November 4, 2023

Hello all,

Happy November all! This week was somewhat quiet until Cisco threw out a bunch of vulnerability updates. There are quite a few other significant and interesting items, so let’s get to them.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

• Atlassian has published warnings and updates for a critical Confluence Data Center and Server vulnerability.
• Cisco unveiled 27 vulnerabilities in Adaptive Security Appliance (ASA), Firepower Management Center (FMC), and Firepower Threat Defense (FTD) products. Additionally, Cisco released updates for AnyConnect SSL/TLS VPN connections and urges updating asap.
• Microsoft Windows 11 Pro turns on BitLocker drive encryption by default, a good thing. Unfortunately, Microsoft opted for software encryption instead of using hardware, so up to a 45% reduction in SSD performance may result. Windows 11 23H2 has now been unleased on the world. The ISO can be downloaded directly from Microsoft.
• Siemens and Microsoft are collaborating on integrating Microsoft’s AI into Siemens’ robots, anticipating huge productivity gains as machine learning optimizes factory functions. Why do I have images of a T800 from the movie Terminator flashing in my mind?

In Ransomware, Malware, and Vulnerabilities News:

• Email phishing attacks are up 1,265% since the introduction of ChatGPT. Wow!
• Domains ending in .US are being used as URL shorteners for malicious purposes. I received one this week via SMS. Stay vigilant.
• Apache ActiveMQ servers are being actively targeted by malactors. If you have this exposed to the internet, patch immediately!

In Other News Events of Note and Interest:

• FTC has put out new requirements for non-bank entities that deal with finances. They impact a huge swath of companies. It is worth your time to evaluate whether your compliance is expected, and to take appropriate action.
• Brave, the company behind the browser of the same name has given birth to a privacy focused AI named Leo. It is integrated into their browser.

In Cyber Insurance News:

• Many SMEs have a gap in coverage. Check your policies to verify you understand what is and isn’t covered.

One item from this week’s news warrants a special callout. ServiceNow published information about how a misconfiguration could result in “unintended access” to data. Further, the configuration mentioned has existed since 2015. There have been numerous news reports of companies breached recently that resulted in connected companies suffering exfiltration or worse. All of us should be asking how many vendors do I integrate with that have access to my data or I have access to theirs? Is it secure? What are their security practices? What happens when one side is breached? Do I have a plan for that eventuality?

Unfortunately, cybersecurity is mountainous terrain, and it isn’t possible to fly under the radar. We must have adequate defenses to fly in our environment.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Atlassian Warns of New Critical Confluence Vulnerability Threatening Data Loss
• Cisco Patches 27 Vulnerabilities in Network Security Products
• Cisco AnyConnect SSL VPN Flaw Let Attacker Launch DoS Attack
• Default Windows 11 feature slows SSDs up to 45%: How to fix it
• Microsoft Rolls Out Windows 11 Version 23H2
• Siemens and Microsoft reveal new era of human-machine collaboration

Ransomware, Malware, and Vulnerabilities News

• New CVSS 4.0 vulnerability severity rating standard released
• MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile
• Microsoft Temporarily Disables SketchUp Support After Discovery of 117 Vulnerabilities
• Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop
• Security researchers observed ‘deliberate’ takedown of notorious Mozi botnet
• New Microsoft Exchange zero-days allow RCE, data theft attacks
• Ace Hardware hit with cyber breach
• AP news site hit by apparent denial-of-service attack
• Boeing Confirms Cyberattack, System Compromise
• Email Phishing Attacks Up 1,265% Since ChatGPT Launched
• Domains Ending in .US Harbor Prolific Malicious Link Shortening Services
• US-led coalition of nations agrees to end ransomware payments to hackers
• Why ransomware victims can’t stop paying off hackers
• Exploit released for critical Cisco IOS XE flaw, many hosts still hacked
• D-LINK SQL Injection Vulnerability Let Attacker Escalate Privileges
• New malware campaign uses MSIX packages to infect Windows PCs
• Dallas County targeted in cyber attack, extent of damage unknown
• BlackCat ransomware claims breach of healthcare giant Henry Schein
• Mortgage and loan giant Mr. Cooper blames cyberattack for ongoing outage
• California community college Río Hondo dealing with cybersecurity incident
• It looks like Shimano has been hit by a massive ransomware attack
• Major Mexican airport confirms experts are working to address cyberattack
• Infosys says US unit hit by cybersecurity attack, read company’s statement to BSE
• Cybersecurity incident shuts down DePauw University computer systems
• British, Toronto Libraries Struggle After Cyber Incidents
• Malware ‘Meal Kits’ Serve Up No-Fuss RAT Attacks
• All the Shady Things You Can Do With a Flipper Zero
• Blockstream Publishes Phishing Investigation Results
• Microsoft is overhauling its software security after major Azure cloud attacks
• New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes
• 3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online
• HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability
• Hackers email stolen student data to parents of Nevada school district
• Russian hacking tool floods social networks with bots, researchers say
• HHS’ Office for Civil Rights Settles Ransomware Cyber-Attack Investigation
• IAM Credentials in Public GitHub Repositories Harvested in Minutes
• Researchers Find 34 Windows Drivers Vulnerable to Full Device Takeover
• ServiceNow Data Exposure: A Wake-Up Call for Companies
• RCE exploit for Wyze Cam v3 publicly released, patch now
• Researcher Claims to Crack RSA-2048 With Quantum Computer
• Malvertising via Dynamic Search Ads delivers malware bonanza
• Trojanized PyCharm Software Version Delivered via Google Search Ads
• Turla Updates Kazuar Backdoor with Advanced Anti-Analysis to Evade Detection
• Florida man jailed after draining $1M from victims in crypto SIM swap attacks
• Ransomware crooks SIM swap medical research biz exec, threaten to leak stolen data
• Get your very own ransomware empire on the cheap, while stocks last
• US: Major Russian cyberattack compromised 632,000 Pentagon, DOJ email addresses
• SEC charges SolarWinds CISO with fraud for misleading investors before major cyberattack
• Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

Other News Events of Note and Interest

• Cool Tool – Glary Utilities 6.1.0.1
• Cool Tool – VLC Media Player 3.0.20
• Quick as a Fox: Firefox keeps getting faster
• Navigating the Treacherous New FTC Safeguards Rule
• ChatGPT Plus is getting a major ease-of-use upgrade
• FTC orders non-bank financial firms to report breaches in 30 days
• CISA cybersecurity plan offers possibility of real results
• Meta to Charge Monthly Fees For Using Facebook and Instagram
• Global AI Cybersecurity Agreement Signed At Turing’s Bletchley Park
• YouTube is now fully blocking ad blockers around the world
• Proofpoint Signs Definitive Agreement to Acquire Tessian
• This Free Software Can Tell If Your Storage Drive is Counterfeit
• Intel’s Itanium Is Finally Laid To Rest After Linux Yanks IA-64 Support
• Microsoft pledges to bolster security as part of ‘Secure Future’ initiative
• What the White House executive order on AI means for cybersecurity leaders
• Asahi Linux goes from Apple Silicon port project to macOS bug hunters
• Google Chrome now auto-upgrades to secure connections for all users
• Canada bans WeChat, Kaspersky applications on government devices
• Google rolls out “.ing” web domains—and prices are already in the thousands
• Brave rivals Bing and ChatGPT with new privacy-focused AI chatbot
• IAmReboot: Malicious NuGet packages exploit loophole in MSBuild integrations
• How to use PowerToys to manage environment variables on Windows 11
• Microsoft unveils ‘LeMa’: A revolutionary AI learning method mirroring human problem solving
• Microsoft rolls out Channels revamp for both classic and new Teams apps
• Microsoft Teams updates in October 2023 included a new People app and more
• Windows 11 adds support for 11 file archives, including 7-Zip and RAR
• How to Ungroup Taskbar Icons on Windows 11
• How to use a mouse via your keyboard on Windows 11
• Windows 11 now lets you write anywhere you can type
• Windows 11 will throttle ‘excessive’ AI users as Copilot rolls out
• New Windows 11 update accidentally nerfs gaming performance
• Windows 10 KB5031445 preview update fixes ctfmon.exe memory leak, 9 issues
• Windows Copilot makes desktop icons jump between displays
• PowerToys 0.75 now available with new settings dashboard homepage and environment variables editor

Cyber Insurance News

• Is state intervention needed for cyber insurance?
• Cyber insurance policies get clicks as victims look to cover
• Cyber insurance: why it pays to be responsible
• Does cyber insurance truly mitigate financial risks?
• Many SMEs are being left with a gap in coverage for cyber insurance