September 16, 2023

Hello all,

For our Jewish readers, Shanon Tovah! Last night marked the beginning of Rosh Hashanah, the first day of the Jewish New Year. For all of us, happy Patch Tuesday week – it has been a big one! It actually started the week prior with some rumblings of the WebP codec vulnerability, and then exploded with nearly everyone out there needing to scramble to patch the critical flaw. Then Patch Tuesday hit with Microsoft and a cadre of vendors releasing patches.

As usual, the complete Red-N Weekly Cyber Security News newsletter report is below the Notable Callouts. Don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

• Adobe leads the alphabet, so they get to be the first mentioned patch this week. Make sure you check all of your Adobe products for updates, not just Reader. Adobe has updated a lot of their offerings.
• Google, Microsoft, Mozilla, Brave, and others have released updates for their browsers. Most were for the WebP vulnerability, but there were other patches as well. Patch quickly.
• Columbia, yes, the country, is reporting that much of their infrastructure is down due to a ransomware attack on their hosting company. US-owned company IFX Networks provides web hosting services to 17 countries. In addition to the country of Columbia, the attack has affected 762 companies across Latin America.
• Microsoft, amidst the Patch Tuesday updates, also put out a reminder that DC full Kerberos enforcement is coming soon. Check your event logs to ensure that things will continue to authenticate once they flip the switch in a future update.
• Patch Tuesday from Microsoft brought fixes for 61 CVE’s, some of which are under active exploitation, so patch quickly.
• Oracle and Microsoft – hell must have had a significant drop in temperature this past week. Larry Ellison actually sat on stage with Satya Nadella in Redmond, WA and announced that Oracle products would be available in Azure.
• WebEx Some dirtbags managed to purchase the top result for when someone searches for WebEx and they are loading up malware. Always be wary of search results. The web is not a safe place.
• WebP – I know I’ve mentioned it already, but this one is going to take a while to fully mitigate. The libwebp library is used in many products that render graphics, including Electron based apps. Check with your vendors for updates and statements relating to this vulnerability.

In Ransomware, Malware, and Vulnerabilities News:

• MGM Resorts have been in the news all week due to the size of the ransomware attack. Late in the week it was revealed that a “10-minute phone call” was all it took for the waste-of-flesh criminals to trick the helpdesk into granting access. That brings up a very timely and critical question. How do you verify identity? What process does your helpdesk employ? Even knowing the person’s voice isn’t enough, as Retool found out. See below.
• Retool a software development platform was hacked. Part of the vector involved using deepfake technology to impersonate someone’s voice to convince the helpdesk to provide access.

In Other News Events of Note and Interest:

• North American Airspace Defense is getting a cloud-based backbone next month. When I read things like this, I can’t help but think the clock hands just moved a bit closer to SkyNet coming online.
• Windows 11 will be getting a new feature to block NLTM attacks over SMB. Pay attention to this one as older devices could lose connectivity once enabled.
• Google and Chromebooks. In a massive announcement that should provide a bit of a shakeup to the perpetual update cycle, Google has announced that they will provide 10 years of support for new Chromebooks starting in 2024.

In Cyber Insurance News:

• The state of Illinois has passed legislation that affects you if you sell hardware or software that collects biometric information from one of their citizens.

The WebP vulnerability underscores the need to have layers of defense. You can be doing everything correctly, and an infrequently used software program, such as GIMP, could compromise your entire network unless it has proper defenses in place.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Adobe Says Critical PDF Reader Zero-Day Being Exploited
• Google Rushes to Patch Critical Chrome Vulnerability Exploited in the Wild
• Chrome, Firefox, Brave, and Edge are patched for a big security vulnerability
• Colombia Reports Cyberattack With Impact Across Latin America
• Microsoft reminds about Windows DC Kerberos Netlogon full enforcement which is coming up
• Microsoft’s September 2023 Patch Tuesday Addresses 61 CVEs
• Oracle brings its database infrastructure to Microsoft Azure
• Patch Tuesday, Grab those updates: Microsoft flings out fixes for already-exploited bugs
• Ongoing Webex malvertising campaign drops BatLoader
• Critical WebP bug: many apps, not just browsers, under threat

Ransomware, Malware, and Vulnerabilities News

• New HijackLoader Modular Malware Loader Making Waves in the Cybercrime World
• How Attackers Get In: Unpatched Vulnerabilities and Compromised Credentials
• Ransomware access broker steals accounts via Microsoft Teams phishing
• Password-stealing Linux malware served for 3 years and no one noticed
• Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper
• North Korean hackers targeting vulnerability researchers with zero-day attacks
• Rhysida gang claims to have hacked three more US hospitals
• US-Canada water commission confirms ‘cybersecurity incident’
• Microsoft Teams Hacks Are Back, as Storm-0324 Embraces TeamsPhisher
• Overcoming the Rising Threat of Session Hijacking
• Save the Children feared hit by ransomware, 7TB stolen
• Caesars Entertainment reportedly paid ransomware demand
• MGM Resorts computer outage blamed on cyberattack
• Hackers claim it only took a 10-minute phone call to shut down MGM Resorts
• MGM casino’s ESXi servers allegedly encrypted in ransomware attack
• The main causes for ransomware reinfection
• Rust-Written 3AM Ransomware: A Sneak Peek into a New Malware Family
• 3AM: New Ransomware Family Used As Fallback in Failed LockBit Attack
• Ransomware attack hits Sri Lanka government, causing data loss
• BlackCat ransomware hits Azure Storage with Sphynx encryptor
• Zero-Day Summer: Microsoft Warns of Fresh New Software Exploits
• Rollbar discloses data breach after hackers stole access tokens
• Retool blames breach on Google Authenticator MFA cloud sync feature
• Google Account Sync Vulnerability Exploited to Steal $15M
• 6 simple cybersecurity rules to live by
• Airbus suffers data leak turbulence to cybercrooks’ delight
• Critical GitHub Vulnerability Exposes 4,000+ Repositories to Repojacking Attack
• ORBCOMM ransomware attack causes trucking fleet management outage
• Automotive supply chain vulnerable to attack as cybersecurity regulation looms
• Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads
• New WiKI-Eve attack can steal numerical passwords over WiFi
• Attackers Abuse Google Looker Studio to Evade DMARC, Email Security
• macOS MetaStealer | New Family of Obfuscated Go Infostealers Spread in Targeted Attacks
• Apple Released New Security Update Ahead of iPhone Event
• Check Point: Hackers Are Dropping USB Drives at Watering Holes
• Windows 11 ‘ThemeBleed’ RCE bug gets proof-of-concept exploit
• Thousands of unprotected security cameras spying
• ‘Anonymous Sudan’ Sets Its Sights on Telegram in DDoS Attack
• Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns
• Wyze home cameras temporarily show other people’s security feeds
• ICS Patch Tuesday: Critical CodeMeter Vulnerability Impacts Several Siemens Products
• Revealed: Israeli Cyber Firms Have Developed an ‘Insane’ New Spyware Tool
• UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety
• Peach Sandstorm password spray campaigns enable intelligence collection at high-value targets
• N-Able’s Take Control Agent Vulnerability Exposes Windows Systems to Privilege Escalation
• Microsoft Uncovers Flaws in ncurses Library Affecting Linux and macOS Systems
• Here’s why cloud credentials are the hottest item on criminal marketplaces

Other News Events of Note and Interest

• New Cyber Office Demonstrates Importance of Tackling Maritime Cyber Threat
• “Hacker’s HackelCon” Raised the Bar In More Ways Than One
• Why executives should never be exempted from cybersecurity policy
• Adobe Hikes Creative Cloud Prices as it Rakes in Record Revenue
• CISA advisory committee urges action on cyber alerts and corporate boards
• North American Airspace Defense Getting Cloud-Based Backbone Next Month
• Exploring the Value of Microsoft 365 Multi-Tenant Organizations
• Wiz and Fortinet announce partnership to deliver cloud-native security protection
• How to access thousands of free audiobooks, thanks to Microsoft AI and Project Gutenberg
• Edge 117 is out with sync favorites recovery, Edge for Business, and deprecated features
• Microsoft releases update for Edge on Windows 7 and 8
• China May Have Unmatched Supercomputer Abilities, Third Exascale Machine Apparently Online
• Sysinternals: The best tools for Windows troubleshooting
• Windows Update repair methods, high CPU, Disk, Memory usage
• New Windows 11 feature blocks NTLM-based attacks over SMB
• Microsoft updates the Windows 11 Snipping Tool app with OCR, and brings powerful new features to Phone Link and Windows Photos
• Enhanced Windows 365 App Experience – Re-imagining mobile productivity
• NIST releases Cybersecurity Framework 2.0 draft
• US Homeland Security Department reveals new AI guardrails as it deploys technology across agency
• Cybersecurity and Compliance in the Age of AI
• Microsoft CEO Nadella Calls Joint Oracle Offering A ‘Profound’ Moment For AI
• Google extends automatic updates for Chromebooks
• How to use lockdown mode on Android

Cyber Insurance News

• Insurance Costs Rise, Coverage Shrinks, but Policies Remain Essential
• Leverage The Benefits Of Cyber Insurance
• The MOVEit Hack, Ransomware Attacks, and Cyber Insurance – National Law Review
• Cyber report calls for product clarity amid “finite” reinsurance capacity
• Protecting your clients from the reach of Illinois’ BIPA legislation