Afternoon Dessert - 2022-10-05

Welcome to another Afternoon Dessert breakout:

Microsoft updates mitigation for ProxyNotShell Exchange zero days
Microsoft has updated the mitigation for the latest Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, also referred to ProxyNotShell. [...]
Read more....

Telstra Telecom Suffers Data Breach Potentially Exposing Employee Information
Australia's largest telecommunications company Telstra disclosed that it was the victim of a data breach through a third-party, nearly two weeks after Optus reported a breach of its own. "There has been no breach of Telstra's systems," Narelle Devine, the company's chief information security officer for the Asia Pacific region, said. "And no customer account data was involved." It
Read more....

Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices
A novel Android malware called RatMilad has been observed targeting a Middle Eastern enterprise mobile device by concealing itself as a VPN and phone number spoofing app. The mobile trojan functions as advanced spyware with capabilities that receives and executes commands to collect and exfiltrate a wide variety of data from the infected mobile endpoint, Zimperium said in a report shared with
Read more....

Microsoft: Windows 11 22H2 now available for all eligible devices
Microsoft says the Windows 11 2022 Update has a new deployment phase as it is now available to all seekers on eligible devices. [...]
Read more....

CommonSpirit US nonprofit health system discloses security incident
CommonSpirit Health, one of the largest nonprofit health systems in the United States, says it took down some of its IT systems because of a security incident that has impacted multiple facilities. [...]
Read more....

Hundreds of Microsoft SQL servers backdoored with new malware
Security researchers have found a new piece of malware targeting Microsoft SQL servers. Named Maggie, the backdoor has already infected hundreds of machines all over the world. [...]
Read more....

Romance scammer and BEC fraudster sent to prison for 25 years
Two years of scamming + $10 million leeched = 25 years in prison. Just in time for #Cybermonth.
Read more....

Scammers and rogue callers – can anything ever stop them?
Some thoughts for Cybersecurity Awareness Month: Is is worth reporting nuisance calls? Is it even worth reporting outright scams?
Read more....

City of Tucson discloses data breach affecting over 125,000 people
The City of Tucson, Arizona, has disclosed a data breach affecting the personal information of more than 125,000 individuals. [...]
Read more....

Avast releases free decryptor for Hades ransomware variants
Avast has released a decryptor for variants of the Hades ransomware known as 'MafiaWare666', 'Jcrypt', 'RIP Lmao', and 'BrutusptCrypt,' allowing victims to recover their files for free. [...]
Read more....

Chase UK's app-only bank hit with 24-hour ongoing outage
Chase UK's ongoing outage has been impacting British customers with a mobile-based current account for well over 24 hours. [...]
Read more....