Afternoon Dessert - 2022-08-03

Welcome to another Afternoon Dessert breakout:

On-Demand Webinar: New CISO Survey Reveals Top Challenges for Small Cyber Security Teams
The only threat more persistent to organizations than cyber criminals? The cyber security skills crisis.  Nearly 60% of enterprises can’t find the staff to protect their data (and reputations!) from new and emerging breeds of cyber-attacks, reports the Information Systems Security Association (ISSA) in its 5th annual global industry study.  The result? Heavier workloads, unfilled positions, and
Read more....

VirusTotal Reveals Most Impersonated Software in Malware Attacks
Threat actors are increasingly mimicking legitimate applications like Skype, Adobe Reader, and VLC Player as a means to abuse trust relationships and increase the likelihood of a successful social engineering attack. Other most impersonated legitimate apps by icon include 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp, an analysis from VirusTotal has revealed. "One of the
Read more....

VirusTotal Reveals Most Impersonated Software in Malware Attacks
Threat actors are increasingly mimicking legitimate applications like Skype, Adobe Reader, and VLC Player as a means to abuse trust relationships and increase the likelihood of a successful social engineering attack. Other most impersonated legitimate apps by icon include 7-Zip, TeamViewer, CCleaner, Microsoft Edge, Steam, Zoom, and WhatsApp, an analysis from VirusTotal has revealed. "One of the
Read more....

Ukraine takes down 1,000,000 bots used for disinformation
The Ukrainian cyber police (SSU) has shut down a massive bot farm of 1,000,000 bots used to spread disinformation on social networks. [...]
Read more....

Minimizing the security risks of Single Sign On implementations
While the use of Single Sign On resulted in some organizations adopting stronger password policies, it also created additional security risks. Learn what these risks are and how you can make SSO more secure. [...]
Read more....

Cryptocoin “token swapper” Nomad loses $200 million in coding blunder
Transactions were only approved, it seems, if they were initiated by... errrrr, by anyone.
Read more....

Single-Core CPU Cracked Post-Quantum Encryption Candidate Algorithm in Just an Hour
A late-stage candidate encryption algorithm that was meant to withstand decryption by powerful quantum computers in the future has been trivially cracked by using a computer running Intel Xeon CPU in an hour's time. The algorithm in question is SIKE — short for Supersingular Isogeny Key Encapsulation — which made it to the fourth round of the Post-Quantum Cryptography (PQC) standardization
Read more....

Single-Core CPU Cracked Post-Quantum Encryption Candidate Algorithm in Just an Hour
A late-stage candidate encryption algorithm that was meant to withstand decryption by powerful quantum computers in the future has been trivially cracked by using a computer running Intel Xeon CPU in an hour's time. The algorithm in question is SIKE — short for Supersingular Isogeny Key Encapsulation — which made it to the fourth round of the Post-Quantum Cryptography (PQC) standardization
Read more....

Cisco fixes critical remote code execution bug in VPN routers
Cisco has fixed critical security vulnerabilities affecting Small Business VPN routers and enabling unauthenticated, remote attackers to execute arbitrary code or commands and trigger denial of service (DoS) conditions on vulnerable devices. [...]
Read more....

Microsoft rolling out fix for Windows 10 language bar issues
Microsoft has addressed a known issue triggered by recent Windows 10 updates that caused the Input Indicator and Language Bar not to appear in the notification area. [...]
Read more....

Post-quantum cryptography – new algorithm “gone in 60 minutes”
And THIS is why you don't knit your own home-made encryption algorithms and hope no one looks at them.
Read more....

Microsoft accounts targeted with new MFA-bypassing phishing kit
A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication. [...]
Read more....