Afternoon Dessert - 2022-11-21

Welcome to another Afternoon Dessert breakout:

Been Doing It The Same Way For Years? Think Again.
[Want Bob to stop complaining? Change your practices.] [Don't delay change – it can cost you] ["Always done it that way"? Think again.] [Why you should think again about doing it the old way] [Why you should think again about doing it the same old way] As IT professionals, we all reach a certain point in our IT career where we realize that some of our everyday tasks are done the same way year
Read more....

Apps with over 3 million installs leak 'Admin' search API keys
Researchers discovered 1,550 mobile apps leaking Algolia API keys, risking the exposure of sensitive internal services and stored user information. [...]
Read more....

Notorious Emotet Malware Returns With High-Volume Malspam Campaign
The notorious Emotet malware has returned with renewed vigor as part of a high-volume malspam campaign designed to drop payloads like IcedID and Bumblebee. "Hundreds of thousands of emails per day" have been sent since early November 2022, enterprise security company Proofpoint said last week, adding, "the new activity suggests Emotet is returning to its full functionality acting as a delivery
Read more....

Google releases 165 YARA rules to detect Cobalt Strike attacks
The Google Cloud Threat Intelligence team has open-sourced YARA Rules and a VirusTotal Collection of indicators of compromise (IOCs) to help defenders detect Cobalt Strike components in their networks. [...]
Read more....

Daixin Ransomware Gang Steals 5 Million AirAsia Passengers' and Employees' Data
The cybercrime group called Daixin Team has leaked sample data belonging to AirAsia, a Malaysian low-cost airline, on its data leak portal. The development comes a little over a week after the company fell victim to a ransomware attack on November 11 and 12, per DataBreaches.net. The threat actors allegedly claim to have obtained the personal data associated with five million
Read more....

How social media scammers buy time to steal your 2FA codes
The warning is hosted on a real Facebook page; the phishing uses HTTPS via a real Google server... but the content is all fake
Read more....

Google Chrome extension used to steal cryptocurrency, passwords
An information-stealing Google Chrome browser extension named 'VenomSoftX'  is being deployed by Windows malware to steal cryptocurrency and clipboard contents as users browse the web. [...]
Read more....