Welcome to another Afternoon Dessert breakout:
Cyber Attacks Against Middle East Governments Hide Malware in Windows logo
An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments. Broadcom's Symantec Threat Hunter Team attributed the updated tooling to a hacking group it tracks under the name Witchetty, which is also known as LookingFrog, a subgroup operating under the TA410
Read more....
URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different”
Double-play 0-day in Exchange - what you need to know, and what you can do
Read more....
S3 Ep102: How to avoid a data breach [Audio + Transcript]
Latest episode - listen now! Tell fact from fiction in hyped-up cybersecurity news...
Read more....
Germany arrests hacker for stealing €4 million via phishing attacks
Germany's Bundeskriminalamt (BKA), the country's federal criminal police, carried out raids on the homes of three individuals yesterday suspected of orchestrating large-scale phishing campaigns that defrauded internet users of €4,000,000. [...]
Read more....
New Malware Families Found Targeting VMware ESXi Hypervisors
Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection. Google's Mandiant threat intelligence division referred to it as a "novel malware ecosystem" that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access
Read more....
Optus breach victims will get "supercharged" fraud protection
The Australian Federal Police (AFP) announced today the launch of Operation Guardian which will ensure that more than 10,000 customers who had their personal info leaked in the Optus data breach will get priority protection against fraud attempts. [...]
Read more....
Fake US govt job offers push Cobalt Strike in phishing attacks
A new phishing campaign targets US and New Zealand job seekers with malicious documents installing Cobalt Strike beacons for remote access to victims' devices. [...]
Read more....
CISA: Hackers exploit critical Bitbucket Server flaw in attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added three more security flaws to its list of bugs exploited in attacks, including a Bitbucket Server RCE and two Microsoft Exchange zero-days. [...]
Read more....
Cyber Attacks Against Middle East Governments Hide Malware in Windows logo
An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments. Broadcom's Symantec Threat Hunter Team attributed the updated tooling to a hacking group it tracks under the name Witchetty, which is also known as LookingFrog, a subgroup operating under the TA410
Read more....
URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different”
Double-play 0-day in Exchange - what you need to know, and what you can do
Read more....
S3 Ep102: How to avoid a data breach [Audio + Transcript]
Latest episode - listen now! Tell fact from fiction in hyped-up cybersecurity news...
Read more....
Germany arrests hacker for stealing €4 million via phishing attacks
Germany's Bundeskriminalamt (BKA), the country's federal criminal police, carried out raids on the homes of three individuals yesterday suspected of orchestrating large-scale phishing campaigns that defrauded internet users of €4,000,000. [...]
Read more....
New Malware Families Found Targeting VMware ESXi Hypervisors
Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection. Google's Mandiant threat intelligence division referred to it as a "novel malware ecosystem" that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access
Read more....
Optus breach victims will get "supercharged" fraud protection
The Australian Federal Police (AFP) announced today the launch of Operation Guardian which will ensure that more than 10,000 customers who had their personal info leaked in the Optus data breach will get priority protection against fraud attempts. [...]
Read more....
Fake US govt job offers push Cobalt Strike in phishing attacks
A new phishing campaign targets US and New Zealand job seekers with malicious documents installing Cobalt Strike beacons for remote access to victims' devices. [...]
Read more....
CISA: Hackers exploit critical Bitbucket Server flaw in attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added three more security flaws to its list of bugs exploited in attacks, including a Bitbucket Server RCE and two Microsoft Exchange zero-days. [...]
Read more....