Hello all,
Hurricane Milton moved ashore with a swath of renewed devastation across a large portion of Florida’s West Coast this past week, further stressing and testing Disaster Recovery and Business Continuity plans still attempting to recover from Hurricane Helene. It is three days after landfall and power is still out for millions, me included. I’m writing via generator power and phone hotspot. Thankfully my home was undamaged and I’m able to publish this week. So, let’s move onto the cyber news.
As usual, my commentary is followed by a plethora of links to other items that are worth skimming to see if they interest you or pertain to your particular environment or of those you support.
Headline NEWS:
- Apache Avro SDK has a critical defect that allows Remote Code Execution in Java applications. Upgrade to the latest version to fix the flaw.
- FTC and CISA warn of hurricane related scams. There are scores of evil people that take advantage of others when they are knocked down. Beware.
- iTunes 0-day Local Privilege Escalation (LPE) defect lets attackers hack windows. Upgrade to the latest version to mitigate.
- Ivanti Cloud Service Appliance (CSA) is under active exploitation for three separate defects. The latest version closes the holes. You should follow Ivanti guidance to check for exploitation prior to patching.
- Microsoft Patch Tuesday was this past week, and as predicted, it was large. There are at least 5 zero-days in this list, along with 118 other patches, so vet quickly.
- Mozilla Firefox in a rare event (unlike Google Chrome) patched a zero-day defect this past week. It is their first for the year. That’s not to imply they don’t have defects, it’s just that they rarely make it to zero-day status.
- Palo Alto Networks “warned customers today to patch security vulnerabilities (with public exploit code) that can be chained to let attackers hijack PAN-OS firewalls.” Proof of Concept code is already out there, so don’t wait to patch this.
In Ransomware, Malware, and Vulnerabilities News:
- Chinese Scientists hack Military Grade Encryption in a scary and revelatory announcement for the future of encryption and security. What is particularly troubling is that this was done on a relatively available Quantum computer.
- Internet Archive Hacked. The stalwart organization that attempts to record and store the history of the internet and websites was apparently breached and attacked in two separate incidents. What type of vandal goes after a library, potentially wiping out our digital history? Is this the work of Taliban-like Luddites?
In Other News Events of Note and Interest:
- Windows 11 24H2 is now publicly available (as I published last week). This past week’s Patch Tuesday included some fixes, and apparently broke some things as well. Before taking the plunge and replacing your operating system with this new version (yes, it is an OS replacement) make sure you are aware of the potential pitfalls and have a roll-back plan. Some organizations have had to wipe and reload with a prior version of Windows to get functionality restored.
In Cyber Insurance News:
- Ransomware losses are up 68% in the first half of 2024 and as a result, predictions are that costs will rise. Yay?
Musings:
Cyber criminals are opportunistic dirtbags. My wife received a very well worded professional sounding text message soliciting “donations for families” due to the hurricanes. It was a heart-tugging plea to help supply families with food, shelter, and mothers with diapers for their babies – providing a helpful link where you are asked to give $50. There is a special place reserved in hell for these cockroaches of the criminal underworld. If you choose to help financially, please check the impacted states’ websites. They all list reputable agencies that are helping, and how you can help. Don’t feed the roaches.
Keep the shields up.
Viscount Jan Broucinek
Red Dot Security News
Headline NEWS
- Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications
- FTC, CISA warn of hurricane-related scams as Hurricane Milton nears Florida
- iTunes 0-day Privilege Escalation Flaw Let Attackers Hack Windows
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws
- Microsoft Confirms Exploited Zero-Day in Windows Management Console
- Windows 10 KB5044273 update released with 9 fixes, security updates
- Windows 11 KB5044284 and KB5044285 cumulative updates released
- Mozilla fixes Firefox zero-day actively exploited in attacks
- Palo Alto Networks warns of firewall hijack bugs with public exploit
Ransomware, Malware, and Vulnerabilities News
- Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit
- CISA says critical Fortinet RCE flaw now exploited in attacks
- CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance
- DHS solicits feedback on cybersecurity incident reporting process, plans to enhance online form
- US and UK govts warn: Russia scanning for your unpatched vulnerabilities
- Sharp Increase In Malware Detections On Vessels
- 90% of Successful Attacks Result in Leaked Data
- Qualcomm patches high-severity zero-day exploited in attacks
- AI Now a Staple in Phishing Kits Sold to Hackers
- OpenAI details how threat actors are abusing ChatGPT
- Anthropic’s Claude vulnerable to ’emotional manipulation’
- Attackers are using QR codes sneakily crafted in ASCII and blob URLs in phishing emails
- Massachusetts shuts down payroll system after successful phishing campaign
- Hackers Exploit Visual Studio RCE Vulnerability Via Dump Files
- National Public Data files for bankruptcy, admits ‘hundreds of millions’ potentially affected
- About a quarter million Comcast subscribers had their data stolen from debt collector
- A close call with crafty scammer posing as Microsoft support
- Water supplier American Water Works says systems hacked
- The Internet Archive is under attack, with a popup claiming a ‘catastrophic’ breach
- The Internet Archive hacked, data breach impacts 31 million users
- North Korean Hackers Attacking U.S. Organizations With Unique Hacking Tools
- North Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware
- Hackers Exploiting DNS Tunneling Service To Bypass Network Firewalls
- Hackers Hide Remcos RAT in GitHub Repository Comments
- GitLab warns of critical arbitrary branch pipeline execution flaw
- Chinese-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ Cyberattack
- Chinese Hackers Sent OpenAI Staff Malware in Spear-Phishing Attacks
- Chinese scientists hack military grade encryption on quantum computer
- The 30-year-old internet backdoor law that came back to bite
- Homeland Security Blocked 500+ Ransomware Attacks Since 2021
- Ukrainian pleads guilty to operating Raccoon Stealer malware
- European govt air-gapped systems breached using custom malware
- ADT discloses second breach in 2 months, hacked via stolen credentials
- Casio reports IT systems failure after weekend network breach
- Underground ransomware claims attack on Casio, leaks stolen data
- Ransomware threat groups are on the rise, so be on your guard
- Lynx Ransomware: A Rebranding of INC Ransomware
- Ransomware operators exploiting a Veeam Backup & Replication defect that has a patch available
- Dark Angels Ransomware Attacking Windows And Linux, ESXi Systems
- Meow ransomware gang claims Superior Court of California
- Python-Based Malware Slithers Into Systems via Legit VS Code
- New Mamba 2FA bypass service targets Microsoft 365 accounts
- IBM X-Force: Hackers Using Phishing, BEC to Steal Cloud Credentials
- Storm-1575 Threat Actor Deploys New Login Panels for Phishing Infrastructure
- Why evolving cyber threats mean small businesses are ransomware targets
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks
- Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries
- Single HTTP Request Can Exploit 6M WordPress Sites
Other News Events of Note and Interest
- Cool Tool: PowerToys 0.85.1 is out and it fixes a couple of bugs
- Pentagon releases final CMMC rule, paving way for implementation
- The FBI Made a Crypto Coin Just to Catch Fraudsters
- EU adopts Cyber Resilience Act to secure connected products
- Microsoft outage knocks out Outlook, Teams and 365
- Intel says its Raptor Lake crashing chip nightmare is over
- You Need a Separate Network To Protect Yourself From Your Smart Devices
- T-Mobile and Starlink enable their satellite texting service in Florida
- IO domain names aren’t going away
- Intel Itanium gets a new lease on life, sort of — GCC 15 “un-deprecates” Linux compiler support
- A bug in Word deletes documents instead of saving them
- Passkeys on Windows: Authenticate seamlessly with passkey providers
- The Microsoft Feed will be removed across Microsoft 365 next month
- New Windows Feature Limits Admin Privileges
- Microsoft officially recommends a new PC and OneDrive to update to Windows 11
- Microsoft OneDrive Adds Filters to Enhance Search Experience
- Microsoft confirms New Outlook for Windows will soon launch without internet
- Microsoft Teams can now warn or block frontline workers when they access it after hours
- Microsoft fixes Remote Desktop issues caused by Windows Server update
- Windows 11 KB5044284 issues, update fails. KB5044285 also have issues for some users
- Warning: Windows 11’s big 2024 update takes a long time to install
- Windows 11 24H2 issue creates undeletable 8.63 GB Windows update cache
- Windows 11’s 2024 update is now also killing internet connections
- Removing Windows Recall breaks File Explorer in latest 24H2 update
- Windows 11 24H2 sfc bug
- WordPress vs WP Engine battle gets stupid, with new login box
Cyber Insurance News
- Coalition: Ransomware severity up 68% in first half of 2024
- Ransomware losses soar by two-thirds, prompting insurance cost hike warning