Afternoon Dessert - 2022-09-13

Welcome to another Afternoon Dessert breakout:

Cyberspies drop new infostealer malware on govt networks in Asia
Security researchers have identified new cyber-espionage activity focusing on government entities in Asia, as well as state-owned aerospace and defense firms, telecom companies, and IT organizations. [...]
Read more....

New PsExec spinoff lets hackers bypass network security defenses
Security researchers have developed an implementation of the Sysinternals PsExec utility that allows moving laterally in a network using a less monitored port. [...]
Read more....

How GRC protects the value of organizations — A simple guide to data quality and integrity
Contemporary organizations understand the importance of data and its impact on improving interactions with customers, offering quality products or services, and building loyalty. Data is fundamental to business success. It allows companies to make the right decisions at the right time and deliver the high-quality, personalized products and services that customers expect. There is a challenge,
Read more....

Trend Micro warns of actively exploited Apex One RCE vulnerability
Security software firm Trend Micro warned customers today to patch an actively exploited Apex One security vulnerability as soon as possible. [...]
Read more....

Hackers breach software vendor for Magento supply-chain attacks
Hackers have injected malware in multiple extensions from FishPig, a vendor of Magento-WordPress integrations that count over 200,000 downloads. [...]
Read more....

Tax fraud ring leader jailed for selling children’s stolen identities
The owner of a fraudulent tax preparation business, Ariel Jimenez, was sentenced to 12 years in prison for selling the stolen identities of children on welfare and helping "customers" to falsely claim tax credits, causing tens of millions of dollars in tax loss. [...]
Read more....

Police arrest man for laundering tens of millions in stolen crypto
The Dutch police arrested a 39-year-old man on suspicions of laundering tens of millions of euros worth of cryptocurrency stolen in phishing attacks. [...]
Read more....

Microsoft September 2022 Patch Tuesday fixes zero-day used in attacks, 63 flaws
Today is Microsoft's September 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a total of 63 flaws. [...]
Read more....

Windows 10 KB5017308 and KB5017315 updates released
Microsoft has released the Windows 10 KB5017308  and KB5017315 cumulative updates for versions 21H2, version 21H1, version 20H2, and 1809 to fix security vulnerabilities and resolve bugs and performance issues. [...]
Read more....

Zero-day in WPGateway Wordpress plugin actively exploited in attacks
The Wordfence Threat Intelligence team warned today that WordPress sites are actively targeted with exploits targeting a zero-day vulnerability in the WPGateway premium plugin. [...]
Read more....

Windows 11 KB5017328 update fixes USB printing, audio headset issues
Microsoft has released the Windows 11 KB5017328 cumulative update with security updates and improvements, including USB printing and Bluetooth headsets fixes. [...]
Read more....