September 9, 2023

Hello all,

I thought it would be the calm before the patch-Tuesday storm. Alas no. Toward the end of this week significant numbers of items crossed my desk. So, read on.

As usual, the complete Red-N Weekly Cyber Security News newsletter report is below the Notable Callouts. Don’t forget, our site, https://red-n-security.com also has searchable archives of past newsletters.

Notable Callouts:

• Apple patched two zero-days this week. Do not delay in applying the patches. These are no-click exploits that are being actively used to deploy spyware and worse. If your device does not yet have a patch available (and even if it does) you should consider enabling lockdown mode. This will help to mitigate zero-click vulnerabilities as the actions that would trigger malware would now require user interaction.
• ASUS is in the news several times this week. The first is not so good as many of their routers have critical remote code execution flaws that require patching. The second report, in the Other News Events of Note and Interest section links to an announcement that ASUS has purchased Intel’s NUC line and are now manufacturing them.
• Android OS versions 11-13 received updates for zero-day and critical flaws, among other fixes and patches. You’ll need to check with your hardware manufacturer for updates as Google only updates their Pixel phones. Google does, however, make patches freely available for all vendors.
• CISCO is in the headline news several times this week. The first is for 8 vulnerabilities found in their Open Automation Software (OAS) Platform. Update to version 19 to mitigate. The second is for Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform. They are cloud communication services that have been found to have a number of issues. No known exploitation is underway, so patch quickly. And finally, Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software has been under unrelenting attack from Ransomware group Akira via the remote access VPN feature of Cisco ASA and FTD and can be exploited remotely, without authentication, in brute force attacks. They have provided guidance on mitigation and detection.
• Hillsborough County, FL Schools have been targets of a “cyberattack”. This is notable because many of our readers are in this locality. While currently there is “ no indication that there was any unauthorized access to data stored in our student information system.” The investigation is sill in early stages.
• Microsoft released additional information about the Azure compromise that led to many US government mailboxes being accessed by what is reported to be the Chinese government.
• Sabre is a behemoth travel booking company used by the likes of American Airlines, US Airways, Frontier, Expedia, JetBlue, Travelocity, and more. An aptly named ransomware group, Dunghill, has seemingly managed to exfil quite a bit of data and has threatened to release 1.3 terabytes of purloined information if their extortion demands are not met.
• Toyota was engaged in a massive database maintenance and ran out of disk space forcing a shutdown 28 assembly lines at 14 auto plants in Japan for several days while more storage was procured and configured.

In Ransomware, Malware, and Vulnerabilities News:

• A Windows 7 IoT machine caused a cyberbreach. The “LockBit Ransom group conducted the attack on the company’s network, and Zaun admitted the group may have exfiltrated 10GB of data.” The activity was discovered before encryption was deployed.

In Other News Events of Note and Interest:

• A Windows 11 bug in File Explorer appears to actually make it faster. Hopefully, Microsoft determines why and makes this bug a feature.
• The founder of Turkey Crypto Exchange Thodex received 11,196 years in prison for his involvement in the “criminal fraud”. I’m guessing he won’t be released anytime soon. I wonder if they’ll just wall his cell up after his demise like a time capsule, to be opened in 11,140 years.

In Cyber Insurance News:

• The Delinea cyber insurance report for 2023 is out. There’s some great data there.

Your network is like a castle. And like a castle you need layered defenses, berms, moats, walls, burning oil and archers on the parapets, and inner keeps. Also, like medieval feudal lords, ensure you have allies that can come to your aid when you are under attack. Together you are more likely to prevail.

Viscount Zebulon Wamboldt Pike
Red-N Weekly Cyber Security News

Headline NEWS

• Apple Hit By 2 No-Click Zero-Days in Blastpass Exploit Chain
• ASUS routers vulnerable to critical remote code execution flaws
• September Android updates fix zero-day exploited in attacks
• Atlas VPN zero-day allows sites to discover users’ IP address
• Cisco Finds 8 Vulnerabilities in OAS Industrial IoT Data Platform
• Cisco BroadWorks impacted by critical authentication bypass flaw
• Cisco ASA Zero-Day Exploited in Akira Ransomware Attacks
• Hillsborough County, FL Schools targeted in cyberattack
• JSCAPE MFT secure managed file transfer product by Redwood Software – CVE-2023-4528
• Microsoft says compromise of its engineer’s account led to Chinese hack of US officials
• Dunghill Leak group claims credit for Sabre data breach
• Toyota Shut Down 14 Factories Due to ‘Insufficient Disk Space’

Ransomware, Malware, and Vulnerabilities News

• Microsoft no longer suggests overlooking “Downfall” of Intel 7th 8th 9th 10th 11th Gen CPUs
• AMD Zenbleed Vulnerability Fix Tested: Some Apps Drop 15%, Gaming Unaffected
• VPN privacy: more than 70% of providers are breaching GDPR
• CDW Data Breach Claimed by LockBit Ransomware Group
• CISA wrapping up cyber incident reporting rule
• Ransomware attacks go beyond just data
• Beware of New Fileless Malware that Propagates Via Spam Mail
• Barracuda ESG Zero-Day Attacks by Chinese Hackers Compromised Many U.S. Gov Email Severs
• US and UK sanction 11 TrickBot and Conti cybercrime gang members
• Apache Superset Vulnerabilities Expose Servers to Remote Code Execution Attacks
• German financial agency site disrupted by DDoS attack
• Half of Switzerland’s large companies have been the victim of a cyber attack
• Proofpoint unveils new features to break cyberattack chain
• Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach
• Hackers exploit MinIO storage system to breach corporate networks
• Microsoft PowerShell Gallery Littered with Critical Vulnerabilities
• Freecycle confirms massive data breach impacting 7 million users
• Golf club maker Callaway says 1 million affected by data breach
• New Research Exposes Airbnb as Breeding Ground For Cybercrime
• Criminal enterprise flaunts AI in creepy ‘fraud-for-hire’ commercial meant for dark web
• Windows 7 industrial machine controller, entry point for an attack on a fencing supplier to the UK military
• University of Michigan requires password resets after cyberattack
• Mac users targeted in new malvertising campaign delivering Atomic Stealer
• BlueShell Malware – Attack Windows, Linux, & Mac Systems
• Hacker Group Disguised as Marketing Company to Attack Enterprise
• Mirai trojan arrives in a new disguise to Android-based TV sets and TV boxes
• MITRE and CISA Release Open Source Tool for OT Attack Emulation
• LockBit leaks sensitive data from maximum security fence manufacturer
• What’s in a NoName? Researchers see a lone-wolf DDoS group
• You patched yet? Years-old Microsoft security holes still hot targets for cyber-crooks
• Hacking device Flipper Zero can spam nearby iPhones with Bluetooth pop-ups
• Spam is up, QR codes emerge as a significant threat vector
• Key Cybersecurity Tools That Can Mitigate the Cost of a Breach
• IBM report – Cost of a data breach 2023
• New BLISTER Malware Update Fueling Stealthy Network Infiltration
• Chaes malware now uses Google Chrome DevTools Protocol to steal data
• Researchers Warn of Cyber Weapons Used by Lazarus Group’s Andariel Cluster
• Coffee Meets Bagel says recent outage caused by destructive cyberattack
• W3LL Store: How a Secret Phishing Syndicate Targets 8,000+ Microsoft 365 Accounts
• How China Demands Tech Firms Reveal Hackable Flaws in Their Products
• Threat Actors Exploit MS SQL Servers to Deploy FreeWorld Ransomware
• Cybersecurity flaws: “Zero-day summer” is now a year-round problem
• Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant
• Wiz CTO: Microsoft Cloud Breach Findings Raise ‘Many More Questions’
• ProtonMail Code Vulnerabilities Leaked Emails
• CNMF and Partners Illuminate Iranian Exploitation Efforts
• Active North Korean campaign targeting security researchers
• New Agent Tesla Variant Uses Excel Exploit to Infect Windows PC
• Multiple nation-state hackers infiltrate single aviation organization
• Dozens of Unpatched Flaws Expose Security Cameras Made by Defunct Company Zavio
• Notepad++ 8.5.7 released with fixes for four security vulnerabilities
• AI abuse grows beyond phishing to multistage cyberattacks
• Hinds County, MS computer system remains under ransomware attack
• Massive DDoS attack on U.S. financial company thwarted by cyber firm
• As LotL Attacks Evolve, So Must Defenses

Other News Events of Note and Interest

• AWS shuts down its first-gen compute and network infrastructure
• Anthropic launches a paid plan for its AI-powered chatbot
• Asus takes over Intel’s NUC tiny PC business
• IBM Cloud to ‘uplift’ prices by up to 29 percent
• Google’s Nest cameras just got a massive subscription price hike
• Chrome is about to look a bit different
• Google’s cookie-replacing Privacy Sandbox reaches general availability
• Israeli cyber security firm ThetaRay raises $57 million in private round
• LibreOffice: Stability, security, and continued development
• High Quality 3D Scene Generation From 2D Source, In Realtime
• Unlock Team Productivity with Microsoft Collaborative Document Editing
• Is China’s Temu a data security threat for shoppers?
• Windows 11 bug ironically boosts File Explorer speed, making things load instantly
• Microsoft will stop offering third-party printer drivers through Windows Update soon
• MSI fixes Windows 11 BSOD ‘unsupported processor’ errors with new BIOS updates
• How to disable Chrome’s new targeted ad tracking
• Intel Found at Fault for Recent BSODs on Raptor Lake CPUs
• A year after the disastrous breach, LastPass has not improved
• Google Chrome pushes ahead with targeted ads based on your browser history
• Russian infosec boss gets nine years for $100M insider-trading caper using stolen data
• New research reveals most-attacked, most-vulnerable assets
• Ozer, Founder of Failed Turkey Crypto Exchange Thodex Gets 11,196 Years Prison

Cyber Insurance News

• Insurer fined $3M for exposing data of 650k clients for two years
• The annual Delinea State of Cyber Insurance Report
• Cowbell expands partnership with Cloudflare
• Cyber Insurance Explained: What It Covers, Who Needs It