Afternoon Dessert - 2022-10-03

Welcome to another Afternoon Dessert breakout:

Microsoft Exchange server zero-day mitigations can be bypassed
Microsoft has shared mitigations for two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, but researchers warn that the mitigation for on-premise servers is far from enough. [...]
Read more....

Web browser app mode can be abused to make desktop phishing pages
The app mode in Chromium-based browsers like Google Chrome and Microsoft Edge can be abused to create realistic-looking login screens that appear as desktop apps. [...]
Read more....

Live support service hacked to spread malware in supply chain attack
The official installer for the Comm100 Live Chat application, a widely deployed SaaS (software-as-a-service) that businesses use for customer communication and website visitors, was trojanized as part of a new supply-chain attack. [...]
Read more....