Afternoon Dessert - 2022-08-25

Welcome to another Afternoon Dessert breakout:

Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers
The threat actor behind the SolarWinds supply chain attack has been linked to yet another "highly targeted" post-exploitation malware that could be used to maintain persistent access to compromised environments. Dubbed MagicWeb by Microsoft's threat intelligence teams, the development reiterates Nobelium's commitment to developing and maintaining purpose-built capabilities. Nobelium is the tech
Read more....

U.S. Government Spending Billions on Cybersecurity
In recent months, the House of Representatives has been hard at work drafting various spending bills for the 2023 fiscal year. While these bills provide funding for a vast array of government programs and agencies, there was one thing that really stands out. Collectively, the bills that are making their way through the house allocate a staggering $15.6 billion to cybersecurity spending. As you
Read more....

Breaching airgap security: using your phone’s compass as a microphone!
One bit per second makes the Voyager probe data rate seem blindingly fast. But it's enough to break your security assumptions...
Read more....

Twilio hackers hit over 130 orgs in massive Okta phishing attack
Threat analysts have discovered the phishing kit responsible for thousands of attacks against 136 high-profile organizations that have compromised 9,931 accounts. [...]
Read more....

S3 Ep97: Did your iPhone get pwned? How would you know? [Audio + Text]
Latest episode - listen now! (Or read the transcript if you prefer the text version.)
Read more....

Microsoft: Russian malware hijacks ADFS to log in as anyone in Windows
Microsoft has discovered a new malware used by the Russian hacker group APT29 (a.k.a. NOBELIUM, Cozy Bear) that enables authentication as anyone in a compromised network. [...]
Read more....

Okta Hackers Behind Twilio and Cloudflare Breach Hit Over 130 Organizations
The threat actor behind the attacks on Twilio and Cloudflare earlier this month has been linked to a broader phishing campaign aimed at 136 organizations that resulted in a cumulative compromise of 9,931 accounts. The activity has been condemned 0ktapus by Group-IB because the initial goal of the attacks was to "obtain Okta identity credentials and two-factor authentication (2FA) codes from
Read more....