Hello all,
Thankfully, after the flurry of stuff popping up last week, this week has been a bit slower. Albeit it is the calm before the storm as Tuesday is Patch Tuesday for Microsoft and other vendors. Despite the relative calm, there were some Headline News items this week that should be noted that are listed below.
As usual, the complete Red-N Weekly Cyber Security News newsletter report is below the Notable Callouts. Don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.
The volume of news and other can appear overwhelming, the best strategy is to read the Notable Callouts and then skim the other link titles for items that pertain to you or your environment, or simply interest you. So, let’s get to it.
Notable Callouts:
- Apple is in the headlines again for another zero-day patch. This one also fixes an overheating problem with the latest iPhones.
- Arm and Qualcomm both have had flaws in their GPUs revealed that require patching. Watch for announcements of updates from your favorite GPU vendor and apply ASAP
- Atlassian patched a critical zero-day that was already under active exploitation.
- Exim mail server software has received several patches this week from Openwall. While there are still some unpatched holes, the worst of the lot now have a solution.
- Linux – pretty much every version, has a Local Privilege Escalation bug dubbed “Looney Tunables”. Exploits are already out for this. Patch quickly.
- Microsoft gets two headline mentions this week, the first is to remind anyone who has not been paying attention that Windows 2012 and 2012 R2 will receive their last update this Tuesday. The other is that Edge and Teams received fixes for zero-days found in open-source libraries.
In Ransomware, Malware, and Vulnerabilities News:
- Starlink from Space-X, unbelievably, does not have 2FA available for account logins and users are having their accounts taken over.
- NSA and CISA released a list of the top 10 cybersecurity misconfigurations.
In Other News Events of Note and Interest:
- DEC aka Digital Equipment Corporation, was one of the pioneers in computing. In this section there’s a link to a great article that details how we’re still using technology and ideas from this legendary company.
- Amazon has launched their first Project Kuiper satellites, in what they intend to be competition for Starlink.
- OPatch – if you must keep older, unsupported versions of Windows, then 0Patch may be your answer. They are still releasing security patches for Windows 7 and will have them for Windows 2012 and 2012 R2 for three more years.
In Cyber Insurance News:
- The Cyber Insurance Market is expected to grow at a rate of 22.3%.
It isn’t paranoia if they really are out to get you. And they are out to get you. Stay vigilant, stay safe.
Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News
Headline NEWS
- Apple fixes overheating problems and 0-day security flaw with iOS 17.0.3 update
- Arm warns of Mali GPU flaws likely exploited in targeted attacks
- Atlassian patches critical Confluence zero-day exploited in attacks
- Looney Tunables – Local Privilege Escalation in the glibc’s ld.so – CVE-2023-4911
- Reminder: Support for Windows Server 2012 and 2012 R2 will end on October 10
- Microsoft Edge, Teams get fixes for zero-days in open-source libraries
- Openwall patches 3 of 6 Exim zero-day flaws
- Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers
Ransomware, Malware, and Vulnerabilities News
- Ransomware reinfections on the rise from improper remediation
- New Marvin attack revives 25-year-old decryption flaw in RSA
- NSA and CISA reveal top 10 cybersecurity misconfigurations
- ALPHV/BlackCat gang hacked the hotel chain Motel One
- Clorox Warns of a Sales Mess After Cyberattack
- What is Smishing? U.S. Postal Service issues new warning
- What is Brushing? Another U.S. Postal Service warning about mail scam
- BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground
- Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown
- North Korea Poses as Meta to Deploy Complex Backdoor at Aerospace Org
- Suspected China-linked hackers target Guyana government with new backdoor
- Rhysida ransomware gang claims attacks on governments in Portugal, Dominican Republic
- Vulnerabilities in Supermicro BMCs could allow for unkillable server rootkits
- Sony confirms data breach impacting thousands in the U.S.
- Sony attacked by two ransomware operators
- Security Advisory: High Severity Curl Vulnerability
- Large Michigan healthcare provider confirms ransomware attack
- New BEC 3.0 Campaign Exploiting Dropbox for Phishing
- Stealthy, Thieving Python Packages Slither Onto Windows Systems
- LastPass employees and customers targeted in “pervasive” phishing campaign
- Thousands of Android devices come with unkillable backdoor preinstalled
- Lansing MI, McLaren Healthcare confirms ransomware hack, patient data possibly at-risk
- Wisconsin county dealing with ransomware attack on public health department
- Hackers attack US healthcare giant, more than 190K people affected
- Security researchers believe mass exploitation attempts against WS_FTP have begun
- Blue teams on the edge: cyber pros seem to hate their jobs
- Ransomware gangs now exploiting critical TeamCity RCE flaw
- Silent Skimmer: A Year-Long Web Skimming Campaign Targeting Online Payment Businesses
- 9 essential ransomware guides and checklists available for free
- Southwest Florida business frustrated after $250k taken from bank account
- Exploits released for Linux flaw giving root on major distros
- Lighting the Exfiltration Infrastructure of a LockBit Affiliate
- Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials
- EvilProxy uses indeed.com open redirect for Microsoft 365 phishing
- Report: Over half of phishing emails now use obfuscation tactics to avoid detection
- Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance
- Microsoft: State-backed hackers grow in sophistication, aggressiveness
- Microsoft: Human-operated ransomware attacks tripled over past year
- FortiGuard Labs Uncovers Series of Malicious NPM Packages Stealing Data
- 23andMe Warns of Hacker Breaking Into User Accounts
- Cisco fixes hard-coded root credentials in Emergency Responder
- Cybercrime gangs now deploying ransomware within 24 hours of hacking victims
- Lorenz ransomware crew bungles blackmail blueprint by leaking two years of contacts
- BYOD should stand for bring your own disaster, according to Microsoft ransomware data
- China-linked cyberspies backdoor semiconductor firms with Cobalt Strike
- Lyca Mobile Suffers Cyber Attack, Investigating Ransomware Possibility
- CDW data to be leaked next week after negotiations with LockBit break down
- Account Hacking Over Starlink Sparks Calls For Two-Factor Authentication
- X-Force uncovers global NetScaler Gateway credential harvesting campaign
- Homeland Security report on illegal use of smartphone location data
- CISA adds latest Chrome zero-day to Known Exploited Vulnerabilities Catalog
- Florida court pauses many proceedings following cyberattack
- Supershell – Open-Source Botnet That Obtain SSH Shell Access
Other News Events of Note and Interest
- Amazon sends Mastercard, Google Play gift card order emails by mistake
- Amazon Dominated the First Cloud Era. Cloud 2.0 Is Here Now and It Doesn’t Have a Head Start
- AWS Plans Multifactor Authentication Mandates for 2024
- Three More Years of Critical Security Patches for Windows Server 2012 and Windows Server 2012 R2
- The Morning After: The NSA announces new artificial intelligence security center
- New rule would set governmentwide cyber standards for contracts involving federal information systems
- SpaceX’s Starlink To Provide T-Mobile Costumers With Nationwide Coverage
- Amazon Launches First Project Kuiper Satellites in Bid to Challenge SpaceX’s Starlink
- Why NASA Chose WordPress for Revamping Its Flagship Website
- Cyberattack thriller from the creator of Mr. Robot gets a star-studded trailer
- Veeam moves into backup-as-a-service for Microsoft fans with Cirrus grab
- Lively Weather is a stunning alternative to the stock Windows 11 Weather app
- Long gone, DEC is still powering the world of computing
- In rare bout of generosity, Oracle extends free support for Database 19c
- FDA cyber mandates for medical devices goes into effect
- Google Pixel updates drop a strict release schedule
- The ICAO Phonetic Alphabet
- Why you should never completely fill up your SSD
- Wii U, 3DS online servers to shut down in six months
- “Open-Source Windows” ReactOS To See Improved GUI Setup/Installation
- Google Assistant with Bard: New generative AI features
- Windows 11’s new Backup and Restore process makes everything worse
- StatCounter: Less than 24% of all PC users run Windows 11
- Microsoft CEO Satya Nadella testifies at Google antitrust trial
- Microsoft Unveils OneDrive Sync Features for Businesses
- Microsoft Introduces Copilot: Your Everyday AI Companion Seamlessly Integrated Across Windows 11, Microsoft 365, Edge, and Bing
- Windows Copilot is not playing well with AMD’s Adrenalin software
- Microsoft will kill Exchange Web Services in 3 years
- Microsoft launches new web app store for Windows
- Microsoft makes the Windows 11 setup process less boring with an entertaining Easter egg
- Microsoft releases new, faster Teams app for Windows and Mac PCs
- Windows 11 KB5030310 update and Copilot is causing issues with Wallpaper Engine
- AMD graphics card users report gremlins with Windows 11
- The September 26th Windows Update Doesn’t Like Radeon
- Windows 11’s RGB Control Software Is Finally Here
- PowerToys 0.74.1 Patch fixes issues with FancyZones, SVG Preview, Quick Accent, and more
- Yubico can now ship pre-registered security keys to its enterprise users
- Why I use only SharePoint Out of the Box functionality