Hello all,
Microsoft unleashed Windows 11 version 24H2 a couple of weeks ago. If you’ve held off installing, that was probably a wise move. The number of defects that are popping up like prairie dogs seems to be increasing each day. I list quite a few in our Other News Events of Note and Interest section. If you do choose to try this new version of the operating system, make sure that you can restore to a known good copy. Well, let’s move onto the rest of this week’s cyber news.
As usual, my commentary is followed by a plethora of links to other items that are worth skimming to see if they interest you or pertain to your particular environment or of those you support.
Headline NEWS:
- Fortinet leads the headlines with a Remote Code Execution defect in FortiOS, FortiProxy, FortiPAM, and FortiWeb, that has over 87 thousand internet-exposed devices vulnerable. This is critical, so if you use them, update immediately!
- GitHub has released security updates for their Enterprise Server. If you are self-hosting this product, update immediately to prevent unauthorized creation of user accounts, information disclosure, and more.
- Kubernetes Image Builder has a defect that allows for SSH root access to Virtual Machines. It is specifically related to Proxmox and Nutanix VMs build with Image Builder version 0.1.37 or earlier. The solution is to rebuild the images with a newer version of Image Builder. There is a mitigation available as well.
- VMware has released a patch for a high-severity SQL injection defect in their HCX platform. This flaw “allows attackers with non-administrator privileges to execute remote code on the HCX manager”. Yeah, patch that quickly.
In Ransomware, Malware, and Vulnerabilities News:
- A bunch of Good-Guy news with European, Latin American law enforcement agencies taking down a PaaS network, US DoJ has brought charges against two DDoS attackers, Brazil arrested the criminal behind the NPD breach, FBI arrested the person responsible for breaching the SEC’s X account, and more. Take the time to read them, it is good to be reminded of the wins, especially amidst the flood of bad news.
In Other News Events of Note and Interest:
- EU cyber security bill NIS2 is now in the enforcement stage. This is important news for those of us on the other side of the pond, because these regulations tend to make their way West after a while, so familiarize yourself with the provisions now. And if you do business with or in EU countries, you are likely subject to the new regulations already.
In Cyber Insurance News:
- Ransomware has some interesting seemingly conflicting statistics provided by insurance carriers this week, some reports say that encrypting ransomware is down, albeit exfiltrating ransomware is up, and demands are up as are the total costs.
Musings:
You don’t realize how dependent we are on our technology until it suddenly stops working. Many in the path of the recent devastation caused by hurricanes Helene and Milton experienced that firsthand. Our employment, leisure, entertainment, education, navigation, shopping, news, and more – all are inexorably linked to our ability to be online. It may be time to take a page from our Amish neighbors and figure out how to live unplugged. It would be wise to be prepared, you never know when it may become involuntarily required.
Keep the shields up.
Viscount Jan Broucinek
Red Dot Security News
Headline NEWS
- 87,000+ FortiOS Devices Vulnerable to Remote Code Execution Attacks
- GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access
- Critical Kubernetes Image Builder flaw gives SSH root access to VMs
- VMware Patches High-Severity SQL Injection Flaw in HCX Platform
Ransomware, Malware, and Vulnerabilities News
- “Operation Kaerb” Takes Down Sophisticated Phishing-as-a-Service Platform “iServer”
- US Charges Two Sudanese Brothers for Record 35,000 DDoS Attacks
- Hacker Tied To National Public Data Breach Arrested In Brazil
- Thousands of Fortinet instances vulnerable to actively exploited flaw
- CISA Eyes Software Security as China Threats Rise
- CISA Warns of Three Vulnerabilities Actively Exploited in the Wild
- FBI shines light on new AI-assisted scam duping victims out of thousands
- FBI nabs Alabama crook who hacked SEC’s X account
- Finland seizes servers of ‘Sipultie’ dark web drugs market
- Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass
- Firm hacked after accidentally hiring North Korean cyber criminal
- From QR to compromise: The growing “quishing” threat
- How to defend against zero-day vulnerabilities
- Pokémon developer faces major data leak
- ADT reports second data breach in 2 months
- Personal information for more than 115,000 Texans leaked in DPS data breach
- Data breach impacts thousands of current, former state employees
- Cisco investigates breach after data put up for sale on BreachForums
- Cisco takes DevHub portal offline after hacker publishes stolen data
- Iranian hackers act as brokers selling critical infrastructure access
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT
- Google Pays Out $36,000 for Severe Chrome Vulnerability
- Mozilla releases second Firefox 131 security update
- Recent Firefox Zero-Day Exploited Against Tor Browser Users
- EDRSilencer red team tool used in attacks to bypass security
- For Some Companies, the Real Cost of a Cyberattack Is Telling Everyone About It
- Here’s how attackers are getting around phishing defenses
- New FASTCash malware Linux variant helps steal money from ATMs
- Israeli orgs targeted with wiper malware via ESET-branded emails
- NYPA’s internal probe of security breach at Moses-Saunders Power Dam
- TrickMo malware steals Android PINs using fake lock screen
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems
- WeChat devs introduced security flaws when they modded TLS, say researchers
- Windows users are being tricked by sneaky malware scheme
- How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends
- Ransomware encryption down amid surge of attacks, Microsoft says
- North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data
- Pennsylvania food bank claimed as latest ransomware victim
- Casio says ‘no prospect of recovery yet’ after ransomware attack
- Tech giant Nidec confirms data breach following ransomware attack
- Researchers Uncover Cicada3301 Ransomware Operations and Its Affiliate Program
- Microsoft warns it lost some customer’s security logs for a month
Other News Events of Note and Interest
- Sysadmins slam Apple’s SSL/TLS cert lifespan cuts
- EU cyber security bill NIS2 hits compliance deadline
- Department of Defense CMMC 2.0 final rule published
- The deep-sea ’emergency service’ that keeps the internet running
- Georgia Tech’s Cyber-Physical Security Lab develops PLCHound algorithm to boost critical infrastructure security
- Firefox Is Now ”More Than 75X Faster” Running WebAssembly
- Google warns uBlock Origin and other extensions may be disabled soon
- Google Chrome’s uBlock Origin Purge Has Begun
- Google wants nuclear reactors to power its AI data centers
- Amazon is joining Google, Microsoft on nuclear power for AI
- Amazon says 175 million customer now use passkeys to log in
- The Crusade to Replace Passwords With Passkeys Just Intensified
- FIDO Alliance Releases Draft Secure Credential Exchange Specs
- Okta’s new security standard to be adopted by Google, Microsoft
- China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns
- China cyber pros say Intel is installing CPU backdoors on behalf of NSA
- Intel China responds to accusations of security issues from Chinese cyber association
- Vietnam plans to convert all its networks to IPv6
- Digital River runs dry, hasn’t paid developers for sales since July
- Cheap AI “video scraping” can now extract data from any screen recording
- ChatGPT rolls out SearchGPT in the US, offering live web search
- Midjourney plans to let anyone on the web edit images with AI
- All System Prompts For Anthropic’s Claude, Revealed
- Nobel-winning physicist ‘unnerved’ by AI technology he helped create
- Invisible text that AI chatbots understand and humans can’t? Yep, it’s a thing.
- SpaceX tells FCC it has a plan to make Starlink about 10 times faster
- Open-sourcing of WinAmp goes badly – for its owners, anyway
- How to use your phone as a webcam with Windows PCs
- Microsoft says tougher punishments needed for state-sponsored cybercriminals
- Escalating Cyber Threats Demand Stronger Global Defense and Cooperation
- Microsoft Update Affects How Dynamic Distribution Groups Work
- Microsoft creates fake Azure tenants to pull phishers into honeypots
- Microsoft to Introduce Defender Application Control for Business in Windows Server 2025
- Microsoft announces general availability of Azure Cobalt 100-based VMs
- Microsoft confirms Teams getting new Calendar from New Outlook for Windows
- Windows 10 has entered its final year of free support
- Microsoft confirms uncluttering error in Windows 11 24H2
- Microsoft confirms another bug causing blue screens of death in Windows 11 24H2
- Microsoft explains how to fix Windows 11 24H2 0xc1900101 by trying again or trying harder
- Windows 11 24H2 update prevents clipboard history feature from working, but there is a quick workaround
- Western Digital releases fix for Windows 11 24H2 BSODs — users are strongly advised to update their SSD firmware
- WordPress drama could have major implications for the internet
- WP Engine files an injunction to get its WordPress.org access back
Cyber Insurance News
- European cyber insurance startup Stoïk secures $27M
- Troubled US insurance giant hit by extortion after data leak
- Despite elevated fears, contractors still lack cyber insurance
- Ransomware Demands Surge to $1.3 Million Amid 68% Rise in Cyberattacks in 2024
- Ransomware attack costs rising sharply in 2024, cyber insurer warns