meaning that they are already in active exploitation in the wild. Vet the patches quickly, and apply them soon or risk falling victim.
• Ransomware dirtbags ALPHV/BlackCat have had the audacity to file an SEC complaint that one of their victims, MeridianLink, didn’t file form K-8 within the four-day reporting period. Actually evil-dark-kitty, the rule requiring notification doesn’t go into effect until December 15.
• VMware has revealed that their Virtual Cloud Director Appliance has a critical auth bypass, if it was upgraded from an earlier version. They offered no patch but have provided mitigation guidance.
• Zero Days in Edge Devices, things such as cameras, industrial routers, internet connected pumps, motors, etc. are the new prize for threat actors. These things are rarely updated, nor are they effectively monitored. This makes them the perfect beachhead for deeper attacks into a company that has them in use. This is rapidly evolving into the next frontier of cyberwarfare.

In Ransomware, Malware, and Vulnerabilities News:

• ACSC (Australian Cyber Security Centre) and CISA have released step-by-step instructions in how to do Business Continuity (Business Continuity in a Box). If your business doesn’t have one, this would be a great place to start.

In Other News Events of Note and Interest:

• Amazon’s new operating system named, Vega OS, has been seen in the wild on a 3rd generation Echo Show. It will be interesting to see how many places this appears in the near future and how quickly Amazon replaces their dependence on Android.
• Microsoft has unleashed an new AI tool to create deepfakes. Oh sure, they claim that it won’t do that and that it is to be used for creating avatars for personal use. Time will tell.
• Windows 11 23H2 is starting to get pushed out by Microsoft.

In Cyber Insurance News:

• Companies are getting smarter, less companies are paying ransoms due to better backups and encryption practices. Score a small win for the good guys.

Here in North America, this coming week is Thanksgiving Day. It is a day set aside to show gratitude, both to our maker, and to our fellow man. I’m grateful for our readers and pray that you have a blessed week. Remember to keep the shields up. The Threat Actors of the world know that a long weekend is coming up – and they don’t take a holiday.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Adobe Patch Tuesday: Critical Bugs in Acrobat, Reader, ColdFusion
• Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities
• CrushFTP critical vulnerability, all versions below 10.5.5 are vulnerable!
• Fortinet Releases Security Updates for FortiClient and FortiGate
• Fortinet warns of critical command injection bug in FortiSIEM
• Intel out-of-band patch addresses privilege escalation flaw
• Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws
• Patch Tuesday – November 2023
• Ransomware gang files SEC complaint over victim’s undisclosed breach
• VMware discloses critical VCD Appliance auth bypass with no patch
• Zero-Days in Edge Devices Become China’s Cyber Warfare Tactic of Choice

Ransomware, Malware, and Vulnerabilities News

• ACSC and CISA launch step-by-step business continuity instructions for SMBs
• CISA warns of actively exploited Juniper pre-auth RCE exploit chain
• FBI and CISA warn of opportunistic Rhysida ransomware attacks
• FBI warns on Scattered Spider hackers, urges victims to come forward
• CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog
• Google researchers discover ‘Reptar,’ a new CPU vulnerability
• Citrix Hypervisor gets hotfix for new Reptar Intel CPU flaw
• New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs
• Over a Dozen Exploitable Vulnerabilities Found in AI/ML
• Deprecation of Squid Add-On Package For pfSense Software
• Hackers Claim Major Data Breach at Smart WiFi Provider Plume
• Google Workspace weaknesses allow plaintext password theft
• Cyberattack Paralyzes Australia Ports in Threat to Supply Chains
• FBI Shuts Down ‘IPStorm’ Malware That Targeted Windows, Mac, Linux
• LockBit ransomware group assemble strike team to breach banks, law firms and governments
• Lockbit Gang Behind ICBC Attack Hacks Into Chicago Trading Company
• Ransomware more efficient than ever, and baddies are still after your logs
• Samsung says hackers accessed customer data during year-long breach
• JeffCo Colorado Schools hacker demands ransom to be paid
• Iranian hackers launch malware attacks on Israel’s tech sector
• Long Beach, California turns off IT systems after cyberattack
• LockBit ransomware leaks gigabytes of Boeing data
• Toyota Financial Services claimed by Medusa ransomware
• Dragos cybersecurity claimed by ransomware cartel
• Major Canadian fintech Moneris claimed by Medusa ransomware
• FBI: Royal ransomware asked 350 victims to pay $275 million
• Google fights scammers using Bard hype to spread malware
• Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups
• WordPress 6.4.1 Fixes a Critical cURL/Requests Bug
• WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks
• Major Phishing-as-a-Service Syndicate ‘BulletProofLink’ Dismantled by Malaysian Authorities
• Cybersecurity experts talk ‘security incident’ that shut down Kansas court system
• Pharmacy provider Truepill data breach hits 2.3 million customers
• Chinese Bitcoin Mining Operations Raise U.S. National Security Alarm
• Chess.com Faces Second Data Leak: 476,000 Scraped User Records Leaked
• Lorenz ransomware gang hit Texas-based Cogdell Memorial Hospital
• Yamaha Motor confirms ransomware attack on Philippines subsidiary
• In a first, cryptographic keys protecting SSH connections stolen in new attack
• Gamblers’ data compromised after casino giant fails to set password
• Cyberattack on North Carolina county allowed hackers to access data
• 21 Vulnerabilities Discovered in Crucial IT-OT Connective Routers
• New Ransomware Group Emerges with Hive’s Source Code and Infrastructure
• ChatGPT’s New Code Interpreter Has Giant Security Hole, Allows Hackers to Steal Your Data
• BlackCat plays with malvertising traps to lure corporate victims
• 8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader
• Port operator DP World failed to fix ‘critical’ CitrixBleed vulnerability in IT systems
• Australian regulators will compel businesses to report cyberattacks
• Auto supplier cyberattack affects Stellantis production
• Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers
• Workers are putting their companies at risk by downloading software without permission
• Novel backdoor persists even after critical Confluence vulnerability is patched
• FBI struggled to disrupt dangerous casino hacking gang, cyber responders say
• Fast-acting cyber gangs increasingly disabling telemetry logs
• Financial sector on edge after LockBit attack on major Chinese bank’s US unit
• San Francisco Waste-Hauling Giant Recology Hacked
• Rackspace Ransomware Costs Soar to Nearly $12M
• Rash of RCS spam spreads across the US
• Toronto Public Library confirms data stolen in ransomware attack
• Morgan Stanley fined over computers with personal data
• Ransomware responsible for shuttering St. Lucie County, FL tax collector’s computer system

Other News Events of Note and Interest

• Amazon’s in-house operating system, Vega OS, found pre-installed on the 3rd Gen Echo Show 5
• Apple to finally bring RCS to iPhones
• Google’s New Titan Security Key Adds Another Piece to the Password-Killing Puzzle
• T-Mobile Within Striking Distance of Becoming Fifth-Largest US ISP
• Fraudsters Abuse Google’s Copyright Takedowns to Target 117,000 URLs
• OpenAI Pauses New ChatGPT Plus Signups Due To Surge In Demand
• Backblaze Drive Stats for Q3 2023
• BRICS Looks to Ditch US Internet Services & Create New Alternative
• Bug hunters on your marks: TETRA radio encryption algorithms to enter public domain
• Microsoft releases AI tool for photorealistic copying of faces and voices
• Microsoft Loop is now generally available; new features are being tested in preview form
• Microsoft unveils new AI tools Copilot Azure, Copilot for Service and Copilot Studio at Ignite event
• Windows 10 is back, and it’s getting Microsoft’s AI-powered Copilot assistant
• Microsoft fixes Windows Server VMs broken by October updates
• Microsoft starts warning Windows 11 users to upgrade to 23H2
• Microsoft Windows 11 KB5032190 update enables Moment 4 features for everyone
• Microsoft Windows 10 KB5032189 update released with 11 improvements
• Microsoft completes improving Windows 11 23H2 Setup, WinRE, and OOBE with latest update
• Microsoft fixes Outlook Desktop bug causing slow saving issues
• Microsoft likens MFA to 1960s seatbelts, buckles admins in yet keeps eject button
• Microsoft combines Defender XDR and Sentinel security platforms with Copilot features
• Microsoft unveils the ‘Windows app’ for accessing Windows PCs in the cloud from any device
• Microsoft rebrands Bing Chat to Copilot, to better compete with ChatGPT
• Microsoft investigating Windows activation issues after closing a key loophole
• Windows Photos gets background remove and replace, along with other improvements
• OBS Studio 30.0 Released With Intel QSV AV1 On Linux, WHIP/WebRTC Output
• Blender 4.0 Released For This Incredible Open-Source 3D Modeling Software
• How to use the secret software installer on your Windows PC
• Cool Tool – Sysinternals Suite 2023.13.11
• Cool Tool – Wireshark 4.2.0 Released

Other News Events of Note and Interest

• HanesBrands receives $20.5M payout from ransomware attack
• Ransomware And Supply Chain Attacks Drive Rising Cyber Insurance Claims
• Cyber Security: Insurance Prices Level After Two Years of Brutal Increases
• Shielding your digital assets: How cyber insurance can provide a safety net in the face of growing cyber threats
• Companies are getting smarter about cyber incidents