Morning Bowl - 2022-07-08

Welcome to another Morning Bowl breakout:

S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript]
Listen now! Or read if you prefer...
Read more....

Apache “Commons Configuration” patches Log4Shell-style bug – what you need to know
It's a bit like Log4J, but for configuration files, not for logging.
Read more....

Over 1,200 NPM Packages Found Involved in "CuteBoi" Cryptomining Campaign
Researchers have disclosed what they say could be an attempt to kick-off a new large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. The malicious activity, attributed to a software supply chain threat actor dubbed CuteBoi, involves an array of 1,283 rogue modules that were published in an automated fashion from over 1,000 different user accounts. "This was
Read more....

TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine
In what's being described as an "unprecedented twist," the operators of the TrickBot malware have resorted to systematically targeting Ukraine since the onset of the war in late February 2022. The group is believed to have orchestrated at least six phishing campaigns aimed at targets that align with Russian state interests, with the emails acting as lures for delivering malicious software such
Read more....

TrickBot Gang Shifted its Focus on "Systematically" Targeting Ukraine
In what's being described as an "unprecedented" twist, the operators of the TrickBot malware have resorted to systematically targeting Ukraine since the onset of the war in late February 2022. The group is believed to have orchestrated at least six phishing campaigns aimed at targets that align with Russian state interests, with the emails acting as lures for delivering malicious software such
Read more....