Afternoon Dessert - 2022-09-27

Welcome to another Afternoon Dessert breakout:

Experts Uncover 85 Apps with 13 Million Downloads Involved in Ad Fraud Scheme
As many as 75 apps on Google Play and 10 on Apple App Store have been discovered engaging in ad fraud as part of an ongoing campaign that commenced in 2019. The latest iteration, dubbed Scylla by Online fraud-prevention firm HUMAN Security, follows similar attack waves in August 2019 and late 2020 that go by the codename Poseidon and Charybdis, respectively. Prior to their removal from the app
Read more....

Microsoft announces passwordless auth, SSO for Azure Virtual Desktop
Microsoft has announced this week that Azure Virtual Desktop support for passwordless authentication has now entered public preview. [...]
Read more....

New NullMixer Malware Campaign Stealing Users' Payment Data and Credentials
Cybercriminals are continuing to prey on users searching for cracked software by directing them to fraudulent websites hosting weaponized installers that deploy malware called NullMixer on compromised systems. "When a user extracts and executes NullMixer, it drops a number of malware files to the compromised machine," cybersecurity firm Kaspersky said in a Monday report. "It drops a wide variety
Read more....

Ukraine Says Russia Planning Massive Cyberattacks on its Critical Infrastructures
The Ukrainian government on Monday warned of "massive cyberattacks" by Russia targeting critical infrastructure facilities located in the country and that of its allies. The attacks are said to be targeting the energy sector, the Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GUR) said. "By the cyberattacks, the enemy will try to increase the effect of missile strikes on
Read more....

Pass-the-Hash Attacks and How to Prevent them in Windows Domains
Hackers often start out with nothing more than a low-level user account and then work to gain additional privileges that will allow them to take over the network. One of the methods that is commonly used to acquire these privileges is a pass-the-hash attack. Here are five steps to prevent a pass-the-hash attack in a Windows domain. [...]
Read more....

Optus hacker apologizes and allegedly deletes all stolen data
The hacker who claimed to have breached Optus and stolen the data of 11 million customers has withdrawn their extortion demands after facing increased attention by law enforcement. The threat actor also apologized to 10,200 people whose personal data was already leaked on a hacking forum. [...]
Read more....

Meta dismantles massive Russian network spoofing Western news sites
Meta says it took down a large network of Facebook and Instagram accounts pushing disinformation published on more than 60 websites that spoofed multiple legitimate news sites across Europe. [...]
Read more....

WhatsApp “zero-day exploit” news scare – what you need to know
Is WhatsApp currently under active attack by cyercriminals? Is this a clear and current danger? How worried should WhatsApp users be?
Read more....