Hello all,
A few of the notable call-out’s from this week’s report (found below this introduction) are:
- Kerberos authentication was broken for some orgs by Microsoft’s November Patch Tuesday. This week Microsoft released an Out Of Band update to fix the issue
- Spotify’s Backstage has an RCE
- F5 BIG-IP and iControl REST have vulnerabilities that require patching
- Russian software has been found in use in the US Army and the CDC
- FBI director is “extremely concerned” about TikTok
- Okta had a major SSO failure with Microsoft this past week, fixes are now available
- Zendesk has SQLi and Access vulnerabilities
- Amazon’s RDS snapshots found to leak PII
- Nvidia fixed a major bug with Windows 11 driver
- Microsoft Office Excel needs to be updated ASAP to fix a vulnerability
- Atlassian Crowd Data Center and Server require updating to fix a critical vulnerability
- Tableau requires an update to fix a critical vulnerability – There is no advisory listed on the web yet, so there is no link in our Red-N report. They sent an email to customers. The fix is to update to the latest version.
I just read an interesting article that said Turkeys are notoriously difficult to hunt. They are well camouflaged and are “the smartest and wariest creatures in the woods”. This Thanksgiving, make sure your network is difficult to hunt, well camouflaged, and is one of the smartest and wariest creatures on the internet.
May this week bring thankfulness to mind and heart!
Viscount Zebullon Pike
Headline NEWS
- Windows Kerberos authentication breaks after November updates
- OOB update to address an issue with sign in and Kerberos authentication
- Experts found critical RCE in Spotify’s Backstage
- F5 BIG-IP and iControl REST Vulnerabilities and Exposures
- Russian software disguised as American finds its way into U.S. Army, CDC apps
- FBI director says he’s ‘extremely concerned’ about China’s ability to weaponize TikTok
- Okta shares workaround for ongoing Microsoft 365 SSO outage
- Varonis Threat Labs Discovers SQLi and Access Flaws in Zendesk
- Amazon RDS snapshots allow extensive leakage of personally identifiable information
- Nvidia finally fixes a major Windows 11 bug causing 100% usage on idle GeForce GPUs
- Microsoft Office lets hackers execute arbitrary code, update now
- Atlassian Crowd Data Center and Server 5.0 critical vulnerability
Other News Events of Note and Interest
- 2022 Global Threat Report
- Top cybersecurity threats for 2023
- Is Your Board Prepared for New Cybersecurity Regulations?
- The Shifting Role of the CISO
- Android phone owner accidentally finds a way to bypass lock screen
- New Quick Assist app will soon be integrated into Windows
- More malware is being hidden in PNG images, so watch out
- A Better Way to Resist Identity-Based Cyber Threats
- Australia is considering a ban on cyber ransom payments
- Microsoft fixes Windows DirectAccess connectivity issues
- Whoosh confirms data breach after hackers sell 7.2M user records
- Jackson, Hillsdale county MI schools canceled Tuesday, Nov. 15, due to ransomware attack
- Previously unidentified ARCrypter ransomware expands worldwide
- Ransom attack cripples Vanuatu government systems, forces staff to use pen and paper
- LockBit Remains Most Prolific Ransomware in Q3
- Security Think Tank: Let’s be transparent about ransomware
- Researchers Sound Alarm on Dangerous BatLoader Malware Dropper
- 5 Kali Linux tools you should learn how to use
- How North Korea became a mastermind of crypto cybercrime
- State-sponsored hackers in China compromise certificate authority
- Transforming the Vulnerability Management Landscape – CISA
- NASA helped find a network security hole in spacecraft networks
- Mass Email Extortion Campaign Claims Server Hack
- Disneyland Malware Team: It’s a Puny World After All
- WASP malware stings Python developers
- Updated RapperBot malware targets game servers in DDoS attacks
- Meta’s new kill chain model tackles online threats
- MFA Fatigue attacks are putting your organization at risk
- MITRE Engenuity Launches Evaluations for Security Service Providers
- Iranian hackers use Log4Shell to mine crypto on federal computer system
- After all the Windows 11 security touting, Microsoft Defender comes last in AV-TEST’s result
- Microsoft Security hardening for Netlogon and Kerberos starting with November 2022 security update
- Misconfigurations, Vulnerabilities Found in 95% of Applications
- Microsoft has fixed bug causing Windows 10 freezes and desktop issues
- QBot phishing abuses Windows Control Panel EXE to infect devices
- Passkeys are here for iOS and coming soon to Android
- Highly Sophisticated Phishing Scams Are Abusing Holiday Sentiment
- Rufus 21 Beta is out with improved Windows support and several fixes
- Russian Duo Indicted Over E-Book Piracy – Z-Library shut down
- Researchers Quietly Cracked Zeppelin Ransomware Keys
- Instagram Impersonators Target Thousands, Slipping by Microsoft’s Cybersecurity
- People are Still Using the Dumbest Passwords Available
For a PDF version of this week’s report, click here.