Afternoon Dessert - 2022-08-24

Welcome to another Afternoon Dessert breakout:

Highlighting What should be Patched First at the Endpoint
FortiGuard Labs has released its Global Threat Landscape Report for the first half of 2022. This valuable report offers insights on the world's cyberthreats for the first six months of the year by examining the compiled data gathered from Fortinet's global array of sensors. [...]
Read more....

Guide: How Service Providers can Deliver vCISO Services at Scale
From ransomware to breaches, from noncompliance penalties to reputational damage – cyberthreats pose an existential risk to any business. But for SMEs and SMBs, the danger is compounded. These companies realize they need an in-house Chief Information Security Officer (CISO) – someone who can assess risks and vulnerabilities, create and execute a comprehensive cybersecurity plan, ensure
Read more....

Hackers use AiTM attack to monitor Microsoft 365 accounts for BEC scams
A new business email compromise (BEC) campaign has been discovered combining sophisticated spear-phishing with Adversary-in-The-Middle (AiTM) tactics to hack corporate executives' Microsoft 365 accounts, even those protected by MFA. [...]
Read more....

Air-Gapped Devices Can Send Covert Morse Signals via Network Card LEDs
A security researcher who has a long line of work demonstrating novel data exfiltration methods from air-gapped systems has come up with yet another technique that involves sending Morse code signals via LEDs on network interface cards (NICs). The approach, codenamed ETHERLED, comes from Dr. Mordechai Guri, the head of R&D in the Cyber Security Research Center in the Ben Gurion University of the
Read more....

RansomEXX claims ransomware attack on Sea-Doo, Ski-Doo maker
The RansomEXX ransomware gang is claiming responsibility for the cyberattack against Bombardier Recreational Products (BRP), disclosed by the company on August 8, 2022. [...]
Read more....

Bitcoin ATMs leeched by attackers who created fake admin accounts
The criminals didn't implant any malware. The attack was orchestrated via malevolent configuration changes.
Read more....

Breaching airgap security: using your phone’s compass as a microphone!
One bit per second makes the Voyager probe data rate seem blindingly fast. But it's enough to break your security assumptions...
Read more....