Lunch Time Nibbles - 2022-10-11

Welcome to another Lunch Time breakout:

Hacking group POLONIUM uses ‘Creepy’ malware against Israel
Security researchers reveal previously unknown malware used by the cyber espionage hacking group 'POLONIUM,' threat actors who appear to target Israeli organizations exclusively. [...]
Read more....

Windows 11 22H2 blocked due to Windows Hello issues on some systems
Microsoft is now blocking the Windows 11 22H2 update from being offered on some systems because signing in using Windows Hello might not work after upgrading. [...]
Read more....

Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox
A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox," GitHub said in an advisory published on September 28, 2022. The
Read more....

The Latest Funding News and What it Means for Cyber Security in 2023
The White House has recently announced a $1 billion cyber security grant program that is designed to help state and local governments improve their cyber defenses, especially about protecting critical infrastructure. The recent executive order stems from the $1.2 trillion infrastructure bill that was signed almost a year ago. That bill allocated $1 billion for protecting critical infrastructure
Read more....

Researchers Warn of New Phishing-as-a-Service Being Used by Cyber Criminals
Cyber criminals are using a previously undocumented phishing-as-a-service (PhaaS) toolkit called Caffeine to effectively scale up their attacks and distribute nefarious payloads. "This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and tools to its criminal clients to orchestrate and automate core elements of their phishing
Read more....