Hello all,
There were no earth-shattering vulnerability or patch reports this week for a change. Although Oracle comes close to hitting that criterion with 387 patches this week, more on that in a moment.
As usual, the complete Red-N Weekly Cyber Security News newsletter report is below the Notable Callouts. Don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.
The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts and then skim the other link titles for items that pertain to you or your environment, or simply interest you. So, let’s get to it.
Notable Callouts:
- Cisco issued warnings that their IOS XE devices have a zero-day that is under active exploitation. At time of publication, there were no patches available, only mitigation instructions. Sadly, many organizations did not either receive or heed the dire warning, as reports show that thousands of these devices have now been compromised.
- Negligence is the only way to describe this next item. Researchers have found over 40,000 internet connected devices with a login portal password of “admin”. Unbelievable.
- Oracle fired off a massive patch update addressing 176 CVEs, that patch 387 items., including 46 critical updates. A good number include RCE issues. In a corporate greed move, all of the patches above are behind an Oracle paywall. There is no way to get them without an account, which requires a subscription.
- SolarWinds (insert shudder) has new critical RCE flaws that require patching in their Access Rights Manager (ARM). Patch quickly if you have this.
- SonicWALL hasn’t had anything notable in a while. They’ve just released firmware for most of their currently supported Firewalls to address vulnerabilities in the management portal and in the SSL VPN tunnels. Patch as soon as you’re able.
In Ransomware, Malware, and Vulnerabilities News:
- Google Ads and others, to be fair, are still being plagued by malicious advertising aka Malvertising. Be wary of any searches and be absolutely certain of what you’re seeing.
- Trigona Ransomware group has had their entire operation wiped and exfiltrated by Ukranian hackers. Chalk one up for the good guys!
In Other News Events of Note and Interest:
- Coffee may not be technology, but it is definitely related as much of the world’s IT staff runs on it. An article on how coffee helps with memory is in this section.
In Cyber Insurance News:
- Growing an article on the massive growth expected for the next few years.
Security is everyone’s job, from the janitor to the CEO. And nobody should be exempted from the rules and policies that are in place to protect a company. Threat Actors love finding exceptions and exploiting them, things like the CEO insists on having Admin rights, or that spammy website must be permitted because the purchasing person just loves Chinese knock-offs. Just say no.
Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News
Headline NEWS
- Cisco warns of new IOS XE zero-day actively exploited in attacks
- Zero-Day Alert: Thousands of Cisco IOS XE Systems Now Compromised
- Over 40,000 admin portal accounts use ‘admin’ as a password
- Oracle October 2023 Critical Patch Update Addresses 176 CVEs
- Critical RCE flaws found in SolarWinds access audit solution
- SonicWall Hit By Several Flaws That Lead to A Firewall Crash
Ransomware, Malware, and Vulnerabilities News
- Malicious Notepad++ Google Ads evade detection for months
- Fake KeePass site uses Google Ads and Punycode to push malware
- New trend in ransomware: Anonymity
- QR Codes Used in 22% of Phishing Attacks
- TV advertising sales giant affected by ransomware attack
- Ukrainian activists hack Trigona ransomware gang, wipe servers
- FBI boss slams ‘unprecedented’ Chinese cyberespionage and IP theft
- There’s a new way to flip bits in DRAM, and it works against the latest defenses
- Cybercriminals register .AI domains of trusted brands for malicious activity
- Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms
- Experts Warn of Severe Flaws Affecting Milesight Routers and Titan SFTP Servers
- NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations
- Citrix NetScaler ADC and NetScaler Gateway Information Disclosure Exploited in the Wild
- Attacked by ransomware: The hospital network brought to a standstill by cybercriminals
- BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks
- MATA malware framework exploits EDR in attacks on defense firms
- HasMySecretLeaked finds exposed secrets in the GitHub repository
- North Korea’s Kimsuky Doubles Down on Remote Desktop Control
- Russian Hackers Bypass EDR to Deliver Weaponized TeamViewer
- Casio discloses data breach impacting customers in 149 countries
- Healthcare Sector Warned About New Ransomware Group NoEscape
- Microsoft Defender Thwarts Large-Scale Akira Ransomware Attack
- Europe mulls open sourcing TETRA emergency services’ encryption algorithms
- Improve your cyber threat understanding with geopolitical context
- Hackers Using Remote Admin Tools AvosLocker Ransomware
- Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign
- Indian authorities raid fake tech support rings after tipoff from Amazon and Microsoft
- Total data compromises in 2023 have already surpassed previous years
- Discord still a hotbed of malware activity — Now APTs join the fun
- Hackers exploit critical flaw in WordPress Royal Elementor plugin
- D-Link confirms data breach after employee phishing attack
- New Admin Takeover Vulnerability Exposed in Synology’s DiskStation Manager
- Henry Schein, Inc. Confirms Recent Cyberattack, Raising Data Breach Concerns
- E-Root admin faces 20 years for selling stolen RDP, SSH accounts
- Hacker Group GhostSec Unveils New Generation Ransomware Implant
- Introducing GraphRunner: A Post-Exploitation Toolset for Microsoft 365
- ExelaStealer: A New Low-Cost Cybercrime Weapon Emerges
Other News Events of Note and Interest
- Keep Forgetting Things? Neuroscience Just Gave You a Reason to Drink a Lot More Coffee
- Tested: Windows 11 Pro’s On-By-Default Encryption Slows SSDs Up to 45%
- Industry, govt work to align FIDO and NIST authentication standards
- CISA, NSA, FBI, and International Partners Release Updated Secure by Design Guidance
- CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance
- Tech CEO Sentenced to 5 Years in IP Address Scheme
- Brave downloads a VPN service whether you want it or not
- The NVIDIA GeForce 545.84 WHQL driver adds RTX Video Super Resolution improvements and more
- VMmare Workstation Pro and Player 17.5 are out with improved vTPM support, fixes, and more
- Take Windows 11… please. Leaks confirm low numbers for Microsoft’s latest OS
- Microsoft fixes known issue causing Outlook freezes, slow starts
- Microsoft extends Purview Audit log retention after July breach
- Microsoft October Windows Server updates cause Hyper-V and VMware VM boot issues
- Microsoft Will Pay You $15,000 If You Get Bing AI to Go Off the Rails
- Microsoft separating system apps and components on Windows 11 23H2
- Microsoft is investigating failed 8007000D errors and installations of Windows 10’s KB5031356 update
- Microsoft releases Group Policy fix for Windows 10 KB5031356 Patch Tuesday “8007000D” fails
- Microsoft Windows 10 LTSC bloatware-free promise challenged by recent security updates
- Microsoft Windows Subsystem on Android gets a graphics boost
- Annoying apps: Microsoft Authenticator’s frustrating backup and restore system
- 68-year-old engineer spent 50 years at one company—the key to his long tenure
- WhatsApp turns on passwordless logins with passkeys for Android users
- Google Messages prevents access when you share your screen
- Free Tool, New Release Paint.NET 5.0.11
- Free Tool, Interesting – Windows Firewall Control 6.9.6.0
- Ubuntu Server Security Best Practices