Afternoon Dessert - 2022-06-29

Welcome to another Lunch Time breakout:

New YTStealer Malware Aims to Hijack Accounts of YouTube Content Creators
Cybersecurity researchers have documented a new information-stealing malware that targets YouTube content creators by plundering their authentication cookies. Dubbed "YTStealer" by Intezer, the malicious tool is likely believed to be sold as a service on the dark web, with it distributed using fake installers that also drop RedLine Stealer and Vidar. "What sets YTStealer aside from other
Read more....

New 'FabricScape' Bug in Microsoft Azure Service Fabric Impacts Linux Workloads
Cybersecurity researchers from Palo Alto Networks Unit 42 disclosed details of a new security flaw affecting Microsoft's Service Fabric that could be exploited to obtain elevated permissions and seize control of all nodes in a cluster. The issue, which has been dubbed FabricScape (CVE-2022-30137), could be exploited on containers that are configured to have runtime access. It has been remediated
Read more....

Ukraine arrests cybercrime gang operating over 400 phishing sites
The Ukrainian cyberpolice force arrested nine members of a criminal group that operated over 400 phishing websites crafted to appear like legitimate EU portals offering financial assistance to Ukrainians. [...]
Read more....

Thunderbird 102 released with highly anticipated features, bug fixes
Mozilla has announced the release of Thunderbird 102, one of the world's most popular open-source email clients with an estimated userbase of over 25 million. [...]
Read more....

Firefox 102 fixes address bar spoofing security hole (and helps with Follina!)
Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft's "Follina" saga.
Read more....

New YTStealer malware steals accounts from YouTube Creators
A new information-stealing malware named YTStealer is targeting YouTube content creators and attempting to steal their authentication tokens and hijack their channels. [...]
Read more....

CISA warns of hackers exploiting PwnKit Linux vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Linux vulnerability known as PwnKit to its list of bugs exploited in the wild. [...]
Read more....

Avaya sysadmin indicted for illegally generating, selling VoIP licenses
Three defendants who allegedly sold over $88 million worth of software licenses belonging to Avaya Holdings Corporation have been charged in Oklahoma, U.S., facing 14 counts of wire fraud and money laundering. [...]
Read more....