Afternoon Dessert - 2022-08-23

Welcome to another Afternoon Dessert breakout:

The Rise of Data Exfiltration and Why It Is a Greater Risk Than Ransomware
Ransomware is the de facto threat organizations have faced over the past few years. Threat actors were making easy money by exploiting the high valuation of cryptocurrencies and their victims' lack of adequate preparation.  Think about bad security policies, untested backups, patch management practices not up-to-par, and so forth. It resulted in easy growth for ransomware extortion, a crime that
Read more....

New 'Donut Leaks' extortion gang linked to recent ransomware attacks
A new data extortion group named 'Donut Leaks' is linked to recent cyberattacks, including those on Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando. [...]
Read more....

Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts
The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts. Dubbed HYPERSCRAPE by Google Threat Analysis Group (TAG), the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the oldest known
Read more....

XCSSET Malware Updates with Python 3 to Target macOS Monterey Users
The operators of the XCSSET macOS malware have upped the stakes by making iterative improvements that add support for macOS Monterey by upgrading its source code components to Python 3. "The malware authors have changed from hiding the primary executable in a fake Xcode.app in the initial versions in 2020 to a fake Mail.app in 2021 and now to a fake Notes.app in 2022," SentinelOne researchers
Read more....

Laptop denial-of-service via music: the 1980s R&B song with a CVE!
We haven't validated this vuln ourselves... but the source of the story is impeccable. (Impeccably dressed, at least.)
Read more....

Bitcoin ATMs leeched by attackers who created fake admin accounts
The criminals didn't implant any malware. The attack was orchestrated via malevolent configuration changes.
Read more....

French hospital hit by $10M ransomware attack, sends patients elsewhere
The Center Hospitalier Sud Francilien (CHSF), a 1000-bed hospital located 28km from the center of Paris, suffered a cyberattack on Sunday, which has resulted in the medical center referring patients to other establishments and postponing appointments for surgeries. [...]
Read more....