Afternoon Dessert - 2022-10-19

Welcome to another Afternoon Dessert breakout:

A Quick Guide for Small Cybersecurity Teams Looking to Invest in Cyber Insurance
In the world of insurance providers and policies, cyber insurance is a fairly new field. And many security teams are trying to wrap their heads around it.  What is it and do they need it? And with what time will they spend researching how to integrate cyber insurance into their strategy?  For small security teams, this is particularly challenging as they contend with limited resources. Luckily,
Read more....

Chinese Hackers Targeting Online Casinos with GamePlayerFramework Malware
An advanced persistent threat (APT) group of Chinese origin codenamed DiceyF has been linked to a string of attacks aimed at online casinos in Southeast Asia for years. Russian cybersecurity company Kaspersky said the activity aligns with another set of intrusions attributed to Earth Berberoka (aka GamblingPuppet) and DRBControl, citing tactical and targeting similarities as well as the abuse of
Read more....

Researchers Detail Azure SFX Flaw That Could've Allowed Attackers to Gain Admin Access
Cybersecurity researchers have shared more details about a now-patched security flaw in Azure Service Fabric Explorer (SFX) that could potentially enable an attacker to gain administrator privileges on the cluster. The vulnerability, tracked as CVE-2022-35829, carries a CVSS severity rating of 6.2 and was addressed by Microsoft as part of its Patch Tuesday updates last week. Orca
Read more....

Apache Commons Text RCE flaw — Keep calm and patch away
A remote code execution flaw in the open-source Apache Commons Text library has some people worried that it could turn into the next Log4Shell. However, most cybersecurity researchers say it is nowhere near as concerning. [...]
Read more....

Microsoft Azure SFX bug let hackers hijack Service Fabric clusters
Attackers could exploit a now-patched spoofing vulnerability in Service Fabric Explorer to gain admin privileges and hijack Azure Service Fabric clusters. [...]
Read more....

Hackers use new stealthy PowerShell backdoor to target 60+ victims
A previously undocumented, fully undetectable PowerShell backdoor is being actively used by a threat actor who has targeted at least 69 entities. [...]
Read more....

Microsoft announces enterprise DDoS protection for SMBs
Microsoft announced today the availability of Azure DDoS IP Protection in public preview, a new and fully managed DDoS Protection pay-per-protected IP model offering tailored to small and midsize businesses (SMBs). [...]
Read more....

Women in Cryptology – USPS celebrates WW2 codebreakers
What did you do in the war, Mom? Oh, y'know, a bit of this and that...
Read more....

Microsoft leaked customer data from misconfigured Azure Storage
Microsoft said today that some prospective customers' data was exposed by a misconfigured Microsoft server accessible over the Internet. [...]
Read more....