Afternoon Dessert - 2022-11-02

Welcome to another Afternoon Dessert breakout:

Multiple Vulnerabilities Reported in Checkmk IT Infrastructure Monitoring Software
Multiple vulnerabilities have been disclosed in Checkmk IT Infrastructure monitoring software that could be chained together by an unauthenticated, remote attacker to fully take over affected servers.  "These vulnerabilities can be chained together by an unauthenticated, remote attacker to gain code execution on the server running Checkmk version 2.1.0p10 and lower," SonarSource researcher
Read more....

U.S. govt employees exposed to mobile attacks from outdated Android, iOS
Roughly half of all Android-based mobile phones used by state and local government employees are running outdated versions of the operating system, exposing them to hundreds of vulnerabilities threat actors can leverage to perform cyberattacks. [...]
Read more....

Teamviewer pulls update after users report connection issues
TeamViewer has pulled the latest released version following user reports that the remote access software was displaying "Connection not established. Authentication Cancelled Error" errors and blocking incoming connections. [...]
Read more....

Dozens of PyPI packages caught dropping 'W4SP' info-stealing malware
Researchers have discovered over two dozen Python packages on the PyPI registry that are pushing info-stealing malware. [...]
Read more....

Vodafone Italy discloses data breach after reseller hacked
Vodafone Italia is sending customers notices of a data breach, informing them that one of its commercial partners, FourB S.p.A., who operates as a reseller of the telco's services in the country, has fallen victim to a cyberattack. [...]
Read more....

OpenSSL patches are out – CRITICAL bug downgraded to HIGH, but patch anyway!
That bated-breath OpenSSL update is out! It's no longer rated CRITICAL, but we advise you to patch ASAP anyway. Here's why...
Read more....

SHA-3 code execution bug patched in PHP – check your version!
As everyone waits for news of a bug in OpenSSL, here's a reminder that other cryptographic code in your life may also need patching!
Read more....

Microsoft now testing Windows Search taskbar tip flyouts
Microsoft is now testing a new way to help Windows 11 users get more out of its Windows Search by displaying tip flyouts in the taskbar. [...]
Read more....

Emotet botnet starts blasting malware again after 5 month break
The Emotet malware operation is again spamming malicious emails after almost a five-month "vacation" that saw little activity from the notorious cybercrime operation. [...]
Read more....