September 30, 2023

Hello all,

This week has seen the release of a number of new features and enhancements from Microsoft and some exciting product announcements from other vendors. Sadly, there has also been a plethora of warnings and alerts, some of which are extremely critical. Let’s take a look at the Notable Callouts.

As usual, the complete Red-N Weekly Cyber Security News newsletter report is below the Notable Callouts. Don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

Exim mail server software has been found to have an unpatched vulnerability which allows remote attackers to execute arbitrary code on affected installations without authorization. As of publication there was no response from the maintainers of Exim. The potential for abuse is monumental as there were 3.5 million Exim servers online, according to Shodan. Additionally, there are five other zero-days that need to be patched.
Cell Phones – if you have one, expect it to likely go off on October 4, 2023, sometime around 2pm, as the federal government tests the Emergency Alert System.
CISCO had a bad week. First, Japanese and US authorities alerted the world to Chinese state threat groups having infiltrated and embedded themselves deep in the firmware of some of Cisco’s routers. Guidance was released on detection. Then, as to pile on insult to the injury, that announcement came just one day prior to Cisco’s semi-annual release of updates in which the networking giant revealed patches for eight vulnerabilities affecting its IOS and IOS XE operating systems. At least one of the vulnerabilities is a zero-day. Obviously, if you use Cisco gear, pay attention, and check yours against the announcements.
Google reclassified a maximum score to a CVE that was originally thought to be only for Chrome browser. It is actually for the WebP graphics library zero-day that we’d brought to light last week. This is now rated a maximum 10 out of 10 on the CVSS score. As if that wasn’t enough, this week, the VP8 and VP9 video code library – libvpx – developed by Google and the Alliance for Open Media was shown to have a zero-day requiring immediate patching. Major browser vendors have, or are in the process of, releasing patches. Naturally, just like with libwep, any software where the libvpx library is being used will need to be updated.
Motorola in a chilling move is disabling phones that were purchased in Mexico that are not authorized for use on Mexican cellular networks. This action should be condemned as strongly as possible. If the cell carriers don’t want the devices on their networks, don’t allow them to activate. But, to brick a device that a consumer legally purchased is criminal in this writer’s opinion.
Progress Software can’t catch a break. MOVE-it will go down in history as one of the largest hacks with over 2,100 organizations impacted so far, and now their WS_FTP Server software has been shown to have two flaws, one of which allows unauthenticated attackers to execute remote commands. Thankfully, this does not appear to be under active exploitation, yet.

In Ransomware, Malware, and Vulnerabilities News:

FBI has warned of “Dual Ransomware” attacks. In which a threat actor may deploy two different encryptors, and then demand two sets of payments.
SharePoint has a critical authentication bypass vulnerability that now has a PoC out there. Expect bad guys to start actively exploiting it. Patch now if you still used SharePoint on premises.
House Hearing on Ransomware was recently held in Washington. There is the usual unfortunate partisan posturing by the legislators, but the stories from the victims makes it compelling to watch.

In Other News Events of Note and Interest:

Kyle Hanslovan from Huntress Labs was recently quoted on CNBC urging adoption of 2FA, as it is the “single biggest” protection from having bad things happen to your accounts.

In Cyber Insurance News:

Ransomware Insurance Claims from businesses hit a historic high is the headline. It should come as no shock to regular readers. But ransoms are getting larger, and the mitigation, legal, and regulatory costs related to a successful attack are skyrocketing.

While in the process of writing this week’s Red-N-Security newsletter, outside on my enclosed patio, I observed a bandit emerging from my shed. Let me explain, I’d noticed a few days ago that one of the soffits had been loosened and was hanging down. I suspected an animal had successfully breached my defenses. I fixed the soffit and put a security camera, with motion activated spotlight, in a place where it could catch any further activity. Two days later, while reviewing the prior night’s video, I watched as the bandit, a masked criminal known as a racoon, triggered the camera, stared at it for a while, looked around, and then proceeded to hang from the roof and break into the soffit, crawling into my shed to make a royal mess of things. So, after seeing the masked bandit leave, I hurried to seal the breach and this time ensure that it would be impossible to get in again.

My adventure with the determined, brazen masked bandit made me think about security in general. I had thought the shed was secure. I even had a camera with a motion activated spotlight in place. However, when the light came on, and no other consequence happened, the bandit continued her criminal activity. I had the evidence, but the damage inside had already been done. We can have the world’s best detection measures in place, but unless someone is alerted in real-time to respond, or responds quickly, a mess will occur, and a lengthy and potentially costly cleanup will result. Who is watching your shed, or network?

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

Cyber Insurance News

Like this: