Afternoon Dessert - 2022-09-01

Welcome to another Afternoon Dessert breakout:

Researchers Detail Emerging Cross-Platform BianLian Ransomware Attacks
The operators of the emerging cross-platform BianLian ransomware have increased their command-and-control (C2) infrastructure this month, a development that alludes to an increase in the group's operational tempo. BianLian, written in the Go programming language, was first discovered in mid-July 2022 and has claimed 15 victim organizations as of September 1, cybersecurity firm [redacted] said in
Read more....

Stop Worrying About Passwords Forever
So far 2022 confirms that passwords are not dead yet. Neither will they be anytime soon. Even though Microsoft and Apple are championing passwordless authentication methods, most applications and websites will not remove this option for a very long time. Think about it, internal apps that you do not want to integrate with third-party identity providers, government services, legacy applications,
Read more....

NSA and CISA share tips to secure the software supply chain
The U.S. National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released guidance today with tips on how to secure the software supply chain. [...]
Read more....

Thousands lured with blue badges in Instagram phishing attack
A new Instagram phishing campaign is underway, attempting to scam users of the popular social media platform by luring them with a blue-badge offer. [...]
Read more....

S3 Ep98: The LastPass saga – should we stop using password managers? [Audio + Text]
Latest episode - listen now!
Read more....

Montenegro hit by ransomware attack, hackers demand $10 million
The government of Montenegro has admitted that its previous allegations about Russian threat actors attacking critical infrastructure in the country were false and now blames ransomware for the damage to its IT infrastructure that has caused extensive service disruptions. [...]
Read more....

Microsoft will disable Exchange Online basic auth next month
Microsoft warned customers today that it will finally disable basic authentication in random tenants worldwide to improve Exchange Online security starting October 1, 2022. [...]
Read more....

New ransomware hits Windows, Linux servers of Chile govt agency
Chile's national computer security and incident response team (CSIRT) has announced that a ransomware attack has impacted operations and online services of a government agency in the country. [...]
Read more....