Lunch Time Nibbles - 2022-07-27

Welcome to another Lunch Time breakout:

Malicious IIS Extensions Gaining Popularity Among Cyber Criminals for Persistent Access
Threat actors are increasingly abusing Internet Information Services (IIS) extensions to backdoor servers as a means of establishing a "durable persistence mechanism." That's according to a new warning from the Microsoft 365 Defender Research Team, which said that "IIS backdoors are also harder to detect since they mostly reside in the same directories as legitimate modules used by target
Read more....

Hackers Increasingly Using WebAssembly Coded Cryptominers to Evade Detection
As many as 207 websites have been infected with malicious code designed to launch a cryptocurrency miner by leveraging WebAssembly (Wasm) on the browser. Web security company Sucuri, which published details of the campaign, said it launched an investigation after one of its clients had their computer slowed down significantly every time upon navigating to their own WordPress portal. This
Read more....

Taking the Risk-Based Approach to Vulnerability Patching
Software vulnerabilities are a major threat to organizations today. The cost of these threats is significant, both financially and in terms of reputation.Vulnerability management and patching can easily get out of hand when the number of vulnerabilities in your organization is in the hundreds of thousands of vulnerabilities and tracked in inefficient ways, such as using Excel spreadsheets or
Read more....

New Ducktail Infostealer Malware Targeting Facebook Business and Ad Accounts
Facebook business and advertising accounts are at the receiving end of an ongoing campaign dubbed Ducktail designed to seize control as part of a financially driven cybercriminal operation.  "The threat actor targets individuals and employees that may have access to a Facebook Business account with an information-stealer malware," Finnish cybersecurity company WithSecure (formerly F-Secure
Read more....

Fedora ditches CC0 'No Rights Reserved' software over patent concerns
The Fedora Project has announced that it will no longer permit Creative Commons 'No Rights Reserved' aka CC0-licensed code in its Linux distro or the Fedora Registry. [...]
Read more....