September 28, 2024

Hello all,

Summer is over, we are about to start the fourth quarter of the year, and we still have two weeks until Patch Tuesday. So, for many of us it should be a somewhat easier week. Unfortunately, also for many of us, it has been a devastating week due to a Layer-1 problem caused by hurricane Helene. Coastal areas of Florida have been massively impacted by storm-surges that were up to 15 feet high causing epic damage, and in places scouring entire communities away, leaving nothing but debris. Usually, these type of tropical cyclone events are primarily associated with those coastal areas and the islands. But Helene was incredibly large, and most of the rain ended up north of the hurricane, releasing torrential amounts of water into already swollen rivers in the south-eastern states of the USA. Resulting floods have been apocalyptic throughout much of the south-east, with the Carolinas particularly hard hit. Entire communities have been wiped off the map; it is heartbreaking. For many others, who are not as severely impacted, they could be without power and connectivity for weeks or months.

I don’t usually post this type of item, but if you’re able to help, please do. One organization that is always at the forefront of these humanitarian crises is the Red Cross. Their website is https://RedCross.org. Additionally, the affected states’ websites have links to resources that are actively helping and places where you can donate.

As this is a cyber security newsletter, I must move on to the cyber news from the prior week.

Headline NEWS:

• CrowdStrike senior vice president for counter adversary operations was leading the apology tour before the US Congress, vowing that they’ll never let anything like the July 19, 2024 blue-screen event happen again.
• ESET spol. s r.o. patched a critical vulnerability that could have allowed someone with low privilege to escalate to higher ones. You don’t need to do anything, this was fixed automatically. You’re welcome.
• HPE Aruba Networking has released updates for three critical flaws in their access points that can allow unauthenticated attackers to gain remote code execution (RCE) on vulnerable devices. Updates and mitigation guidance are out. This not known to be actively exploited – yet. So, patch soon.
• TeamViewer has released an updated version of their remote access software to address a defect that allows for someone with local unprivileged access on a Windows system to elevate their privileges and install drivers. The solution is to upgrade to the latest version. Do so quickly.
• VLC Player has a defect that allows someone to execute code remotely via a Microsoft Media Server (MMS) stream. Users are encouraged to update to the latest version to patch this flaw.

In Ransomware, Malware, and Vulnerabilities News:

• US Capitol Hit by Massive Dark Web Cyber Attack reveals that around 3,191 congressional staffers’ passwords, personal information, and more is available. Many items could be of a compromising nature which could lead to further security leaks.

In Other News Events of Note and Interest:

• WordPress.org and WP Engine are having a very public spat right now. There are several links in this section with details. If you use WP Engine, it would behoove you to stay aware of what is happening since it could affect your site’s security.

In Cyber Insurance News:

• Organization data on dark web increases cyber attack risk is an interesting report that correlates data found on the dark web with successful attacks on businesses. They recommend organizations monitor the dark web for items regarding them and take mitigating action on anything found.

Musings:

Does your Incident Response, Business Continuity, and Disaster Recovery plan have a provision for a hurricane Helene type catastrophe? Would your business survive if your location was damaged beyond repair? How about if your town or community was severely damaged? Do you have provisions for retaining employees if you’re down for an extended period of time? I could keep asking questions, and you need to. Now is the time to plan, when the clouds start rolling in and the water starts to rise it will be far too late.

 

Keep the shields up.

 Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• CrowdStrike exec apologizes before US Congress for software glitch behind July global outage
• ESET Patches Privilege Escalation Vulnerabilities in Windows, macOS Products
• HPE Aruba Networking fixes critical flaws impacting Access Points
• Patch now: Critical Nvidia bug allows container escape, complete host takeover
• Improper signature verification of driver installation in TeamViewer Remote client allows LPE
• VLC Player Vulnerability Let Attackers Execute Malicious Code 

Ransomware, Malware, and Vulnerabilities News

• US Capitol Hit by Massive Dark Web Cyber Attack
• US govt agency CMS says data breach impacted 3.1 million people
• US sanctions crypto exchanges used by Russian ransomware gangs
• FBI, Homeland Security investigating cyberattack on water treatment facility
• CISA again raises alarm on hacktivist threat to water utilities
• FBI raids government IT and cyber contractor Carahsoft
• CISA Releases Industrial Control Systems Advisories to Defend Against Cyber Attacks
• Ancient US air traffic control systems won’t get a tech refresh before 2030
• Hacker hacks NASA ‘again’, reports ‘vulnerabilities’; Here’s what the space agency did
• NIST proposes barring some of the most nonsensical password rules
• Multiple critical zero day vulnerabilities found in military and filling station fuel tanks
• Progress urges admins to patch critical WhatsUp Gold bugs ASAP
• Kaspersky deletes itself, installs UltraAV antivirus without warning
• Sweden accuses Iran of hacking messaging service after Koran burnings
• Major commuter station targeted in cyber-security attack
• Infostealer malware bypasses Chrome’s new cookie-theft defenses
• Hackers deploy AI-written malware in targeted attacks
• Hackers Could Have Remotely Controlled Kia Cars Using Only License Plates
• Dallas suburb working with FBI to address attempted ransomware attack
• Ransomware Task Force finds 73% attack increase in 2023
• RansomHub genius tries to put the squeeze on Delaware Libraries
• New RomCom malware variant ‘SnipBot’ spotted in data theft attacks
• Modified LockBit and Conti ransomware shows up in DragonForce gang’s attacks
• Dallas-based MoneyGram takes itself offline as it probes cybersecurity issue
• 106 million Americans exposed as massive data leak rocks background check firm
• Deloitte Says No Threat to Sensitive Data After Hacker Claims Server Breach
• AutoCanada says ransomware attack “may” impact employee data
• Embargo ransomware escalates attacks to cloud environments
• Scranton School District officials pay ransom to attackers
• New Mallox ransomware Linux variant based on leaked Kryptina code
• Novel Exploit Chain Enables Windows UAC Bypass
• Flax Typhoon’s Botnet Actively Exploiting 66 Vulnerabilities In Various Devices
• Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk
• Critical Unauthenticated RCE Flaw Impacts all GNU/Linux systems
• Worried about that critical RCE Linux bug? Here’s why you can relax
• FreeBSD Hypervisor Vulnerability Lets Attackers Execute Malicious Code
• Move over, Cobalt Strike. Splinter’s the new post-exploit menace in town
• Android malware ‘Necro’ infects 11 million devices via Google Play
• MFA bypass becomes a critical security issue as ransomware tactics advance
• QR Code Phishing Attack Bypasses Email Security Scanners & Abuse SharePoint
• Cofense report reveals new phishing scam using TikTok URLs to target Microsoft 365 credentials
• Phishing and Deepfakes Emerge as the Leading AI-Powered Threats, While Cybersecurity Budgets Continue to Rise
• Threat Actors Shift to JavaScript-Based Phishing Attacks
• Citrix XenServer & Hypervisor Vulnerability Lets Malicious Admin Crash the Host 

Other News Events of Note and Interest

• Linux boots in 4.76 days on the Intel 4004
• CISA Releases Active Directory Security Guide to Mitigate Cyber Attacks
• Intel finds root cause of CPU crashing and instability errors, prepares new and final microcode update
• Finally, HP is adding AI to its printers
• AI bots now beat 100% of those traffic-image CAPTCHAs
• AI crawlers are hammering sites and nearly taking them offline
• Congress Advances Bill to Add AI to NVD
• Meta pays the price for storing hundreds of millions of passwords in plaintext
• The Internet Archive’s Fight to Save Itself
• Combating phishing attacks through awareness and simulation
• Internet Providers, Wi-Fi Router Vendors Can Now Ship Cloudflare’s DNS for Free
• Cloudflare Launches Free Threat Intelligence for 10 New Security Tools
• ServiceNow root certificate blunder leaves users high and dry
• Disney moves to Microsoft Teams after data breach
• Mozilla’s new brand plans to ‘reclaim the internet’
• Mozilla accused of tracking users in Firefox without consent
• Google sees 68% drop in Android memory safety flaws over 5 years
• Google files first ever complaint with European Commission against Microsoft
• Microsoft Trims Cloud Cyberattack Surface
• Microsoft 365 Apps Version 2409 rolls out with new features and fixes
• Microsoft fixes Outlook mail encryption label bug that won’t let you select or change it
• Microsoft Outlook Mobile build 4.2437.0 rolls out with menu changes
• Windows 11 will show more Disk details in the Task Manager
• Microsoft will block new Teams app on older Windows 10 and 11 versions
• Winamp releases source code, asks for help modernizing the player
• WP Engine is not WordPress
• Automattic sends WP Engine its own cease-and-desist over WordPress trademark infringement
• WordPress.org denies service to WP Engine, potentially putting sites at risk
• WordPress.org temporarily lifts its ban on WP Engine 

Cyber Insurance News

• Organisation data on dark web increases cyber attack risk: Marsh McLennan
• Cyber insurance price hikes stabilize as insurers expect more from CISOs