Another Critical Microsoft Patch: Cyber Security Today for Wednesday, January 22, 2024 - Cybersecurity Today

Summary5 min read

Cybersecurity Today: Detailed Episode Summary

Host: Jim Love
Episode Title: Another Critical Microsoft Patch: Cyber Security Today for Wednesday, January 22, 2024
Release Date: January 22, 2025

In this episode of Cybersecurity Today, host Jim Love delves into several pressing cybersecurity issues affecting businesses and governmental bodies. The discussion covers a range of topics from critical vulnerabilities in internet protocols to significant data breaches and essential software patches. Below is a comprehensive summary of the key points, discussions, insights, and conclusions presented during the episode.

1. Critical Vulnerabilities in Internet Tunneling Protocols

Timestamp: [00:02]

Jim Love begins the episode by highlighting a recent study that uncovered severe vulnerabilities in widely used internet tunneling protocols. The study, conducted by cybersecurity experts at KU, Levin, and Top10VPN, revealed that over 4.2 million systems are exposed to potential exploitation due to flaws in protocols such as IPIP, GRE 4 in 6, and 6 in 4. These protocols are essential for transferring data across networks, but the identified flaw allows attackers to:

Hijack systems for anonymous attacks
Launch denial of service (DoS) campaigns
Gain unauthorized access to private networks

Key Insights:

Lack of Authentication: Many systems do not verify the sender's identity when accepting tunneling packets, making them vulnerable to exploitation.
Global Impact: An internet-wide scan detected vulnerable systems in countries like China, France, Japan, the US, and Brazil. Affected devices include VPN servers, ISPs' routers, and mobile network gateways.

Recommendations:

Implement Authentication and Encryption: Network administrators should ensure that tunneling protocols use proper authentication and encryption to secure data transfers.
Update Network Devices: Regular updates to network infrastructure can mitigate existing vulnerabilities.
Routine Security Audits: Conducting frequent security assessments helps in identifying and addressing potential weaknesses proactively.

Jim emphasizes the critical nature of these measures, noting, “With millions of hosts at risk, these measures are essential to prevent attackers from exploiting these vulnerabilities” [02:30].

2. Data Breach at Avery

Timestamp: [10:15]

The episode transitions to discuss a significant data breach at Avery, a well-known label maker company. The breach compromised the payment details of 61,000 customers, making them susceptible to potential fraud. Key details of the incident include:

Duration of Attack: The credit card skimmer was embedded on Avery’s website from July 18 to December 9, 2024.
Data Compromised: The skimmer harvested sensitive information such as names, addresses, emails, phone numbers, and full payment card details, including CVV codes.
Discovery and Response: Avery discovered the malware on December 9 and promptly launched an investigation. Since the breach, customers have reported fraudulent charges and phishing attempts.

Expert Analysis: Jim explains that credit card skimmers are notoriously difficult to detect because they exploit vulnerabilities in website content management systems. The malicious JavaScript integrated with legitimate scripts makes these attacks seamless and hard to spot.

Recommendations for Customers:

Update Antivirus Tools: Regularly updating antivirus software helps in detecting and blocking such skimmers.
Enable Browser Protection: Activating browser security features can prevent the execution of malicious scripts.
Monitor Bank Accounts: Customers are advised to vigilantly monitor their bank statements for any unusual activity and report fraudulent transactions immediately.

Avery has expressed regret over the incident and is committed to enhancing its cybersecurity measures to prevent future breaches.

3. Ransomware Attack on the City of Hamilton

Timestamp: [18:45]

Jim Love shifts focus to a significant ransomware attack that struck the City of Hamilton in Ontario, Canada, in February 2024. The attack disrupted several municipal services, including:

Transit Payroll Systems
Tax Systems
Building Permit Applications

Financial Impact and Recovery Efforts: The city estimates a $52 million expenditure over the next three years to rebuild its secure IT infrastructure. Breakdown of the funds includes:

2025 Allocation: $30 million to support 21 priority projects, such as upgrading asset management systems, fire dispatch software, and financial platforms.
Hiring Plans: The city plans to hire 48 full-time staff, including project managers, AI specialists, and cybersecurity analysts to oversee IT improvements.

Criticism and Transparency Issues: While the city officials assert the necessity of these expenditures, some details remain confidential, sparking concerns about transparency. Councillor Brad Clark criticized the secrecy, stating, “If we're spending this kind of money, residents deserve to know where it's going” [20:10]. City officials counter that withholding specifics is essential to prevent exposing vulnerabilities to potential attackers.

Future Measures: A planned cybersecurity audit will evaluate the city's response to the attack and recommend further defenses to ensure resilience against future incidents.

4. Microsoft Issues Critical Outlook Patch

Timestamp: [28:30]

The episode concludes with an urgent update from Microsoft, which has released a critical patch for Outlook addressing the vulnerability CVE-2025-21298. This vulnerability is rated 9.8 out of 10 on the Common Vulnerabilities and Exposures (CVE) scale and poses a severe threat due to the following reasons:

Nature of the Flaw: The vulnerability exists in the Windows Object Linking and Embedding (OLE) mechanism, allowing attackers to execute remote code via malicious Rich Text Format (RTF) documents.
Exploitation Vectors: The flaw can be exploited through email phishing campaigns, and even the Outlook Preview pane can serve as an attack vector.
Active Exploitation: The vulnerability has been actively targeted by threat actors, making the patching process critical.

Expert Commentary: Mike Walters, President of Action One, warns, “The low complexity of the attack makes it accessible to a broad range of threat actors” [30:05]. He emphasizes that exploitation could lead to full system compromise, data theft, or malware installation.

Microsoft’s Recommendations:

Immediate Patch Application: Users are strongly advised to apply the patch without delay to safeguard their systems.
Temporary Workaround: For those unable to update immediately, Microsoft suggests opening RTF files in plain text format, though this is noted as an inefficient solution.
Enhanced Email Security: Security teams should review and update email filtering rules and train employees to recognize and avoid suspicious attachments.

Jim underscores the importance of addressing this vulnerability promptly, stating, “Failing to patch this flaw could leave systems vulnerable to widespread attacks” [32:15].

Conclusion

In this episode of Cybersecurity Today, Jim Love provides a comprehensive overview of current cybersecurity threats and responses. From critical protocol vulnerabilities and significant data breaches to essential software patches, the discussions underscore the importance of proactive measures in safeguarding digital infrastructure. The insights and recommendations offered serve as valuable guidance for businesses and individuals aiming to enhance their cybersecurity posture in an increasingly perilous digital landscape.

Contact Information:
For comments, questions, or tips, listeners can reach out via tips@EditorialEchnewsDay.ca or leave a comment on the podcast’s YouTube channel.

Thank You Note:
Jim Love extends his gratitude to listeners for their support, encouraging continued engagement to help grow the YouTube audience.

Loading summary

Transcript1 lines

[00:02]
Jim Love
A credit card skimmer impacts over 61,000 Avery customers. The City of Hamilton estimates a $52 million bill to rebuild IT systems after a ransomware attack and Microsoft issues a Critical Outlook patch for an actively exploited vulnerability. This is Cybersecurity Today. I'm your host Jim Love. A new study highlights serious vulnerabilities in Internet tunneling protocols, leaving more than 4.2 million system exposed to potential exploitation. The affected protocols, IPIP, GRE 4 in 6 and 6 in 4, are widely used for transferring data across networks, but researchers discovered a critical flaw. Many systems accept tunneling packets without verifying the sender's identity. This oversight allows attackers to hijack these systems for anonymous attacks, denial of service campaigns and unauthorized access to private networks. The study was conducted by CyberSecurity experts at KU, Levin and Top10VPN. An Internet wide scan identified vulnerable systems in countries including China, France, Japan, the US And Brazil. Devices include VPN servers, routers provided by Internet service providers and mobile network gateways. To address these risks, network administrators are urged to implement authentication and encryption for tunneling protocols, update network devices and conduct routine security audits. With millions of hosts at risk, these measures are critical to preventing attackers from exploiting these weaknesses. A data breach at label maker Avery has compromised the payment details of 61,000 customers, exposing them to potential fraud. A credit card skimmer was embedded on the company's website for nearly five months, from July 18 to December 9, 2024. The skimmer harvested sensitive information, including names, addresses, emails, phone numbers and full payment card details, including CVV codes. Avery discovered the malware on December 9 and launched an investigation. Since the breach, customers have reported fraudulent charges and phishing attempts. In a statement, Avery expressed regret and committed to improving its cybersecurity measures to prevent future incidents. Credit card skimmers are hard to detect because they exploit vulnerabilities in website content management systems. Malicious JavaScript is seamlessly integrated with legitimate scripts, making attacks difficult to spot. Experts recommend keeping antivirus tools updated and enabling browser protection to block skimmers. Customers are also advised to monitor their bank accounts for unusual activity and report fraudulent transactions immediately. The City of Hamilton in Ontario, Canada, is committing $52 million over the next three years to rebuild its secure IT infrastructure after a ransomware attack in February of 2024. The attack disrupted municipal services including transit payroll, tax systems and building permit applications, and al most systems have been restored. City officials acknowledge the need for long term improvements to prevent future incidents. Of the 52 million, 30 million will be spent in 2025 the funds will support 21 priority projects, including upgrading asset management systems, fire dispatch software and financial platforms. The plan also includes hiring 48 full time staff such as project managers, AI specialists and cybersecurity analysts to oversee IT improvements. However, some details remain confidential, raising concerns about transparency. Councillor Brad Clark criticized the secrecy, saying, if we're spending this kind of money, residents deserve to know where it's going. Officials argue that withholding specifics is necessary to avoid exposing vulnerabilities. A planned cybersecurity audit will assess the city's response and recommend further defenses to ensure resilience against future attacks. And Microsoft has issued a critical update for outlook to patch CVE2025 21298, a vulnerability rated 9.8 out of 10 on the common Vulnerabilities and Exposures or CVE scale. The flaw lies in a Windows object linking and embedding or Olay mechanism that allows attackers to execute remote code using malicious rich text format or RTF documents. The vulnerability can be exploited through email phishing campaigns, and even the Outlook Preview pane can serve as an attack vector. The vulnerability has been actively exploited, posing a serious threat to organizations. Mike Walters, president of Action One, warned that the low complexity of the attack makes it accessible to a broad range of threat actors. Exploitation could result in full system compromise, data theft, or malware installation. Microsoft recommends users apply the patch immediately. For those unable to update right away, a temporary but inefficient workaround is to open RTF files in plain text format. Security teams should also review email filtering rules and train employees to recognize suspicious attachments. Failing to patch this flaw could leave systems vulnerable to widespread attacks. And that's our show for today. You can reach me with comments, questions or tips@EditorialEchnewsDay CA or if you're watching this on YouTube, please leave us a comment. To those who have already left comments and to some of you who put some likes and thank yous and even subscribed, thank you. It's helping us build this YouTube audience. I'm your host Jim Love. Thanks for listening.