Afternoon Dessert - 2022-10-11

Welcome to another Afternoon Dessert breakout:

Critical VM2 flaw lets attackers run code outside the sandbox
Researchers are warning of a critical remote code execution flaw in 'vm2', a JavaScript sandbox library downloaded over 16 million times per month via the NPM package repository. [...]
Read more....

Russia labels Meta an 'extremist' org, sends legal threats to users
Rosfinmonitoring, Russia's Federal Financial Monitoring Service, has added Meta, the owner of Facebook, Instagram, and WhatsApp, to its list of terrorists and extremists. [...]
Read more....

Move over Patch Tuesday – it’s Ada Lovelace Day!
Hacking on actual computers is one thing, but hacking purposefully on imaginary computers is, these days, something we can only imagine.
Read more....

Microsoft Exchange servers hacked to deploy LockBit ransomware
Lockbit ransomware affiliates are encrypting victims via Microsoft Exchange servers hacked using exploits targeting unpatched vulnerabilities. [...]
Read more....

BazarCall Callback Phishing Attacks Constantly Evolving Its Social Engineering Tactics
The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. The scheme eventually acts as an entry point to conduct financial fraud or the delivery of next-stage payloads such as ransomware, cybersecurity company Trellix said in a report published last week. Primary targets of the latest
Read more....

Microsoft October 2022 Patch Tuesday fixes zero-day used in attacks, 84 flaws
Today is Microsoft's October 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a total of 84 flaws. [...]
Read more....

Windows 10 KB5018410 and KB5018419 updates released
Microsoft has released the Windows 10 KB5018410 and KB5018419 cumulative updates for versions 21H2, version 21H1, version 20H2, and 1809 to fix security vulnerabilities and resolve twenty bugs and performance issues. [...]
Read more....

Windows 11 KB5018427 update released with 30 bug fixes, improvements
Microsoft has released the Windows 11 22H2 KB5018427 cumulative update with security updates and improvements, including USB printing and Bluetooth headsets fixes. [...]
Read more....

VMware vCenter Server bug disclosed last year still not patched
VMware informed customers today that vCenter Server 8.0 (the latest version) is still waiting for a patch to address a high-severity privilege escalation vulnerability disclosed in November 2021. [...]
Read more....