Afternoon Dessert - 2022-08-09

Welcome to another Afternoon Dessert breakout:

The Truth About False Positives in Security
TL;DR: As weird as it might sound, seeing a few false positives reported by a security scanner is probably a good sign and certainly better than seeing none. Let's explain why. Introduction False positives have made a somewhat unexpected appearance in our lives in recent years. I am, of course, referring to the COVID-19 pandemic, which required massive testing campaigns in order to control the
Read more....

U.S. Sanctions Virtual Currency Mixer Tornado Cash for Alleged Use in Laundering
The U.S. Treasury Department on Monday placed sanctions against crypto mixing service Tornado Cash, citing its use by the North Korea-backed Lazarus Group in the high-profile hacks of Ethereum bridges to launder and cash out the ill-gotten money. Tornado Cash, which allows users to move cryptocurrency assets between accounts by obfuscating their origin and destination, is estimated to have been
Read more....

Hackers install Dracarys Android malware using modified Signal app
Researchers have discovered more details on the newly discovered Android spyware 'Dracarys,' used by the Bitter APT group in cyberespionage operations targeting users from New Zealand, India, Pakistan, and the United Kingdom. [...]
Read more....

U.S. Sanctions Virtual Currency Mixer Tornado Cash for Alleged Use in Laundering
The U.S. Treasury Department on Monday placed sanctions against crypto mixing service Tornado Cash, citing its use by the North Korea-backed Lazarus Group in the high-profile hacks of Ethereum bridges to launder and cash out the ill-gotten money. Tornado Cash, which allows users to move cryptocurrency assets between accounts by obfuscating their origin and destination, is estimated to have been
Read more....

10 Credential Stealing Python Libraries Found on PyPI Repository
In what's yet another instance of malicious packages creeping into public code repositories, 10 modules have been removed from the Python Package Index (PyPI) for their ability to harvest critical data points such as passwords and Api tokens. The packages "install info-stealers that enable attackers to steal developer's private data and personal credentials," Israeli cybersecurity firm Check
Read more....

Chinese Hackers Targeted Dozens of Industrial Enterprises and Public Institutions
Over a dozen military-industrial complex enterprises and public institutions in Afghanistan and Europe have come under a wave of targeted attacks since January 2022 to steal confidential data by simultaneously making use of six different backdoors. Russian cybersecurity firm Kaspersky attributed the attacks "with a high degree of confidence" to a China-linked threat actor tracked by Proofpoint 
Read more....

Maui ransomware operation linked to North Korean 'Andariel' hackers
The Maui ransomware operation has been linked to the North Korean state-sponsored hacking group 'Andariel,' known for using malicious cyber activities to generate revenue and causing discord in South Korea. [...]
Read more....

Slack admits to leaking hashed passwords for five years
"When those invitations went out... somehow, your password hash went out with them."
Read more....

Twilio Suffers Data Breach After Employees Fall Victim to SMS Phishing Attack
Customer engagement platform Twilio on Monday disclosed that a "sophisticated" threat actor gained "unauthorized access" using an SMS-based phishing campaign aimed at its staff to gain information on a "limited number" of accounts. The social-engineering attack was bent on stealing employee credentials, the company said, calling the as-yet-unidentified adversary "well-organized" and "methodical
Read more....

VMware warns of public exploit for critical auth bypass vulnerability
Proof-of-concept exploit code is now publicly available online for a critical authentication bypass security flaw in multiple VMware products that enables attackers to gain admin privileges. [...]
Read more....

Windows 10 KB5016616 and KB5016623 updates released
Microsoft has released the Windows 10 KB5016616 and KB5016623 cumulative updates for versions 21H2, version 21H1, version 20H2, and 1809 to fix security vulnerabilities and resolve bugs and performance issues. [...]
Read more....

Microsoft August 2022 Patch Tuesday fixes exploited zero-day, 121 flaws
Today is Microsoft's August 2022 Patch Tuesday, and with it comes fixes for the actively exploited 'DogWalk' zero-day vulnerability and a total of 121 flaws. [...]
Read more....

Cloudflare employees also hit by hackers behind Twilio breach
Cloudflare says some of its employees' credentials were also stolen in an SMS phishing attack very similar to the one that led to Twilio's network being breached last week. [...]
Read more....

10 malicious PyPI packages found stealing developer's credentials
Threat analysts have discovered ten malicious Python packages on the PyPI repository, used to infect developer's systems with password-stealing malware. [...]
Read more....

Windows 11 KB5016629 update fixes Start Menu, File Explorer issues
Microsoft has released the Windows 11 KB5016629 cumulative update with security updates, improvements, including fixes for File Explorer and the Start Menu and a new Focus Assist feature. [...]
Read more....

Microsoft patches Windows DogWalk zero-day exploited in attacks
Microsoft has released security updates to address a high severity Windows zero-day vulnerability with publicly available exploit code and abused in attacks. [...]
Read more....