October 5, 2024

Hello all,

It is staggering to see that large portions of the Southeastern United States have been reduced to rubble and debris, with almost no functioning technology due to massive infrastructure damage. And those in Florida are now being warned that a second hurricane is coming mid-week, potentially striking already impacted areas. Our motto of “Keep the Shields Up” applies to these apocalyptic scenarios. It is vital that your planning include whatever natural disasters your area can experience. This has been a recurring refrain from me lately, so I won’t belabor the point and will move onto the cyber news from this past week.

Patch Tuesday is coming this week, expect some major security holes to be revealed and plugged in this round, you’ll want to vet them quickly, because threat actors certainly will do so.

As usual, my commentary is followed by a plethora of links to other items that are worth skimming to see if they interest you or pertain to your particular environment or of those you support.

Headline NEWS:

• Apple released iOS version 18.0.1 to address a number of issues, including security vulnerabilities. Check your iFruit for updates and apply quickly.
• DrayTek Vigor makes routers, that are thankfully not used much in the USA, but are widely used elsewhere in the world, have had 14 new defects in security revealed. One scores a perfect 10 on the CVSS severity rating. In a surprising move, Draytek has released patches for all affected routers, including ones that are End of Life (EoL). If you have one of these, you’re likely compromised already. Apply the patches and follow mitigation guidance.
• CISA issued a large number of warnings and updates last week, as usual. Two of them made our list. Ivanti Endpoint Manager (EPM) received a patch for a defect in April. That hole is now being actively exploited. Optigo Networks ONS-S8 Aggregation Switch products have been revealed to have authentication and remote code execution (RCE) defects. No fixes are available from the manufacturer yet, but there is mitigation guidance that should be immediately implemented. Now that this is public knowledge, expect exploitation to begin.
• Zimbra makes a rather capable email collaboration server that is used by organizations worldwide. In fact, it is so feature rich that threat actors have found that they can send an email to the server with “malicious code in the email’s “CC” field. If created properly, the Zimbra email server will parse the commands in the CC field and execute them on the server.” Active exploitation is underway, update to the latest version to fix this unique defect. This wasn’t the only defect, so update quickly.

In Ransomware, Malware, and Vulnerabilities News:

• LockBit and Evil Corp Members arrested in a global effort. Additional members of this subhuman demonic group were exposed and sanctioned by several governments. Score a few for the good guys! It is heartening to read some positive news.
• Cloudflare Fights Off Record-Breaking 3.8Tbps DDoS Attack, shows why compromised equipment is such a serious problem. This massive attack was made possible by legions of zombie Asus and MikroTik routers, along with a myriad of compromised webservers, IoT, and other devices. Your devices and network could be attacking others without your knowledge, are you patched?

In Other News Events of Note and Interest:

• Windows 11 24H2 now rolling out, here are the new features, describes what’s included in the new version – hint, lots of AI. An interesting note was that “This update is a full operating system (OS) swap.” The article describes how you can get the update now.

In Cyber Insurance News:

• White House official says insurance companies must stop funding ransomware payments, Anne Neuberger, the U.S. deputy national security adviser for cyber and emerging technologies rightly wrote that continuing to pay out ransoms gives the threat actors a reason to keep doing what they’re doing. Unfortunately, many times, there is no other way for a company to recover their operations. Until businesses adopt bullet-proof backup and restoration practices, I don’t see payments going away anytime soon.

Musings:

Cyber-attacks and natural disasters have very similar effects on a business. There is interruption of service, loss of data and infrastructure, and inability to operate. If you are not currently affected by either scenario, get your teams together and create a comprehensive plan so that your enterprise does survive the unthinkable.

 Keep the shields up.

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability
• 700K+ DrayTek routers are sitting ducks on the internet, open to remote hijacking
• CISA issues warning about another Ivanti flaw under active attack
• CISA: Network switch RCE flaw impacts critical infrastructure
• Critical Zimbra RCE flaw exploited to backdoor servers using emails 

Ransomware, Malware, and Vulnerabilities News

• Apple Releases macOS Sequoia 15.0.1 With Bug Fixes
• FBI warns of sophisticated Iranian hackers targeting personal accounts
• Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit
• Cybersecurity teams struggling to keep up with growing threat levels
• LockBit Ransomware and Evil Corp Members Arrested and Sanctioned in Joint Global Effort
• Police arrest four suspects linked to LockBit ransomware gang
• NCA unmasks man it suspects is both ‘Evil Corp kingpin’ and LockBit affiliate
• DOJ, Microsoft seize 107 domains used in Russia’s Star Blizzard phishing attacks
• Thousands of fake Microsoft emails are being sent out to trick businesses
• Rackspace monitoring systems rocked by zero-day
• Cisco Nexus Vulnerability Let Attackers Launch Command Injection Attack
• Near-‘perfctl’ Fileless Malware Targets Millions of Linux Servers
• PoC Exploit Released for Microsoft Office 0-day Flaw
• Cloudflare Fights Off Record-Breaking 3.8Tbps DDoS Attack
• DDoS attacks are increasingly targeting critical infrastructure
• GorillaBot Emerged As King For DDoS Attacks With 300,000+ Commands
• SolarWinds security chief calls for tighter cyber laws
• Cyber slavery: Thousands of Indians are trapped and tens of thousands have gone missing in South Asia
• How the FBI and Mandiant caught a ‘serial hacker’ who tried to fake his own death
• Fake browser updates spread updated WarmCookie malware
• Cloud threats have execs the most freaked out because they’re not prepared
• AI is making cyberattacks more sophisticated and cybersecurity teams are struggling to keep up
• Global Cyber Attacks to Double from 2020 to 2024, Report Finds
• Session Hijacking 2.0 — The Latest Way That Attackers are Bypassing MFA
• How a Teenager Used a Fake Cell Tower to Steal Personal Information
• Hacker charged for breaching 5 companies for insider trading
• North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks
• Crucial Texas hospital system turning ambulances away after ransomware attack
• Cyberattack hits Wayne County; services affected as hacker demands ransom
• Verizon and AT&T outage sparks widespread fears of cyber attack on the USA
• Media giant AFP hit by cyberattack impacting news delivery services
• Python-Based Malware Slithers Into Systems via Legit VS Code
• The Pig Butchering Invasion Has Begun
• INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa
• T-Mobile promises to try not to get hacked again
• About a quarter million Comcast subscribers had their data stolen from debt collector
• Think twice before using public computers: Here’s why
• Windows Event Logs Key to Identifying Ransomware Attacks 

Other News Events of Note and Interest

• CISA launches portal to simplify cyber incident reporting
• CISA pledges to resolve issues with threat sharing system after watchdog report
• Google removes Kaspersky’s antivirus software from Play Store
• Hurricane Helene Will Send Shockwaves Through the Semiconductor Industry
• An end to expensive print cartridge lock-in? Researchers hack DRM in what could be a new dawn for printing fans
• Forcing users to periodically change their passwords should go the way of the dodo according to the US government
• Intel says its Raptor Lake crashing chip nightmare is over
• AI agent promotes itself to sysadmin, trashes boot sequence
• College students used Meta’s smart glasses to dox people in real time
• AT&T claims VMware by Broadcom offered it a 1,050 percent price rise
• OpenStack welcomes more Dalmatian users after VMware acquisition
• San Francisco rolls out AI-powered cameras to combat crime
• Security pros are missing attacks due to an overload of pointless alerts
• What is Pango’s UltraAV, which rose from the ashes of Kaspersky’s US Exit?
• Man charged for selling forged license keys for network switches
• Samsung update bricks phones, giving harsh reminder of data backup importance
• Microsoft Office 2024 is now available for Macs and PCs
• Microsoft Copilot gets a major upgrade with new UI, Copilot daily, and more
• Microsoft fixes Outlook email sending issue for users with many folders
• New OSConfig PowerShell Security Tool in Windows Server 2025
• Windows 11 24H2 now rolling out, here are the new features
• Windows 11 2024 Updates boosts performance of unsupported PCs
• Microsoft cracks down on Windows 11 upgrades for ‘incompatible’ PCs, but there’s a fix – for now
• Microsoft blocks Windows 11 24H2 on some Intel PCs over BSOD issues
• Microsoft Defender adds detection of unsecure Wi-Fi networks
• Microsoft Copilot Voice is more human-like than ChatGPT — and it’s free to all users
• The Microsoft Feed will be removed across Microsoft 365 next month
• The ‘WordPress’ fight is now a lawsuit
• 6 Best WP Engine Alternatives (More Affordable and Reliable)
• YouTube fixes glitch that wrongly removed accounts, deleted videos 

Cyber Insurance News

• Marsh McLennan to acquire McGriff Insurance Services in $7.75bn transaction
• ‘People are very frustrated’: Lloyd’s of London IT delays cause unease
• White House official says insurance companies must stop funding ransomware payments