Hello all,
Another Patch the Defects, Flaws, Vulnerabilities, and Bugs Day is behind us. There were a lot of issues revealed, with fixes for most of them proffered. Some that I consider to be noteworthy are listed below.
As usual, my commentary is followed by a plethora of links to other items that are worth skimming to see if they interest you or pertain to your particular environment or of those you support.
Headline NEWS:
- Adobe has released fixes for dozens of security flaws in their products. At least one of these is a zero-day. Due to the almost ubiquitous nature of this software, make sure you patch quickly.
- IBM webMethods, an iPaaS integration service, has several high severity flaws that allow an authenticated user to upload and execute arbitrary files on the underlying operating system, and to access and control the system. There are no workarounds, the update is required to mitigate.
- Microsoft September Patch Tuesday plugged 79 defects, four of which are zero-days, one of which has a rating of 9.8. Patch soon, since those 4 are already being exploited. And still no patch for the “DownDate” hole that Microsoft has known about since February.
- Palo Alto Networks warned of defects in PAN-OS, Cortex XDR, ActiveMQ Content Pack, and Prisma Access Browser. At least seven different CVE’s were addressed, with dozens of items needing patches.
- Progress Software has acquired ShareFile… Please, I beg you, don’t turn this into another Ivanti. Similarly massive vulnerabilities in ShareFile would be devastating.
In Ransomware, Malware, and Vulnerabilities News:
- SonicWALL’s critical defect, that I called out last week, is now under active exploitation. There are indications that several successful recent Ransomware attacks may have used this hole as the inroad into the victim’s network. If you haven’t patched your SonicWALLs yet, do so immediately and vet your networks.
In Other News Events of Note and Interest:
- Microsoft uses automated robots to disassemble and recycle HDDs. This is advancing faster than I’d predicted. The visual acuity and manual dexterity required to locate screws and connectors, and to rotate and manipulate the drives to the proper orientation so that the screws and connectors can be removed is remarkable. It appears that robots may soon be doing onsite service calls.
In Cyber Insurance News:
- While Cyber Insurance Prices Decline, Watch Out for Terms and Conditions. The old adage, If it seems too good to be true, it usually is, apples to some declining costs. Make sure that you carefully examine the Terms and Conditions of your newly proposed policy. You may not be getting what you expect.
Musings:
This weekend I attended a local B-Sides event. In case you’re unfamiliar, these are technology events that are put on all over the world by armies of local volunteers. The speakers are sometimes local, and often well-known international cyber-experts. One of the keynote speakers, JC Vega has been in this space for decades. In fact, he was the very first Cyber Colonel in the US Army. In part of his presentation, he talked about how important it is to make connections with others that have done what you’re doing. He encouraged those in attendance to connect to with “the guys with gray beards” in the room, the people that have years of experience. My LinkedIn blew up on Saturday…
Keep the shields up!
Viscount Jan Broucinek
Red Dot Security News
Headline NEWS
- Adobe fixes Acrobat Reader zero-day with public PoC exploit
- Adobe Patches Critical, Code Execution Flaws in Multiple Products
- IBM webMethods Vulnerabilites Let Attackers Execute Arbitrary Commands
- Intel Warns of 20+ Processor Vulnerabilities, Advises Firmware Updates
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws
- Four zero-days in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score
- Palo Alto Networks Patches Dozens of Vulnerabilities
- Progress Software acquires file management platform ShareFile for $875M
Ransomware, Malware, and Vulnerabilities News
- CISA issues ICS advisories about vulnerabilities in critical infrastructure systems, medical devices
- Cyberattacks on U.S. utilities are up 70% this year
- MI6 and CIA using generative AI to combat tech-driven threat actors
- FBI: Reported cryptocurrency losses reached $5.6 billion in 2023
- Critical SonicWall SSLVPN bug exploited in ransomware attacks
- Ivanti warns high severity CSA flaw is now exploited in attacks
- Fortinet suffers third-party data breach affecting Asia-Pacific customers
- Citrix Releases Security Updates for Citrix Workspace App for Windows
- Microsoft fixes Windows Smart App Control zero-day exploited since 2018
- Microsoft Says Windows Update Zero-Day Being Exploited to Undo Security Fixes
- Hackers Can Abuse Active Directory Certificate Services to Establish Persistence
- Kibana Vulnerabilities Let Attackers Execute Arbitrary Code
- Crucial MX500 SSD firmware susceptible to buffer overflow security vulnerability
- A glimpse into the Quad7 operators’ next moves and associated botnets
- How $20 and a lapsed domain allowed security pros to undermine internet integrity
- Commercial Spyware Use Roars Back Despite Sanctions
- Predator spyware updated with dangerous new features, also now harder to track
- UK National Crime Agency, responsible for fighting cybercrime, ‘on its knees,’ warns report
- ICO and NCA sign MoU to provide joint support for cyber crime victims
- Texas Department of Transportation warns drivers of latest phishing scam
- Chinese hackers target Windows servers with SEO poisoning campaign
- Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks
- Chinese-made port cranes in US included ‘backdoor’ modems, House report says
- Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia
- Russia reportedly readies submarine cable ‘sabotage’
- Inside Thailand’s $2 Billion Scam Industry Now Targeting Americans
- Mustang Panda Feeds Worm-Driven USB Attack Strategy
- Phishing Pages Delivered Through Refresh HTTP Response Header
- GitLab warns of critical pipeline execution vulnerability
- 7M potentially pwned after payment services provider takes a year to notice break-in
- Cybersecurity attacks on schools are becoming more frequent and severe
- Threat Actors Exploiting Legitimate Software For Stealthy Cyber Attacks
- Hunters International claims ransom on Chinese mega-bank’s London HQ
- TfL requires in-person password resets for 30,000 employees after hack
- Ransomware attack forces high school in London to close and send students home
- Ransomware attack leaves some Apex residents with utility bills as high as $1,000
- NoName ransomware gang deploying RansomHub malware in recent attacks
- FBI and Homeland Security offering ‘support’ as City of Jacksonville deals with computer network issue
- Cyberattack on OneBlood nearly cut off blood supply to local hospitals
- Highline, WA Public Schools closes schools following cyberattack
- Japanese media giant investigating another reported data leak by BlackSuit hackers
- RansomHub ransomware abuses Kaspersky TDSSKiller to disable EDR software
- RansomHub claims Kawasaki cyberattack, threatens to leak stolen data
- Bug lets anyone bypass WhatsApp’s ‘View Once’ privacy feature
Other News Events of Note and Interest
- Cool Tool: Kali Linux 2024.3 Released with 11 New Hacking Tools
- Cool Tool: PowerToys 0.84.1 is out with fixes for the new Workspaces feature
- Cool Tool: VirtualBox 7.1 Released With Improved UI, Wayland Clipboard Sharing
- LibreOffice 24.8.1 Office Suite Is Now Available for Download with 89 Bug Fixes
- Want to use Windows 10 after Microsoft ends support? Meet 0Patch
- Windows 11 gets up to 80% performance and app compatibility boost in Parallels Desktop 20
- New AI reporting regulations
- How AI could change threat detection
- Lawsuit against TikTok ban set to begin in Washington
- Federal Highway Administration will adopt cyber tool created by CISA
- GSA official touts cyber posture as agency considers passwordless environment
- Google Introduces ‘Air-Gapped’ Backup Vault to Thwart Ransomware
- Google Wallet will let you make digital IDs with US passports
- Google tests desktop windowing for Android tablets
- Mozilla extends Firefox support on unsupported Windows versions to March 2025
- Huntress launches Managed SIEM, eliminating the complexity of traditional SIEMs
- KDE Plasma 6.1.5 Released with More Bug Fixes for Plasma 6.1 Users
- Telegram ends encryption for personal chats
- AT&T Shares What To Expect From AST SpaceMobile’s BlueBird Satellites
- Broadcom, AT&T Reach Temporary VMware Support Deal
- Research suggests more than half of VMware customers are looking to move
- How to easily share files between Windows and Android with Google’s Quick Share
- Flipper Zero releases Firmware 1.0 after three years of development
- Microsoft uses automated robots to disassemble and recycle HDDs
- Microsoft reveals ideas to improve Windows security updates after the Crowdstrike incident
- Microsoft makes quantum breakthrough, plans commercial offering
- Microsoft fixes Windows Server performance issues from August updates
- Microsoft to start force-upgrading Windows 22H2 systems next month
- Windows 10 KB5043064 update released with 6 fixes, security updates
- Windows 11 24H2 updates might fail due to “Operation is not supported” after KB5043080
- WordPress.org to require two-factor authentication for plugin developers
- New WordPress 6.6.2 Fixes Important Display Issue
Cyber Insurance News
- Evolving cyber insurance: A data-driven approach to risk management
- While Cyber Insurance Prices Decline, Watch Out for Terms and Conditions