Afternoon Dessert - 2022-08-04

Welcome to another Afternoon Dessert breakout:

New Woody RAT Malware Being Used to Target Russian Organizations
An unknown threat actor has been targeting Russian entities with a newly discovered remote access trojan called Woody RAT for at least a year as part of a spear-phishing campaign. The advanced custom backdoor is said to be delivered via either of two methods: archive files and Microsoft Office documents leveraging the now-patched "Follina" support diagnostic tool vulnerability (CVE-2022-30190)
Read more....

Critical RCE Bug Could Let Hackers Remotely Take Over DrayTek Vigor Routers
As many as 29 different router models from DrayTek have been identified as affected by a new critical, unauthenticated, remote code execution vulnerability that, if successfully exploited, could lead to full compromise of the device and unauthorized access to the broader network. "The attack can be performed without user interaction if the management interface of the device has been configured
Read more....

German Chambers of Industry and Commerce hit by 'massive' cyberattack
The Association of German Chambers of Industry and Commerce (DIHK) was forced to shut down all of its IT systems and switch off digital services, telephones, and email servers, in response to a cyberattack. [...]
Read more....

Cybersecurity agencies reveal last year’s top malware strains
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a list of the topmost detected malware strains last year in a joint advisory with the Australian Cyber Security Centre (ACSC). [...]
Read more....

Who Has Control: The SaaS App Admin Paradox
Imagine this: a company-wide lockout to the company CRM, like Salesforce, because the organization's external admin attempts to disable MFA for themselves. They don't think to consult with the security team and don't consider the security implications, only the ease which they need for their team to use their login.  This CRM, however, defines MFA as a top-tier security setting; for example,
Read more....

New Linux malware brute-forces SSH servers to breach networks
A new botnet called 'RapperBot' has emerged in the wild since mid-June 2022, focusing on brute-forcing its way into Linux SSH servers and then establishing persistence. [...]
Read more....

S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!) [Audio + Text]
Lastest episode - listen now! (Or read if that's what you prefer.)
Read more....

Thousands of hackers flock to 'Dark Utilities' C2-as-a-Service
Security researchers found a new service called Dark Utilities that provides an easy and inexpensive way for cybercriminals to set up a command and control (C2) center for their malicious operations. [...]
Read more....