November 2, 2024

Hello all,

Thankfully the US quadrennial election cycle is nearly finished. The incessant and continual droning of half-truths, outright lies, click-bait email and advertisements, deep-fakes, fear and doubt mongering, deceptive text messages, and just downright evil that has been so prevalent is alarming. And that’s just the threat actors that we in cyber security deal with on a regular basis. Don’t get me started on what we’ve witnessed because of the election! It will be a blissful relief to only deal with one assault on my sense of justice again. So, onward to the cyber security news.

As usual, my commentary is followed by a plethora of links to other items that are worth skimming to see if they interest you or pertain to your particular environment or of those you support.

Headline NEWS:

• Apple has thrown down the gauntlet and has challenged hackers to break into their Private Cloud Compute (PCC) server, offering up a bounty of up to $1 million. While not exactly small-change, if Cupertino manages to withstand the inevitable greedy hordes, it will be a tremendous advertising victory for them. May the odds be ever in their favor!
• Google patched a critical vulnerability in Chrome, that Apple told them about. Maybe Apple does have this security stuff figured out. Update your Google Chrome please.
• CyberPanel a webhosting control panel was recently warned of a critical vulnerability. Within 30 minutes of being informed of the issue, a patch was made available. Unfortunately, someone leaked the details before CyberPanel users were able to be alerted about the need to patch. Subsequently, over 22,000 CyberPanel managed servers were ransomwared by some evil named PSAUX. Thankfully, for those affected, LeakIX has made a free decryptor available. See the article for more information.
• PTZOptics cameras have patches available to plug two zero-days that were discovered via the use of AI vulnerability hunting software. They are being actively exploited, so if you have PTZOptics camera equipment, check yours for updates immediately.
• QNAP and Synology both were recently successfully exploited in Ireland’s Pwn2Own. Both manufacturers have now released several updates to address vulnerabilities that were used and subsequently responsibly reported. At least one of these requires no clicks on the part of the intended target. If you use either, update as soon as is practical to avoid becoming a victim.
• Windows Themes has another zero-day vulnerability which allows threat actors to steal NTLM credentials. This defect is not very difficult to exploit, but thankfully does require some user interaction to detonate. Hopefully, Microsoft will plug this hole in this month’s patch cycle.

In Ransomware, Malware, and Vulnerabilities News:

• China is either ramping up their efforts to hack the planet, or security agencies are becoming more aware and better at detection. There are at least six different articles in this section reporting on and describing various nefarious activities of the Middle Kingdom and its denizens. Of course, they are not alone, Russia and DRPK are rather prominent as well this week.
• Nvidia has released updates for some high-severity vulnerabilities in their GPU products. Update quickly if you rely on them.

In Other News Events of Note and Interest:

• Google has been fined $20,000,000,000,000,000,000,000,000,000,000,000 (that’s 20 decillion dollars) by Russia in fines for blocking their content. The blocking started in 2020, so the court imposed a fine of 100 thousand rubles ($1,025) per day, with the total fine doubling every week. The total amount owed now is more money than exists on the planet. Maybe they can write them a check?
• Windows Server 2025 is here. On Saturday, Microsoft announced the General Availability of Windows Server 2025. There are a few known issues, so read the documentation before stepping out onto the bleeding edge of computing.

In Cyber Insurance News:

• Cyber Insurance and Deepfakes reports on what this phenomenon is (if you didn’t already know) and the implications and potential impacts on both the insured and insurance companies. The article advises the insured to “…clarify that their coverage does extend to these types of risks, and that the types of claims that arise shouldn’t be excluded by the fact that some kind of AI tool was used to propagate them…”

Musings:

As mentioned earlier, the US quadrennial election is nearly over. No matter which political party prevails, there will be a new US President taking office in a few months. There will be change. However, our job as cyber defenders does not change with the election cycle or political winds. It remains the same; be vigilant, safeguard our networks, our people, and to keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Apple is challenging hackers to break into the company’s servers
• Google Patches Critical Chrome Vulnerability Reported by Apple
• PSAUX ransomware takes down 22,000 CyberPanel servers in massive zero-day attack
• PTZOptics cameras zero-days actively exploited in the wild
• QNAP fixes NAS backup software zero-day exploited at Pwn2Own
• Critical QNAP HBS zero-day addressed
• Synology hurries out patches for zero-days exploited at Pwn2Own
• Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack
• Windows Themes zero-day bug exposes users to NTLM credential theft 

Ransomware, Malware, and Vulnerabilities News

• Anthropic warns of AI catastrophe if governments don’t regulate in 18 months
• Five Eyes nations tell tech startups to take infosec seriously. Again
• Joint Statement by FBI and CISA on PRC Activity Targeting Telecommunications
• FBI has conducted more than 30 disruption operations in 2024
• Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services
• Chinese hackers had access to Canadian government systems for years
• Chinese threat actor uses credentials from password spray attacks from a covert TP Link network
• Taiwanese Facebook Biz Pages Fall to Infostealer Campaign
• Russian hackers target US officials in a new spear-phishing campaign
• More than half of all cyber attacks in agrifood are ransomware
• Unmasking the SYS01 Infostealer Threat
• Hikvision Network Camera Flaw Let Attackers Intercept Dynamic DNS Credentials
• Thousands of hacked TP-Link routers used in years-long account takeover attacks
• Threat actors are stepping up their tactics to bypass email protections
• qBittorrent RCE Vulnerability Let Attackers Inject Malicious Script
• Hundreds of online shops have been hacked to show fake product listings in major phishing scam
• LastPass warns of fake support centers trying to steal customer data
• Google’s ‘Big Sleep’ AI Project Uncovers Real Software Vulnerabilities
• The biggest underestimated security threat of today? Advanced persistent teenagers
• Sophos Used Custom Implants to Surveil Chinese Hackers Targeting Firewall Zero-Days
• Dutch Police Disrupt Major Info Stealers RedLine and MetaStealer in Operation Magnus
• Uncle Sam outs a Russian accused of developing Redline infostealing malware
• 2024 looks set to be another record-breaking year for ransomware — and it’s likely going to get worse
• Amazon adds MFA to its enterprise email service … eight years after launch
• JPMorgan Chase, Wells Fargo and Bank of America Refuse To Define ‘Unauthorized Transaction’ As Customers Lose $320,000,000 To Scams on Zelle
• Nintendo Warns Users on Phishing Attack Mimics Company’s Email
• Admins better Spring into action over latest critical open source vuln
• Microsoft SharePoint RCE bug exploited to breach corporate network
• New Windows Themes zero-day gets free, unofficial patches
• VMWare vCenter Server RCE Vulnerability CVE-2024-38812 Detailed
• Cisco fixes bug under exploit in brute-force attacks
• Nvidia GPU driver addresses eight major high-severity vulnerabilities — Nvidia GPU owners should update ASAP
• New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors
• New tool bypasses Google Chrome’s new cookie encryption system
• Businesses expect cyber threats to rise, but aren’t ready for them
• How a series of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware
• China drafts quantum-proof protocol to defend against cyber attacks
• Albany ENT agrees to pay $500K in penalties over security breach
• California court suffering from tech outages after cyberattack
• Hackers Exploit SonicWall VPNs to Deploy Fog & Akira Ransomware
• SonicWall firewalls the common access point in spreading ransomware campaign
• Fortinet warns of new critical FortiManager flaw used in zero-day attacks
• Fortinet Vulnerability Has Seen ‘Mass Exploitations’
• Android malware “FakeCall” now reroutes bank calls to attackers
• LA housing authority confirms breach claimed by Cactus ransomware
• The Internet Archive is finally mostly back online after a series of cyberattacks
• Russia’s APT29 Mimics AWS to Steal Windows Credentials
• North Korea’s Andariel Pivots to ‘Play’ Ransomware
• New Windows Driver Signature bypass allows kernel rootkit installs
• A Sherlock Holmes Approach to Cybersecurity: Eliminate the Impossible with Exposure Validation
• Hackers find 15,000 credentials by scanning for git configuration
• Hackers Downgrading Remote Desktop Security Setting For Unauthorized Access
• LiteSpeed Cache WordPress plugin bug lets hackers get admin access
• Realtek SD Card Reader Driver Flaws Impact Dell, Lenovo, And Other Laptops 

Other News Events of Note and Interest

• Cool Tool: How to make LibreOffice look more like Microsoft Office
• Russian court fines Google $20,000,000,000,000,000,000,000,000,000,000,000
• Google Chrome adds new and improved performance controls
• Chinese chipmaker’s new 7nm CPUs reportedly outperform Intel’s Raptor Lake
• ICANN to raise domain name fees
• Mozilla celebrates 20 years with Firefox 132, blocks third-party cookies
• Mysterious AI Image Generator More Powerful Than Midjourney Breaks Cover
• Intel rolls out microcode fix for crashing 13th/14th Generation processors through the Linux Kernel
• 2025 Cyber Security Predictions
• The Amazon Echo graveyard
• Android files are now visible in Windows File Explorer via Wi-Fi
• How to move Windows default folders to other drives
• Put End-of-Life Software to Rest
• CrowdStrike Strikes Back With Official Counterclaim Against Delta Air Lines
• Opera will ‘independently’ continue supporting uBlock Origin by modifying Chromium’s codebase
• Disgruntled customers discuss quitting VMware
• Broadcom Bringing back VMware vSphere Standard and Enterprise Plus!
• VMware by Broadcom lifts storage allowances and prices for vSphere Foundation
• Satya Nadella asked for 50% cut in his incentive payout over security failures
• Exchange Online adds Inbound DANE with DNSSEC for everyone
• How to use a laptop as a second monitor on Windows 11
• Microsoft wants $30 to let you keep using Windows 10 securely for another year
• Microsoft: Windows Server 2025 now generally available alongside System Center 2025
• Microsoft Entra “security defaults” to make MFA setup mandatory
• Microsoft says Google is behind ‘shadow campaigns’ to undermine its cloud business
• Microsoft Edge gets fixes for STATUS BREAKPOINT error and two security vulnerabilities
• Microsoft Teams now allows you to choose a skin tone for emojis and reactions
• Microsoft improves multitasking in Office on iOS and Android
• Microsoft Teams is getting threads and combined chats and channels
• Microsoft shares workaround for Outlook freezes when copying text
• Microsoft shares full list of Windows Server 2025 supported CPUs, includes Pentium too
• Microsoft’s Windows 11 24H2 bug patch fixes some problems – and creates new ones
• Windows 11 24H2: The hardware and software blocking the new update
• Microsoft confirms Windows 11 24H2 Task Manager issues
• Microsoft just delayed Recall again
• Microsoft confirms Azure Virtual Desktop black screen and Office app issues in Windows 10
• Microsoft changing how to enable/disable New Outlook for Windows, Outlook for the Web
• Automattic’s Response To WP Engine Lawsuit Reframes Narrative 

Cyber Insurance News

• Massive data breach exposes 800,000 insurance customers’ personal information
• EDUCAUSE ’24: The Changing Landscape of Cyber Insurance
• How insurers can tackle the cyber insurance risk of deepfakes