Afternoon Dessert - 2022-07-29

Welcome to another Afternoon Dessert breakout:

How to Combat the Biggest Security Risks Posed by Machine Identities
The rise of DevOps culture in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However, containerization and the rise of cloud software development are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber human ones in enterprises these days. Indeed, the rise of machine identities is creating cybersecurity
Read more....

Researchers Warns of Increase in Phishing Attacks Using Decentralized IPFS Network
The decentralized file system solution known as IPFS is becoming the new "hotbed" for hosting phishing sites, researchers have warned. Cybersecurity firm Trustwave SpiderLabs, which disclosed specifics of the attack campaigns, said it identified no less than 3,000 emails containing IPFS phishing URLs as an attack vector in the last three months. IPFS, short for InterPlanetary File System, is a
Read more....

Windows 11’s new kiosk mode lets admins limit available apps
Microsoft is testing a new multi-app kiosk mode lockdown feature for IT admins in the latest Windows 11 Insider Preview build released to the Dev Channel. [...]
Read more....

LockBit operator abuses Windows Defender to load Cobalt Strike
Security analysts have observed an affiliate of the LockBit 3.0 ransomware operation abusing a Windows Defender command line tool to decrypt and load Cobalt Strike beacons on the target systems. [...]
Read more....

Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware
A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with banking malware. These 17 dropper apps, collectively dubbed DawDropper by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code readers, VPN services, and call recorders, among others. All these apps in question have been
Read more....

US govt warns Americans of escalating SMS phishing attacks
The Federal Communications Commission (FCC) warned Americans of an increasing wave of SMS (Short Message Service) phishing attacks attempting to steal their personal information and money. [...]
Read more....

S3 Ep93: Office security, breach costs, and leisurely patches [Audio + Text]
Latest episode - listen now!
Read more....

How to celebrate SysAdmin Day!
I've just popped in to wish you all/The best SysAdmin Day!
Read more....

CISA warns of critical Confluence bug exploited in attacks
CISA has added a critical Confluence vulnerability tracked as CVE-2022-26138 to its list of bugs abused in the wild, a flaw that can provide remote attackers with hardcoded credentials following successful exploitation. [...]
Read more....