Afternoon Dessert - 2022-07-15

Welcome to another Afternoon Dessert breakout:

Attackers scan 1.6 million WordPress sites for vulnerable plugin
Security researchers have detected a massive campaign that scanned close to 1.6 million WordPress sites for the presence of a vulnerable plugin that allows uploading files without authentication. [...]
Read more....

Tor Browser now bypasses internet censorship automatically
The Tor Project team has announced the release of Tor Browser 11.5, a major release that brings new features to help users fight censorship easier. [...]
Read more....

North Korean Hackers Targeting Small and Midsize Businesses with H0lyGh0st Ransomware
An emerging threat cluster originating from North Korea has been linked to developing and using ransomware in cyberattacks targeting small businesses since September 2021. The group, which calls itself H0lyGh0st after the ransomware payload of the same name, is being tracked by the Microsoft Threat Intelligence Center under the moniker DEV-0530, a designation assigned for unknown, emerging, or a
Read more....

New Cache Side Channel Attack Can De-Anonymize Targeted Online Users
A group of academics from the New Jersey Institute of Technology (NJIT) has warned of a novel technique that could be used to defeat anonymity protections and identify a unique website visitor. "An attacker who has complete or partial control over a website can learn whether a specific target (i.e., a unique individual) is browsing the website," the researchers said. "The attacker knows this
Read more....

S3 Ep91: CodeRed, OpenSSL, Java bugs and Office macros [Podcast + Transcript]
Latest episode - listen now! Great discussion, technical content, solid advice... all covered in plain English.
Read more....

New Cache Side Channel Attack Can De-Anonymize Targeted Online Users
A group of academics from the New Jersey Institute of Technology (NJIT) has warned of a novel technique that could be used to defeat anonymity protections and identify a unique website visitor. "An attacker who has complete or partial control over a website can learn whether a specific target (i.e., a unique individual) is browsing the website," the researchers said. "The attacker knows this
Read more....

5 Key Things We Learned from CISOs of Smaller Enterprises Survey
New survey reveals lack of staff, skills, and resources driving smaller teams to outsource security. As business begins its return to normalcy (however “normal” may look), CISOs at small and medium-size enterprises (500 – 10,000 employees) were asked to share their cybersecurity challenges and priorities, and their responses were compared the results with those of a similar survey from 2021.
Read more....

Microsoft investigates July updates breaking Access applications
Microsoft is investigating user reports that MS Access runtime applications stop opening after installing this month's Patch Tuesday Office/Access security updates. [...]
Read more....

7 cybersecurity tips for your summer vacation!
Here you go - seven thoughtful cybersecurity tips to help you travel safely...
Read more....

Password recovery tool infects industrial systems with Sality malware
A threat actor is infecting industrial control systems (ICS) to create a botnet through password "cracking" software for programmable logic controllers (PLCs). [...]
Read more....