September 2, 2023

Hello all,

For those of you in the United States, happy Labor Day weekend! May the computer muses smile on you during this extra day off and may your systems continue to hum along without you.

As usual, the complete Red-N Weekly Cyber Security News newsletter report is below the Notable Callouts. Don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

• DediPath a USA-based hosting provider gave their clients 24 hours’ notice that they were shutting down operations. Thankfully for those affected, they do appear to be giving some leeway in time to migrate away. I wonder if this is something Cyber Insurance would cover? Dedipath’s abrupt departure should be a poignant reminder of the importance of having your own backups that are not stored at the host site. Yes, it may be time consuming to restore elsewhere, but at least you don’t risk losing everything.
• Every Cellphone and TV in the USA will scream out a nationwide alert test at 11:20 a.m. Pacific time on Oct. 4, 2023. If you plan on having any meetings at that time, it may be wise to mute or shut down your phones.
• FBI along with an international coalition of defenders, took down a huge portion of the QakBot infrastructure in an operation named, “Operation Duck Hunt”. Due to the scope of the disruption, it will take the dirtbags quite some time to ramp back up. It is nice to have the good guys get a win for a change.
• Mozilla Firefox and Google Chrome both received patches this week for vulnerabilities. Update quickly as criminals are always waiting for things like this. Also, a reminder that Google will be updating Chrome weekly from now on. So, shut your Chrome browser down at least once a week to remain updated.
• Pigeon transport is still faster than gigabit ethernet, at least for distances less than 600 miles. Some researcher actually tested this by strapping a 3TB flash drive to the avian transporter and timed the results. There is actually an RFC, 1149, for “A Standard for the Transmission of IP Datagrams on Avian Carriers”. It needs a bit of updating, but the principle is clearly still sound. It reminds me of the old axiom, “Nothing beats the bandwidth of a station wagon fully loaded with mag-tape.”
• SentinelOne has put the kibosh on any merger or take over talks. Last week we’d reported that Wiz was interested in acquiring S1. That process has been halted and no further merger or takeover talks appear imminent.
• Splunk, makers of security and infrastructure monitoring products has patched high-severity flaws in their Splunk Enterprise product. If you use, it patch soon.
• VMware has released patches for their Aria Operations for Networks (formerly vRealize Network Insight). If you use this, patch immediately. As you’ll see later, a PoC has already been released into the wild that exploits one of the two holes.

In Ransomware, Malware, and Vulnerabilities News:

• Some grayhat hackers have deleted over 75,000 phones records from WebDetetive’s database, preventing the devices from connecting and sending any more data to the spyware host.
• In an interesting twist on extortion, Ransomware operators dealing with EU “customers” are now threatening them with GDPR The intent is to get the victims to pay hush-money to avoid GDPR penalties and notification rules.

In Other News Events of Note and Interest:

• The Jewish Children’s Museum in Brooklyn, New York will be host to the Jewish CyberSecurity Conference dubbed “Hacker’s HakhelCon” on September 5, 2023.
• Microsoft is making a change to how photo storage is calculated in OneDrive. If you store photos, and if you use albums, pay attention as this will affect you.

In Cyber Insurance News:

• Many insurers are now requiring specific security controls be in place before providing coverage. If not already existing, they must be purchased. Many of these revolve around access management, including IAM, PAM, MFA, and password management. Read more in The Reality of Cyberinsurance in 2023.

On this labor day weekend, raise an adult beverage of your choice, or flame up a beef or veggie burger, in honor of your tireless servers and cloud computing resources. While we take a day off, they are still hard at work shoveling electrons at light-speed all around the globe and even into space.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• DediPath, a hosting firm, abruptly ceases operations with less than 24 hours notice to customers
• Every cellphone and TV in America to blare with nationwide alert
• FBI takes down Qakbot botnet servers in international operation to combat ransomware
• High-Severity Memory Corruption Vulnerabilities Patched in Firefox, Chrome
• Yes, a Pigeon is Faster for Data Transfer than Gigabit Fiber Internet
• SentinelOne terminates cooperation with Wiz amidst takeover talk
• Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence
• VMware Aria Operations Networks at Risk from Remote Attacks

Ransomware, Malware, and Vulnerabilities News

• Free Key Group ransomware decryptor helps victims recover data
• New malware from North Korea’s Lazarus used against healthcare industry
• PoC Exploit Released for Critical VMware Aria’s SSH Auth Bypass Vulnerability
• Abandoned reply URL in Azure AD app could let attackers gain privileges to launch attacks
• Patient data from ransomware attack on Pennsylvania hospitals posted for sale online
• I Tracked an NYC Subway Rider’s Movements with an MTA ‘Feature’
• Hacking the future: Notes from DEF CON’s Generative Red Team Challenge
• Benevolent hackers clear stalking spyware from 75,000 phones
• Google Fixes Serious Security Flaws in Chrome and Android
• Chrome extensions can steal plaintext passwords from websites
• Massive cyberattack disables telescopes in Hawaii and Chile
• Cyberattackers Swarm OpenFire Cloud Servers With Takeover Barrage
• Ransom gang claims attack on Prince George County school district
• Chambersburg School District’s network disruption related to ransomware
• Malware loader lowdown: The big 3 responsible for 80% of attacks so far this year
• DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates
• Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs
• Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks
• Rackspace Faces Massive Cleanup Costs After Ransomware Attack
• DreamBus malware exploits RocketMQ flaw to infect servers
• AlphV group takes credit for ransomware attack on Georgia county
• Mom’s Meals discloses data breach impacting 1.2 million people
• Japan’s cyber security agency suffers months-long breach
• University of Michigan shuts down network after cyberattack
• APT Attacks From ‘Earth Estries’ Hit Gov’t, Tech With Custom Malware
• HTML Smuggling Leads to Domain Wide Ransomware
• Ohio History Connection hit with ransomware attack
• Four common password mistakes hackers love to exploit
• GDPR used by new ransom gang to extort victims
• Spain warns of LockBit Locker ransomware phishing attacks
• Attacks on Citrix NetScaler systems linked to ransomware actor
• Exploitation of Juniper Networks SRX Series and EX Series Devices
• Classiscam fraud-as-a-service expands, now targets banks and 251 brands
• Hacker group compromises MSSQL servers to deploy FreeWorld ransomware
• Hackers Can Exploit Windows Container Isolation Framework to Bypass Endpoint Security
• Okta Warns of Social Engineering Attacks Targeting Super Administrator Privileges
• New England Residents Affected By Third-Party Data Breach Of Power Companies
• Anonymous Sudan hacks X to put pressure on Elon Musk over Starlink
• LogicMonitor customers hacked in reported ransomware attacks
• Dangling DNS Used to Hijack Subdomains of Major Organizations
• Sourcegraph website breached using leaked admin access token
• Cybercriminals Team Up to Upgrade ‘SapphireStealer’ Malware
• Paramount discloses data breach following security incident
• 2 Polish Men Arrested for Radio Hack That Disrupted Trains
• Japan’s JPCERT warns of new ‘MalDoc in PDF’
• AI fueling rise in cyberattacks
• QR Code Phishing Attacks Spread
• PoC for no-auth RCE on Juniper firewalls released
• It’s a Zero-day? It’s Malware? No! It’s Username and Password
• Easy-to-exploit Skype vulnerability reveals users’ IP address

Other News Events of Note and Interest

• GTA 6 Hacker Found To Be Teen With Amazon Fire Stick In Small Town Hotel Room
• Jewish CyberSecurity Conference to be Held in Crown Heights
• SpiderOak demonstrates zero-trust software on ISS
• Tesla’s $300 Million AI Cluster went live last Tuesday
• My new favorite app is a free PDF editor
• Google Develops Quantum-Safe Security Keys
• Poe’s desktop app lets you use all the AI chatbots in one place
• Russian Chipmaker Baikal Goes Bankrupt, Assets Valued at Only $5 Million
• Google Launches Three New Cloud Storage Options: Cloud Storage FUSE, Parallelstore, NetApp Volumes
• 68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland
• US bans Nvidia, AMD AI chips’ export to some Mideast countries, amid China fears
• Chrome OS Flex is a strong Windows alternative for really old PCs
• 6 million DuoLingo users have scraped data released
• Linux Kernel 6.5 Released, Will Be Used in Ubuntu 23.10
• Email Authentication Protocols: SPF, DKIM, and DMARC
• MSI Offers Workaround to Fix Windows 11 ‘Blue Screen of Death’ Error
• Class-Action Lawsuit Forming Against Intel for ‘Downfall’ Chip Bug
• Introducing SharePoint new News Templates for stunning Outlook communications
• Did Microsoft Just Upend the Enterprise Browser Market?
• Microsoft deprecates some Edge features to improve and simplify its browser
• Microsoft reminds of Windows 11 21H2 forced updates before end of service
• Microsoft publishes mitigation instructions for Downfall vulnerability in Windows
• Microsoft is killing WordPad in Windows after 28 years
• Microsoft Launches Microsoft 365 Multi-Tenant Organizations
• The New Microsoft Teams Client Gets a Big Update to Enhance Multi-Tenant Collaboration
• Microsoft quietly ends unlimited cloud storage option on OneDrive
• Microsoft announces changes to OneDrive photo storage
• Microsoft pulls Bing ads for Google Chrome on Windows 11 after gaming disruption
• Microsoft ain’t happy with Russia-led UN cybercrime treaty
• Cyber scammers target parents, grandparents for digital theft
• 5 Ways to Prepare for Google’s 90-Day TLS Certificate Expiration

Cyber Insurance News

• Insurance Costs Rise, Coverage Shrinks, but Policies Remain Essential
• S&P Global reports profitability return in global cyber insurance market
• Report Reveals Growing Disparity in Cyber Insurance Landscape
• The Reality of Cyberinsurance in 2023