Welcome to another Afternoon Dessert breakout:
Does the OWASP Top 10 Still Matter?
What is the OWASP Top 10, and – just as important – what is it not? In this review, we look at how you can make this critical risk report work for you and your organisation. What is OWASP? OWASP is the Open Web Application Security Project, an international non-profit organization dedicated to improving web application security. It operates on the core principle that all of its materials are
Read more....
New Timing Attack Against NPM Registry API Could Expose Private Packages
A novel timing attack discovered against the npm's registry API can be exploited to potentially disclose private packages used by organizations, putting developers at risk of supply chain threats. "By creating a list of possible package names, threat actors can detect organizations' scoped private packages and then masquerade public packages, tricking employees and users into downloading them,"
Read more....
New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems
A previously undocumented command-and-control (C2) framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payload to the remote machines, capture screenshots, perform remote shellcode execution, and run
Read more....
Cloudflare mitigated record DDoS attack against Minecraft server
Wynncraft, one of the largest Minecraft servers, was recently hit by a 2.5 Tbps distributed denial-of-service (DDoS) attack. [...]
Read more....
Magniber ransomware now infects Windows users via JavaScript files
A recent malicious campaign delivering Magniber ransomware has been targeting Windows home users with fake security updates. [...]
Read more....
What the Uber Hack can teach us about navigating IT Security
The recent Uber cyberattack shows us the myriad tactics employed by threat actors to breach corporate networks. Learn more about these tactics used and how to navigate IT Security. [...]
Read more....
Patch Tuesday in brief – one 0-day fixed, but no patches for Exchange!
There's a zero-day patch, but it's not for the zero-day you thought.
Read more....
Russian DDoS attack project pays contributors for more firepower
A pro-Russian group created a crowdsourced project called 'DDOSIA' that pays volunteers launching distributed denial-of-service (DDOS) attacks against western entities. [...]
Read more....
S3 Ep104: Should hospital ransomware attackers be locked up for life? [Audio + Text]
Have your say on three deep questions posed by this week's podcast. Read or listen as suits you best...
Read more....
Exploit available for critical Fortinet auth bypass bug, patch now
Proof-of-concept exploit code is now available for a critical authentication bypass vulnerability affecting Fortinet's FortiOS, FortiProxy, and FortiSwitchManager appliances. [...]
Read more....
Does the OWASP Top 10 Still Matter?
What is the OWASP Top 10, and – just as important – what is it not? In this review, we look at how you can make this critical risk report work for you and your organisation. What is OWASP? OWASP is the Open Web Application Security Project, an international non-profit organization dedicated to improving web application security. It operates on the core principle that all of its materials are
Read more....
New Timing Attack Against NPM Registry API Could Expose Private Packages
A novel timing attack discovered against the npm's registry API can be exploited to potentially disclose private packages used by organizations, putting developers at risk of supply chain threats. "By creating a list of possible package names, threat actors can detect organizations' scoped private packages and then masquerade public packages, tricking employees and users into downloading them,"
Read more....
New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems
A previously undocumented command-and-control (C2) framework dubbed Alchimist is likely being used in the wild to target Windows, macOS, and Linux systems. "Alchimist C2 has a web interface written in Simplified Chinese and can generate a configured payload, establish remote sessions, deploy payload to the remote machines, capture screenshots, perform remote shellcode execution, and run
Read more....
Cloudflare mitigated record DDoS attack against Minecraft server
Wynncraft, one of the largest Minecraft servers, was recently hit by a 2.5 Tbps distributed denial-of-service (DDoS) attack. [...]
Read more....
Magniber ransomware now infects Windows users via JavaScript files
A recent malicious campaign delivering Magniber ransomware has been targeting Windows home users with fake security updates. [...]
Read more....
What the Uber Hack can teach us about navigating IT Security
The recent Uber cyberattack shows us the myriad tactics employed by threat actors to breach corporate networks. Learn more about these tactics used and how to navigate IT Security. [...]
Read more....
Patch Tuesday in brief – one 0-day fixed, but no patches for Exchange!
There's a zero-day patch, but it's not for the zero-day you thought.
Read more....
Russian DDoS attack project pays contributors for more firepower
A pro-Russian group created a crowdsourced project called 'DDOSIA' that pays volunteers launching distributed denial-of-service (DDOS) attacks against western entities. [...]
Read more....
S3 Ep104: Should hospital ransomware attackers be locked up for life? [Audio + Text]
Have your say on three deep questions posed by this week's podcast. Read or listen as suits you best...
Read more....
Exploit available for critical Fortinet auth bypass bug, patch now
Proof-of-concept exploit code is now available for a critical authentication bypass vulnerability affecting Fortinet's FortiOS, FortiProxy, and FortiSwitchManager appliances. [...]
Read more....