November 25, 2023

Hello all,

While the flurry of notices from Patch Tuesday are now behind us, vulnerabilities, patches, exploits, and other tech excitement continues. OpenAI made headlines for themselves and Microsoft for much of the week with Sam Altman news. The dust appears to have settled now with Mr. Altman back in charge and Microsoft in a more secure position in regard to their endeavors with AI.

After the Black Friday shopping frenzy of this past week Cyber Monday is upon us. Awesome tech deals are to be found, but be very wary of scammers, spoofers, phishers, and malvertizers. They will be out in force to try to con their share of the holiday booty. Now, on to the news of the week.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

• Crypto Mining Rig found under floor of courthouse. You can’t make this stuff up. This is actually the second time I’ve seen a headline like this. Long Island, NY, had a similar problem that may have contributed to a ransomware event that Suffolk County is still attempting to recover from over 2 years later.
• Black Friday – phishing emails were up 237% from just prior. Clearly the bad guys want to reap their share of the shopping frenzy too. Stay vigilant.
• Broadcom has finally gotten approval from the last holdout – China – for their takeover of VMware. Now, comes the reorganizing. We’ll have to wait to see what emerges as a result.
• Fidelity National Financial a Fortune 500 company based out of Jacksonville, FL suffered a cyber-event that forced them to shut down much of their IT Systems. The result has been that real estate closings using their services have had to be postponed or rescheduled with other companies.
• Lenovo recalled USB-C power banks due to risk of fire. If you have one, check if it is on the recall list and if so, immediately discontinue using it. Contact Lenovo and they will ship you a free replacement.
• Microsoft / Open AI / Sam Altman were in the news quite a bit this past week. First Sam Altman was fired by the Open AI board, then Microsoft hired him, and finally he’s back in charge at OpenAI and Microsoft now is much more entrenched in the running of Open AI.
• Microsoft Defender bounty program. If you can find problems, you can earn up to $20k in reward from the Redmond giant.

In Ransomware, Malware, and Vulnerabilities News:

• Huntress published a Small Medium Business (SMB) Threat Report that is excellent reading.
• Toronto Public Library suffered a ransomware attack a month ago. They expect to begin restoring service in January.

In Other News Events of Note and Interest:

• CISA is offering to be an MSSP to critical infrastructure organizations. Hmm…
• NIS2 is a Network and Information Systems Directive due to come into effect in October 2024, seeks to improve cyber resilience in the European Union. In Article 21 it essentially makes any non-EU based supplier to an EU country subject to NIS2’s reporting requirements.

In Cyber Insurance News:

• CISA has relaunched a working group on Cyber Insurance – Cybersecurity Insurance and Data Analysis Working Group (CIDAWG). The stated goal of the resurrected group is “aid in determining the most effective security tools to defend against increasingly sophisticated attacks and help improve enterprises’ security postures.”

I asked my AI overlord to help me with a holiday shopping themed poem. Here it is:

Here’s a rhyme for you, I hope it’s fun,
About holiday cybercrime, and how to shun.
Fake websites with irresistible deals,
Are often used to scam and steal.
Web-based malware, phony ads,
Free or discounted products, all bad.
Social media scams, counterfeit items galore,
Gift vouchers, cards, and free products, all with a malicious core.
To protect yourself, patch and update,
Pay attention to errors, don’t take the bait.
Use a credit card, not a debit one,
For online purchases, so you’re not undone.
If something seems too good to be true,
Be like the jolly old saint, and check twice, it’s the right thing to do.

May your shopping be safe and provide you with awesome deals galore!

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Crypto Mining Rig Discovered Under Floor of Courthouse, Stealing Power
• Black Friday: Phishing Emails Soar 237%
• Broadcom closes $69 billion VMware deal after China approval
• Fidelity National Financial shuts down network in wake of cybersecurity incident
• Lenovo Recalls USB-C Laptop Power Bank Due to Fire Risk
• Microsoft hires former OpenAI CEO Sam Altman
• Sam Altman returns as OpenAI CEO, Microsoft scores with tighter control
• Microsoft launches Defender Bounty Program with $20,000 rewards

Ransomware, Malware, and Vulnerabilities News

• CISA, FBI Warn on LockBit Critical Infrastructure Assaults
• New CISA warning: Thanksgiving clickjacking threat in popular browsers
• Navy publishes first cyber strategy, prioritizing defense of ‘information ecosystem’
• Huntress SMB Threat Report – pdf link
• Exploit for Critical Windows Defender Bypass Goes Public
• Hackers Exploiting Windows SmartScreen Zero-day Vulnerability
• New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login
• Cyberattack on IT provider CTS impacts dozens of UK law firms
• Sophos Web Appliance vulnerability exploited in the wild
• Hackers are exploiting a flaw in Citrix software despite fix
• Lumma malware can allegedly restore expired Google auth cookies
• Scattered Spider Hops Nimbly from Cloud to On-Prem in Complex Attack
• DPRK Hackers Masquerade as Tech Recruiters, Job Seekers
• Stealthy WailingCrab Malware misuses MQTT Messaging Protocol
• Enterprise software provider TmaxSoft leaks 2TB of data
• InfectedSlurs Botnet Spreads Mirai via Zero-Days
• Mozilla Firefox 120 is out with Security Vulnerability fixes
• Lace Tempest Exploits SysAid Zero-Day Flaw
• US Seizes $9m From Pig Butchering Scammers
• Atomic Stealer distributed to Mac users via fake browser updates
• ClearFake Campaign Expands to Target Mac Systems with Atomic Stealer
• Greater Paris wastewater agency dealing with cyberattack
• Indian Hack-for-Hire Group Targeted U.S., China, and More for Over 10 Years
• Canadian government discloses data breach after contractor hacks
• Lumma Stealer malware now uses trigonometry to evade detection
• DarkGate and PikaBot Malware Resurrect QakBot’s Tactics in New Phishing Attacks
• NetSupport RAT Infections on the Rise – Targeting Government and Business Sectors
• Al-Aqsa Flood hacker group claims breach of Israeli Defence Ministry data
• KyberSwap hacker opens door for negotiations after $45 million exploit
• UK and South Korea: Hackers use zero-day in supply-chain attack
• How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography
• DDoS Attack Makes Blender.org Servers Unreachable
• ‘Tis the Season for Cybercrime: What to Watch for and How to Protect Yourself
• Cyberattackers leaked data of 27,000 NYC Bar Association members
• Kansas courts confirm data theft, ransom demand after cyberattack
• Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits
• VX-Underground malware collective framed by Phobos ransomware
• Scammers creating fake retail website copycats – How to spot them
• Comparative Study Results on Linux and Windows Ransomware Attacks
• Konni RAT Exploiting Word Docs to Steal Data from Windows
• Nessus Vulnerability Let Attackers Alter Rules Variables
• Russian-made Ukraine-targeting malware has infested systems worldwide, spreading via USB stick
• Chinese spies had acces to Dutch chip maker NXP’s systems for over two years: report
• Toronto Public Library says services affected by cyberattack to be restored starting in January
• Warning: 3 Critical Vulnerabilities Expose ownCloud Users to Data Breaches
• Cybercriminals turn to ready-made bots for quick attacks
• Thousands of exposed gas pumps invite cyberwarriors
• General Electric investigates claims of cyber attack, data theft
• Splunk RCE Vulnerability Let Attackers Upload Malicious File
• APT29 group exploited WinRAR 0day in attacks against embassies
• Microsoft: Lazarus hackers breach CyberLink in supply chain attack
• Hacktivists breach U.S. nuclear research lab, steal employee data

Other News Events of Note and Interest

• CISA launches pilot program offering ‘cutting-edge’ services to critical infrastructure orgs
• FCC adopts new rules to protect consumers from SIM-swapping attacks
• 9 in 10 organizations have embraced zero-trust security globally
• NIS2 and its global ramifications
• AI Solutions Are the New Shadow IT
• Ten-month burn-in testing reveals all OLED monitors and TVs suffer some amount of burn-in
• Ex-infosec COO pleads guilty to nightmarish sales strategy
• Google’s refreshed Chrome Web Store is now up and running for everyone
• Facebook-parent Meta breaks up its Responsible AI team
• Meta launches AI-based video editing tools
• Protect your digital life with these three free tools from pCloud
• Cool Tool – Inkscape 1.3.1 Released with More Than 70 Bug Fixes and Two New Features
• Cool Tool – LibreOffice 7.6.3 Office Suite Is Out Now with More Than 110 Bug Fixes
• Cool Tool – FFmpeg 6.1 drops a Heaviside dose of codec magic
• Cool Tool – Notepad++ v8.6: 20th-Year Anniversary
• Network security tops infrastructure investments
• Lastpass: How to create passkeys
• How to Create a GPT with ChatGPT: A Quick Guide With Pictures
• Carriers must act now to avoid FMCSA portal lockouts
• Your password hygiene remains atrocious, says NordPass
• How to boost Security with Self-Service Password Resets
• How to Repair Windows 11 With an In-Place Upgrade (and Keep Your Personal Data)
• A quick look back at the actual launch of Microsoft Windows 1.01 38 years ago today
• Microsoft CEO Satya Nadella’s journey to the top seat
• Microsoft Emerges as the Winner in OpenAI Chaos
• Microsoft Launches New SharePoint Premium Solution
• Microsoft shares love with Windows 10 too as 22H2, 21H2 receive Setup improvement
• Microsoft confirms broken Narrator when clean-installing Windows 11 version 23H2
• Microsoft Windows 11 EU changes now live in massive new build 22631.2787
• Windows 11 KB5032190 issues: disappearing taskbar icons, and other bugs
• Windows 11 November 2023 Update fixes AMD profile reset bug
• Windows 10 to let admins control how optional updates are deployed

Cyber Insurance News

• Chubb ranked largest US cyber insurer for third year running by AM Best
• Focus Report: 2023 Cyber Market Outlook
• Coalition’s data showed a 12% increase in cyber claims during the 2023
• CISA relaunches working group on cyber insurance, ransomware