Welcome to another Afternoon Dessert breakout:
Australian police secret agents exposed in Colombian data leak
Identities of secret agents working for the Australian Federal Police (AFP) have been exposed after hackers leaked documents stolen from the Colombian government. [...]
Read more....
New PHP Version of Ducktail Malware Hijacking Facebook Business Accounts
A PHP version of an information-stealing malware called Ducktail has been discovered in the wild being distributed in the form of cracked installers for legitimate apps and games, according to the latest findings from Zscaler. "Like older versions (.NetCore), the latest version (PHP) also aims to exfiltrate sensitive information related to saved browser credentials, Facebook account information,
Read more....
How To Build a Career as a Freelance Cybersecurity Analyst — From Scratch
With each passing year, the cybersecurity threat landscape continues to worsen. That reality makes cybersecurity analysts some of the most sought-after technology professionals in the world. And there are nowhere near enough of them to meet the demand. At last count, there were over 3.5 million unfilled cybersecurity jobs worldwide — and that number is still growing. The situation means that
Read more....
New Chinese Cyberespionage Group Targeting IT Service Providers and Telcos
Telecommunications and IT service providers in the Middle East and Asia are being targeted by a previously undocumented Chinese-speaking threat group dubbed WIP19. The espionage-related attacks are characterized by the use of a stolen digital certificate issued by a Korean company called DEEPSoft to sign malicious artifacts deployed during the infection chain to evade detection. "Almost all
Read more....
INTERPOL arrests ‘Black Axe’ cybercrime syndicate members
INTERPOL has arrested over 70 suspected members of the 'Black Axe' cybercrime syndicate, with two believed to be responsible for $1.8 million in financial fraud. [...]
Read more....
CISA releases open-source 'RedEye' C2 log visualization tool
The U.S. Cybersecurity and Infrastructure Security (CISA) agency has announced RedEye, an open-source analytic tool for operators to visualize and report command and control (C2) activity. [...]
Read more....
Serious Security: Microsoft Office 365 attacked over feeble encryption
How 2022 is your encryption?
Read more....
S3 Ep104: Should hospital ransomware attackers be locked up for life? [Audio + Text]
Have your say on three deep questions posed by this week's podcast. Read or listen as suits you best...
Read more....
Microsoft Edge extends battery life via improved efficiency mode
Microsoft has improved the Microsoft Edge efficiency mode feature in the latest stable release to increase battery life when the device is unplugged or on low battery. [...]
Read more....
Researchers Reveal Detail for Windows Zero-Day Vulnerability Patched Last Month
Details have emerged about a now-patched security flaw in Windows Common Log File System (CLFS) that could be exploited by an attacker to gain elevated permissions on compromised machines. Tracked as CVE-2022-37969 (CVSS score: 7.8), the issue was addressed by Microsoft as part of its Patch Tuesday updates for September 2022, while also noting that it was being actively exploited in the wild. "
Read more....
Australian police secret agents exposed in Colombian data leak
Identities of secret agents working for the Australian Federal Police (AFP) have been exposed after hackers leaked documents stolen from the Colombian government. [...]
Read more....
New PHP Version of Ducktail Malware Hijacking Facebook Business Accounts
A PHP version of an information-stealing malware called Ducktail has been discovered in the wild being distributed in the form of cracked installers for legitimate apps and games, according to the latest findings from Zscaler. "Like older versions (.NetCore), the latest version (PHP) also aims to exfiltrate sensitive information related to saved browser credentials, Facebook account information,
Read more....
How To Build a Career as a Freelance Cybersecurity Analyst — From Scratch
With each passing year, the cybersecurity threat landscape continues to worsen. That reality makes cybersecurity analysts some of the most sought-after technology professionals in the world. And there are nowhere near enough of them to meet the demand. At last count, there were over 3.5 million unfilled cybersecurity jobs worldwide — and that number is still growing. The situation means that
Read more....
New Chinese Cyberespionage Group Targeting IT Service Providers and Telcos
Telecommunications and IT service providers in the Middle East and Asia are being targeted by a previously undocumented Chinese-speaking threat group dubbed WIP19. The espionage-related attacks are characterized by the use of a stolen digital certificate issued by a Korean company called DEEPSoft to sign malicious artifacts deployed during the infection chain to evade detection. "Almost all
Read more....
INTERPOL arrests ‘Black Axe’ cybercrime syndicate members
INTERPOL has arrested over 70 suspected members of the 'Black Axe' cybercrime syndicate, with two believed to be responsible for $1.8 million in financial fraud. [...]
Read more....
CISA releases open-source 'RedEye' C2 log visualization tool
The U.S. Cybersecurity and Infrastructure Security (CISA) agency has announced RedEye, an open-source analytic tool for operators to visualize and report command and control (C2) activity. [...]
Read more....
Serious Security: Microsoft Office 365 attacked over feeble encryption
How 2022 is your encryption?
Read more....
S3 Ep104: Should hospital ransomware attackers be locked up for life? [Audio + Text]
Have your say on three deep questions posed by this week's podcast. Read or listen as suits you best...
Read more....
Microsoft Edge extends battery life via improved efficiency mode
Microsoft has improved the Microsoft Edge efficiency mode feature in the latest stable release to increase battery life when the device is unplugged or on low battery. [...]
Read more....
Researchers Reveal Detail for Windows Zero-Day Vulnerability Patched Last Month
Details have emerged about a now-patched security flaw in Windows Common Log File System (CLFS) that could be exploited by an attacker to gain elevated permissions on compromised machines. Tracked as CVE-2022-37969 (CVSS score: 7.8), the issue was addressed by Microsoft as part of its Patch Tuesday updates for September 2022, while also noting that it was being actively exploited in the wild. "
Read more....