Hello all,
The big news this week was Patch Tuesday with many vendors releasing updates. Then unfathomable horror shocked the civilized world as we heard reports of women and children being targeted in inhuman barbaric attacks in Israel… Our thoughts and prayers go out to those affected. Thus far it doesn’t appear to have spilled over to a worldwide cyberwar, and as this newsletter is about cyber security I will move to our focus.
As usual, the complete Red-N Weekly Cyber Security News newsletter report is below the Notable Callouts. Don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.
The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts and then skim the other link titles for items that pertain to you or your environment, or simply interest you. So, let’s get to it.
Notable Callouts:
- Adobe patched just about everything. So, if you have their products in use, update them asap as there are exploits underway for some of the vulnerabilities already.
- Apple backported some of the recent fixes for iOS 17.x to the iOS16x family. It is for a zero-day, so if you’re using one of their older phones, please update.
- DDoS – last week in a client facing meeting I had noted how distributed denial service attacks had decreased in the prior quarter. They had not. Merely the news of them had decreased or been suppressed until the cause could be patched. This week there were reports of record-breaking DDoS attacks shed by Cloudflare, Google, and others. They are being fueled by an HTTP/2 flaw that now has available patches out.
- Fortinet released vulnerability updates for a plethora of products. CISA’s warning says that the “vulnerabilities may allow cyber threat actors to take control of the affected systems.”
- Juniper has released updates for JunoOS vulnerabilities. Patch now.
- Microsoft released over 100 updates, some of which were actively exploited zero-day vulnerabilities. One of those patches was for the aforementioned HTTP/2 issue. The patch is being pushed out via the normal patch process, but it must be manually enabled.
- Windows 10 – there are reports that the October Patch Tuesday security updates are failing on a good number of systems. Microsoft knows and is working on it and have asked users to submit the failures to them for analysis.
- SAP has released 7 new “notes”, which is their language for updates. The updates contain 37 fixes, including two critical- and 20 high-severity vulnerabilities.
In Ransomware, Malware, and Vulnerabilities News:
- Ransomlooker is a new website that contains great insights into this global cyber-scourge.
- HTTP/2 – as mentioned earlier has a major flaw that resulted in record breaking DDoS attacks in the past quarter.
In Other News Events of Note and Interest:
- Shadow – a French company has launched a service whereby you can get a basic office work Windows cloud PC for $9.99 per month. If you need more power, they have additional tiers available.
- Microsoft Defender is growing up quickly. A new feature will allow it to ostracize systems on a network that exhibit threat activity. Naturally, this is either a paid product, or available only with the tech giant’s higher license cost products.
- Windows Server 2012, Windows Server 2012 R2, and Windows 11 21H2 have all reached the end of support with this patch Tuesday. Upgrade or replace them ASAP.
In Cyber Insurance News:
- Security Panel talks about how MSPs need to be careful when talking about Cyber Insurance with customers. It is worth the read.
My focus is normally toward cyber and the various ways that the misuse or abuse of it can negatively impact your systems, business, and life. This past week’s events are a poignant reminder that despite amazing threat intelligence, and exceptional security practices, evil people will find a way. Make sure that you have plans in place prior to an event. Every business should have a Disaster Recovery Plan, a Business Continuity Plan, and a Business Resumption Plan.
Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News
Headline NEWS
- Adobe Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop
- Apple fixes iOS Kernel zero-day vulnerability on older iPhones
- Fortinet Releases Security Updates for Multiple Products
- Internet-Wide Zero-Day Bug Fuels Largest-Ever DDoS Event
- Juniper Networks Patches Over 30 Vulnerabilities in Junos OS
- Microsoft Windows 10 October 2023 Patch Tuesday
- Microsoft: October Windows 10 security updates fail to install
- Patch Tuesday – October 2023
- SAP Releases 7 New Notes on October 2023 Patch Day
Ransomware, Malware, and Vulnerabilities News
- Ransomlooker tool tracks/analyzes ransomware groups’ activities
- CISA Releases Nineteen Industrial Control Systems Advisories
- CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability
- CISA shares vulnerabilities, misconfigs used by ransomware gangs
- US Government Releases Security Guidance for Open Source Software in OT, ICS
- LinkedIn Smart Links attacks return to target Microsoft accounts
- Everest cybercriminals offer corporate insiders cold, hard cash for remote access
- Air Europa data breach: Customers warned to cancel credit cards
- Kwik Trip IT systems outage caused by mysterious ‘network incident’
- A Frontline Report of Chinese Threat Actor Tactics and Techniques
- Cybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. Firms
- Ubuntu Desktop 23.10 ISOs Recalled Due To Malicious User Translations
- Calls for Visual Studio security tweak fall on deaf ears despite one-click RCE exploit
- Researchers Unveil ToddyCat’s New Set of Tools for Data Exfiltration
- ToddyCat APT Hackers Exploiting Vulnerable Exchange Servers
- Thwarted ransomware raid targeting WS_FTP servers demanded just 0.018 BTC
- Third Flagstar Bank data breach since 2021 affects 800,000 customers
- Hackers hijack Citrix NetScaler login pages to steal credentials
- Patch Now: Massive RCE Campaign Wrangles Routers Into Botnet
- Squid games: 35 security holes still unpatched in proxy after 2 years, now public
- Phishers Spoof USPS, 12 Other Natl’ Postal Services
- Curl Preps For “Probably The Worst Curl Security Flaw In A Long Time”
- GNOME Linux systems exposed to RCE attacks via file downloads
- The Art of Concealment: A New Magecart Campaign That’s Abusing 404 Pages
- D-Link WiFi range extender vulnerable to command injection attacks
- High-Severity Flaws in ConnectedIO’s 3G/4G Routers Raise Concerns for IoT Security
- BianLian extortion group claims recent Air Canada breach
- A universal EDR bypass built in Windows 10
- Datacenter cabling biz Volex confirms digital break-in
- Ransomware attacks register record speeds thanks to success of infosec industry
- Cyberattack Disrupts Operations at Johnson Controls International
- Operation Behind Predator Mobile Spyware Is ‘Industrial Scale’
- ALPHV ransomware gang claims attack on Florida circuit court
- HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks
- Google Cloud mitigated largest DDoS attack, peaking above 398 million rps
- Microsoft Exchange gets ‘better’ patch to mitigate critical bug
- Manufacturing services tech giant hit with cyberattack
- Caesars provides new details of cyberattack to Maine AG’s office | Casinos & Gaming
- It’s 2023 and Microsoft WordPad can be exploited to hijack vulnerable systems
- Old-School Attacks Are Still a Danger, Despite Newer Techniques
- Data Thieves Test-Drive Unique Certificate Abuse Tactic
- Microsoft Blames Nation-State Threat Actor for Confluence Zero-Day Attacks
- Simpson Manufacturing shuts down IT systems after cyberattack
- ShellBot Uses Hex IPs to Evade Detection in Attacks on Linux SSH Servers
- Hackers ‘don’t break in anymore, they log in,’ expert explains
- Ransomware Attacks Double: Are Companies Prepared for 2024’s Cyber Threats?
- LockBit’s $80M Ransom Demand To CDW Is Third Largest Ever
Other News Events of Note and Interest
- Shadow launches Windows-based cloud PCs for $9.99 per month
- 15 free Microsoft 365 security training modules worth your time
- From chaos to cadence: Celebrating two decades of Microsoft’s Patch Tuesday
- Vint Cerf on 50 years of the Internet: “We still have a lot of work to do.”
- MariaDB ditches products and staff in restructure, bags $26.5M loan to cushion fall
- Having Wi-Fi issues with your iPhone on iOS 17? You’re not alone
- Apple releases firmware update for AirPods Pro 2 with bug fixes
- Cloudflare Turnstile: CAPTCHA Replacement Now GA and Available for Free
- Microsoft 365 admins warned of new Google anti-spam rules
- Active Directory in Windows Server 2025: New functional level, updated database, security improvements
- Microsoft Defender now auto-isolates compromised accounts
- Microsoft realizes new OneDrive photos storage policy isn’t all that good, backtracks
- Companies rethinking degree requirements for entry-level cybersecurity jobs
- Anthropic announces key breakthrough in understanding behavior of artificial neural networks
- Exchange Online mail delivery issues caused by anti-spam rules
- Microsoft confirms “65000” BitLocker encryption error is haunting Windows 11 and Windows 10
- OneDrive’s 300,000 file limit before synching becomes unreliable
- Microsoft to kill off VBScript in Windows to block malware delivery
- Windows 10 KB5031356 update released with 25 improvements
- How to use Nearby sharing in Windows 11
- OneDrive gets major upgrade: AI Copilot, offline access, redesigned UI, and more
- Windows 11 21H2 and Windows Server 2012 reach end of support
- Microsoft wants to eventually disable NTLM authentication in Windows 11
- Microsoft updated Windows 10 update UI so it doesn’t go out of fashion