Afternoon Dessert - 2022-11-16

Welcome to another Afternoon Dessert breakout:

7 Reasons to Choose an MDR Provider
According to a recent survey, 90% of CISOs running teams in small to medium-sized enterprises (SMEs) use a managed detection and response (MDR) service. That’s a 53% increase from last year. Why the dramatic shift to MDR? CISOs at organizations of any size, but especially SMEs, are realizing that the threat landscape and the way we do cybersecurity are among the many things that will never look
Read more....

Researchers Discover Hundreds of Amazon RDS Instances Leaking Users' Personal Data
Hundreds of databases on Amazon Relational Database Service (Amazon RDS) are exposing personal identifiable information (PII), new findings from Mitiga, a cloud incident response company, show. "Leaking PII in this manner provides a potential treasure trove for threat actors – either during the reconnaissance phase of the cyber kill chain or extortionware/ransomware campaigns," researchers Ariel
Read more....

DuckDuckGo now lets all Android users block trackers in their apps
DuckDuckGo for Android's 'App Tracking Protection' feature has reached open beta, allowing all Android users to block third-party trackers across all their installed apps. [...]
Read more....

Police dismantle pirated TV streaming network with 500,000 users
The Spanish police have dismantled a network of pirated streaming sites that illegally distributed content from 2,600 TV channels and 23,000 movies and series to roughly 500,000 users. [...]
Read more....

Okta shares workaround for ongoing Microsoft 365 SSO outage
Okta, a leading provider of authentication services, has shared a workaround for ongoing issues preventing customers to log into their accounts using Microsoft Office 365 Single Sign-On. [...]
Read more....

US govt: Iranian hackers breached federal agency using Log4Shell exploit
The FBI and CISA revealed in a joint advisory published today that an unnamed Iranian-backed threat group hacked a Federal Civilian Executive Branch (FCEB) organization to deploy XMRig cryptomining malware. [...]
Read more....

Magento stores targeted in massive surge of TrojanOrders attacks
At least seven hacking groups are behind a massive surge in 'TrojanOrders' attacks targeting Magento 2 websites, exploiting a vulnerability that allows the threat actors to compromise vulnerable servers. [...]
Read more....

Twitter source code indicates end-to-end encrypted DMs are coming
Twitter is reportedly working on finally adding end-to-end encryption (E2EE) for direct messages (DMs) exchanged between users on the social media platform. [...]
Read more....

Log4Shell-like code execution hole in popular Backstage dev tool
Good old "string templating", also known as "string interpolation", in the spotlight again...
Read more....

Firefox fixes fullscreen fakery flaw – get the update now!
What's so bad about a web page going fullscreen without warning you first?
Read more....