September 21, 2024

Hello all,

It was eerily quiet this week as far as critical news items and vulnerabilities are concerned, with only a few rising to that level in my mind. That was helpful, because there were a lot of other important news items to notice. There were major wins like takedowns of botnets, and criminal communication networks, and seizure of crypto exchanges. There were also quite a few new unfortunate victims of ransomware, suffering massive harm from the efforts of these nefarious dirtbags. It is lamentable that ransomware has become so commonplace that it doesn’t merit headline news.

As usual, my commentary is followed by a plethora of links to other items that are worth skimming to see if they interest you or pertain to your particular environment or of those you support.

Headline NEWS:

• D-Link has some critical vulnerabilities in their DIR-X4860, DIR-X5460, and COVR-X1870 routers that require immediate patching due to how easy the defect is to exploit. Check yours immediately for updates.
• Google Chrome was patched for more high-severity flaws in the V8 engine. It seems like this is a continual game of whack-a-mole with this JavaScript engine. Expect other V8 enabled products to follow suit soon.
• Ivanti released patches for some defects in their Cloud Services Appliance (CSA) on September 10, 2024. Another defect in the code that was patched is now being actively exploited. The original patch does mitigate the flaw, so apply it immediately if you use CSA.
• SolarWinds has issued patches for defects in their Access Rights Manager (ARM). One of these is critical as it can allow for Remote Code Execution (RCE). Update immediately if you use this.
• Veeam released two separate patches that need to be applied to fully address a defect that allowed an unauthenticated RCE against any system version 12.12.172 and lower. Proof of Concept (PoC) code is out there in the wild already, so patch soon.
• VMware has unleashed a patch for a critical defect in vCenter which, if left unpatched, can allow for RCE. Update as soon as you’re able.

In Ransomware, Malware, and Vulnerabilities News:

• How Well do You Know Your Enemy? Describes the true nature of most of today’s cybercrime. There’s a verse in the Bible that says, we are not “ignorant of his schemes”, talking about the devil. We need to know who our adversary is, and his methods, so that we can take appropriate action. That is why I publish the Red Dot Newsletter; as the axiom says, “forewarned, is forearmed.”

In Other News Events of Note and Interest:

• Windows 11 24H2 is coming soon. In what was likely a slip-up by Big Redmond, a post about CoPilot inadvertently revealed that the October update cycle would see the widespread release of Windows 11 version 24H2. That reference has since been taken down. I guess we’ll see in a few weeks.

In Cyber Insurance News:

• Integris Launches CyberInsure Program in Partnership with EA Risk Partners. This announcement by Integris shows that partnerships by Managed Service Providers (MSPs) with insurance companies can have direct benefits for clients and the MSP. The client gets better security, rates, and coverage, and the MSP benefits from fewer security related issues at the client and by knowing that their client is properly covered in the event of a disaster.

Musings:
I mentioned the Bible verse about not being “ignorant of his schemes” earlier in this week’s newsletter. You must stay informed and aware, continually learning. Something that I tell people often is that “Ignorance can be fixed; stupid is forever.” If you don’t know something, learn. The availability of knowledge and resources has never been better than the age that we are living in. However, unless you avail yourself of them, those resources do you no good. Additionally, knowledge does nothing unless it is synthesized and applied to your particular situation, then it has the opportunity to become wisdom. I say “opportunity”, because all too often you hear that “wisdom only comes from experience”. I disagree. Experience by itself teaches you nothing; it is evaluated experience that brings wisdom. And you don’t need to be the person with the experience to benefit from the wisdom gained.

 

Keep the shields up.

 Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Critical Vulnerabilities Impact Millions Of D-Link Routers
• Chrome 129 Patches High-Severity Vulnerability in V8 Engine
• Ivanti Warns of Second CSA Vulnerability Exploited in Attacks
• SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks
• 1 PoC Exploit for RCE Flaw, but 2 Patches From Veeam
• Critical VMware Security Advisory addressing security vulnerabilities in VMware vCenter

Ransomware, Malware, and Vulnerabilities News

• ‘Ghost’ cybercrime platform dismantled in global operation, 51 arrested
• Despite Russia warnings, Western critical infrastructure remains unprepared
• CISA warns of Windows flaw used in infostealer malware attacks
• CISA Warns of Five Vulnerabilities Actively Exploited in the Wild
• CISA issues urgent advisories on ICS vulnerabilities in Siemens, Yokogawa, Millbeck equipment
• FBI raids Miami mansion linked to $230M crypto scam
• FBI boss says China ‘burned down’ 260,000-device botnet when confronted by Feds
• Chinese botnet infects 260,000 SOHO routers, IP cameras with malware
• Exploit code released for critical Ivanti RCE flaw, patch now
• Construction firms breached in brute force attacks on accounting software
• Zero-Click MediaTek Bug Opens Phones, Wi-Fi to Takeover
• Secure Boot-neutering PKfail debacle is more prevalent than anyone knew
• PKfail Secure Boot bypass remains a significant risk two months later
• Apple’s new macOS Sequoia update is breaking some cybersecurity tools
• GitLab releases fix for critical SAML authentication bypass flaw
• Clever ‘GitHub Scanner’ campaign abusing repos to push malware
• ‘SambaSpy’ RAT’s Multiple Features Pack Hefty Punch
• Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day
• How Well do You Know Your Enemy?
• US cracks down on spyware vendor Intellexa with more sanctions
• Chinese national accused by Feds of spear-phishing for NASA, military source code
• Espionage Attack Targets US-Taiwan Defense Conference
• Germany seizes 47 crypto exchanges used by ransomware gangs
• North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware
• Wherever There’s Ransomware, There’s Service Account Compromise
• Dell investigates data breach claims after hacker leaks employee info
• Threat Actor IntelBroker Allegedly Claims Leak of Deloitte Data
• Lockbit says it has hit eFile.com, again
• ReadText34 Ransomware Incident
• Gang Got $75 Million for Cencora Hack in Largest Known Ransom
• Preventing ransomware by fully remediating infostealer attacks
• Owner of only US platinum mine confirms data breach after ransomware claims
• Rhysida ransomware gang ships off Port of Seattle data for $6M
• Threat Actor 888 Allegedly Claims Leak of SAP Employees Data
• Valencia Ransomware explodes on the scene, claims California city, fashion giant, more as victims
• Ransomware attack leaves Columbus computer systems down 2 months
• Medusa Ransomware Exploiting Fortinet Flaw For Sophisticated Attacks
• Ransomware group releases screenshots in attempted extortion of Port of Seattle
• Providence schools without internet as they deal with ‘unprecedented’ network outage
• ‘Marko Polo’ Creates Globe-Spanning Cybercrime Juggernaut
• Snowflake slams ‘more MFA’ button again – months after Ticketmaster, Santander breaches
• Over 1,000 ServiceNow instances found leaking corporate KB data
• The AI Threat: Deepfake or Deep Fake? Unraveling the True Security Risks
• Deepfakes break through as business threat
• Ever wonder how crooks get the credentials to unlock stolen phones?
• Valid Credentials Most Common Initial Access Vector in Cyberattacks on Critical Infrastructure

Other News Events of Note and Interest

• Cool Tool: CrowdSec: Open-source security solution offering crowdsourced protection
• As TikTok ban heads to court, ByteDance’s Lemon8 surges
• Alibaba Cloud waiting for hardware to dry out before trying to restore customer data
• Fire at data centre causes India-wide outage for Reliance Jio users, source says
• AWS says customers are turning back to on-prem
• Cloud Exit: 42% of Companies Move Data Back On-Premises
• Qualcomm wants to buy Intel
• Google rolls out automatic passkey syncing via Password Manager
• Passwordless AND Keyless: The Future of (Privileged) Access Management
• Apple Intelligence is now live in public beta. Here’s what it offers and how to enable it
• How to reduce cyber risk during employee onboarding
• Election Security According to CISA
• Picus Security, founded by 3 Turkish mathematicians, raises $45M after simulating 1B cyberattacks
• US Looks to Align Security Across Government
• Ellison declares Oracle all-in on AI mass surveillance, says it’ll keep everyone in line
• Discord launches end-to-end encrypted voice and video chats
• What Is Phishing-Resistant MFA and How Does it Work?
• Intel reaches deal to make chips for US military
• Desktop hypervisors are like buses: None for ages, then four at once
• Cloudflare outage cuts off access to websites in some regions
• Microsoft fixes Authenticator design flaw after eight years overwriting accounts
• Some email apps are about to lose access to Outlook emails
• The end is in sight for Windows 10, but Microsoft keeps pushing out fixes
• Microsoft announces release date of the Windows 11 24H2 feature update
• What’s new with printers on Windows 11 version 24H2 (2024 Update)
• Microsoft promises “incredible performance boost” for modern Windows 11 apps
• The Copilot Academy is now available for all Microsoft 365 Copilot users
• Microsoft reveals more about how the new Copilot Agents work with Teams
• Microsoft plans to debloat Edge browser and take a leaf out of Google Chrome’s book when it comes to Settings
• Upcoming: OneDrive’s colored folders in Windows 11 File Explorer for Microsoft 365 business
• Microsoft fixes bug crashing Microsoft 365 apps when typing
• Microsoft rolls out Office LTSC 2024 for Windows and Mac
• Microsoft has scrapped Edge’s big UI refresh with rounded tabs
• Microsoft shares what to do when Office apps like Outlook give msls70.dll error
• Microsoft explains why it’ll push Windows 11 Patches right at the initial Setup on Intune
• Windows 11’s context menu gets a useful new feature, but only if you use Android
• Windows Server 2025 previews security updates without restarts
• Microsoft ends development of Windows Server Update Services (WSUS)

Cyber Insurance News

• Integris Launches CyberInsure Program in Partnership with EA Risk Partners
• CrowdStrike event reveals opportunity for non-malicious cyber coverage