October 28, 2023

Hello all,

This cyber week has been a somewhat normal one with the usual warnings, updates, and reports of activity by horrible people that deserve a toasty spot in hell. There are some neat new things as well, so let’s get to the report.

The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts below and then skim the full list of linked news item titles that follow for things that pertain to you or your environment or simply interest you, and then selecting them for more information. So, let’s get to it. And don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

• Apple has released updates for a large number of their products, not just the latest in their series. If you have iFruit, check for updates.
• Cisco is still finding new things related to their massive hole. Apparently they’ve discovered a new zero-day that was being exploited. The number of infected devices seen on the internet has dropped, either due to them being cleaned, or the threat actors hiding themselves well. I guess we’ll see what time reveals on this. I’m sure there is more to come.
• F5 has a vulnerability that allows remote code execution their Big-IP devices. If you have any, patch quickly.
• Pwn2Own has just concluded in Canada with hackers exploiting 58 new zero-days. Manufacturers will be given up to 120 days to fix the flaws before they are published. Companies such as Xiaomi, Western Digital, Synology, Canon, Lexmark, Sonos, TP-Link, QNAP, Wyze, Lexmark, and HP were among the ones successfully hacked.
• Mozilla released updates for several products, if you use anything from them, Firefox, Thunderbird, etc. check for updates.
• VMware has released updates for vCenter for a large swath of their versions and will be back-porting to older unsupported versions. That should hint at the criticality of this issue. Check for updates for your version if you use this and apply as soon as possible.

In Ransomware, Malware, and Vulnerabilities News:

• Google cannot catch a break. They are a big target. Fake Chrome updates are huge now, and Punycode is being used to make them look legitimate.
• Nigerian Police – What, they have police?! Who knew? Read on. Nigerian Police have dismantled a major cybercrime ring and they are still pursuing additional lowlife scum. Yay good guys!
• Ragnar Locker Ransomware boss was arrested in Paris, score another one for the good guys!

In Other News Events of Note and Interest:

• Microsoft Word turned 40! Happy Birthday to the world’s most popular word processor.
• Windows 11 Moment 4 features are now publicly available in the latest non-security update. Next month’s Patch Tuesday should push them out to the masses.

In Cyber Insurance News:

• Self-Attestation is coming under increasing scrutiny. Companies are either falsifying insurance forms, or not keeping information timely, and it costs them dearly when a claim is made. The industry is looking to close the gap via more automated reporting.

I generally write this report while sitting out on my screen-enclosed patio, listening to the gurgling sounds of water in the pool and soft music from my entertainment system. It is an idyllic environment. Unfortunately, I do not live out in the middle of nowhere, I live in the city, so occasionally loud cars go by, a neighbor decides to mow his lawn, etc. Yet, those are expected or anticipated interruptions. I can live with those; in my mind they are planned for, and I have a newsletter continuity plan. Then there’s my neighbor, let’s call him Ryan (because that is his name). He seems to delight in things that are loud, the louder the better. One moment there is tranquil quiet peace, the next an hour or more of a minibike with no muffler running at top speed behind my house for several hours, back and forth, back and forth… Even inside the house I can hear it. Much like a DDoS-attack, it comes out of nowhere and disrupts your life. Mitigations exist, but short of moving to a new location, you have to ride it out until the attack stops. Make plans now for the inevitable unexpected interruptions. There are plenty of “Ryans” out there just waiting to spoil your day.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Apple patched several security vulnerabilities in iOS 17.1 and the rest
• Cisco Finds Second Zero-Day as Number of Hacked Devices Apparently Drops
• F5 Issues Warning: BIG-IP Vulnerability Allows Remote Code Execution
• Hackers earn over $1 million for 58 zero-days at Pwn2Own Toronto
• Mozilla Releases Security Advisories for Multiple Products
• Act Now: VMware Releases Patch for Critical vCenter Server RCE Vulnerability

Ransomware, Malware, and Vulnerabilities News

• Okta incident and 1Password
• Cyberattack hits 2 New York hospitals
• The making of a Facebook account heist
• Chrome update spreads Trojan malware
• Nigerian Police Dismantle Major Cybercrime Hub
• Quasar RAT Leverages DLL Side-Loading to Fly Under the Radar
• QNAP takes down server behind widespread brute-force attacks
• Ransomware isn’t going away – the problem is only getting worse
• September was a record month for ransomware attacks in 2023
• Backdoor Implant on Hacked Cisco Devices Modified to Evade Detection
• Hackers are using Punycode to create authentic-looking URLs in Google ads
• Kansas court system down nearly 2 weeks in ‘security incident’ that has hallmarks of ransomware
• Ransomware attack shuts down imaging center with dozens of Florida locations
• Stanford University investigating cyberattack after ransomware claims
• Clark County, NV students back to pen and paper assignments after cybersecurity breach
• ‘Suspicious activity’ detected on Clark County, WA computer systems
• China crackdown on cyber scams in Southeast Asia nets thousands but leaves networks intact
• DUCKTAIL Malware employs LinkedIn messages Execute Attacks
• Kaspersky reveals ‘elegant’ malware resembling NSA code
• Cyberattack on health services provider impacts 5 Canadian hospitals
• VMware warns admins of public exploit for vRealize RCE flaw
• Meet Rhysida, a New Ransomware Strain That Deletes Itself
• US energy firm shares how Akira ransomware hacked its systems
• University of Michigan employee, student data stolen in cyberattack
• City of Philadelphia discloses data breach after five months
• Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately
• More from the “Five Eyes” intelligence chiefs’ warning to 60 Minutes
• Chambersburg, PA staff, students personal data compromised in cyber attack
• Cyberattack Prompts Shutdown Of Orange County, CA District Attorneys Office
• Rock County, WI investigating ransomware attack
• Oh-Auth – Abusing OAuth to take over millions of accounts
• CVE-2023-4966: Critical security update now available for NetScaler ADC and NetScaler Gateway
• CCleaner says hackers stole users’ personal data during MOVEit mass-hack
• 4 Million WordPress Sites affected by Stored XSS Vulnerability in LiteSpeed Cache Plugin
• Hackers that breached Las Vegas casinos rely on violent threats, research shows
• Healthcare Ransomware Attacks Cost US $78bn since 2016
• Boeing claimed by LockBit ransom gang
• Estes Express reports all systems are back online after cyberattack
• Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software
• Hackers can force iOS and macOS browsers to divulge passwords and much more
• Flipper Zero can now spam Android, Windows users with Bluetooth alerts
• Grammarly says it corrected sign-in vulnerabilities after alert from cyber researchers
• Mandiant Intelligence Chief Raises Alarm Over China’s ‘Volt Typhoon’ Hackers in US Critical Infrastructure
• Spanish phisherfolk caught in cops’ net in multi-million-euro catch
• Microsoft OneDrive – A Ransomware Double Agent
• Ragnar Locker Ransomware Boss Arrested in Paris
• DDoS threat report for 2023 Q3

Other News Events of Note and Interest

• New to me web browser – Floorp 11.5.0
• Firefox 119 goes live, adds more PDF handling tricks
• Addressing Changes to pfSense Plus Home+Lab
• Happy Birthday Microsoft Word turns 40!
• ExpressVPN launches post-quantum protection
• Space Force planning $8 billion satellite architecture for nuclear command and control
• iOS 17.1 arrives with updates to AirDrop, Apple Music, and more
• Security firm claims it can unlock IronKey USB drive holding 7,000 Bitcoin hostage, but owner politely declines
• Find weak, compromised, and reused passwords with Enzoic for Active Directory Lite
• Grammarly’s new generative AI feature learns your style — and applies it to any text
• Apple Releases macOS Sonoma 14.1
• Proton’s password manager now lets you securely share logins
• Fight Back Against AI by Killing Art Generators From the Inside
• David Cutler laments Windows Longhorn and its buggy code
• Petition Calls on Microsoft to Extend Windows 10 Support
• Microsoft has more info on Windows 11 passwordless improvements for organizations
• Microsoft tests Windows 11 encrypted DNS server auto-discovery
• Windows gets free advertising from the Las Vegas hotel Fontainebleau
• Windows 11 October 2023 Update crashing games and File Explorer
• Windows 11’s supported CPU list restores some of the previously removed Intel processors
• Windows 11 Moment 4 features are now available to all in the latest non-security update
• Windows LAPS Gets Support for Microsoft Entra ID and Intune
• How to get started with Microsoft Designer on Windows 11
• Martin Goetz, recipient of the first software patent, logs off at 93
• Apple Releases iTunes for Windows Update With Option to Listen to Podcasts and Audiobooks
• Recover your Google account: Take steps to regain access if locked out

Cyber Insurance News

• Reliance on Self-Attestation is not Working for the Cyber Insurance Industry
• Lloyd’s of London: Cyber Attack on Major Payments System Could Cost the World $3.5 Trillion
• What Is Reputation Insurance?