Welcome to another Afternoon Dessert breakout:
Here's How to Ensure Your Incident Response Strategy is Ready for Holiday Hackers
The best line of defense against holiday hacking schemes is a comprehensive incident response strategy that focuses on end-user vulnerabilities. The holiday season is upon us and with it a slew of cybersecurity scams preying on end-user vulnerabilities. Because employees often use their business emails and cell phones as their primary point of contact, these scams quickly become a threat to
Read more....
Researchers Warn of Cyber Criminals Using Go-based Aurora Stealer Malware
A nascent Go-based malware known as Aurora Stealer is being increasingly deployed as part of campaigns designed to steal sensitive information from compromised hosts. "These infection chains leveraged phishing pages impersonating download pages of legitimate software, including cryptocurrency wallets or remote access tools, and the 911 method making use of YouTube videos and SEO-poised fake
Read more....
Android file manager apps infect thousands with Sharkbot malware
A new collection of malicious Android apps posing as harmless file managers had infiltrated the official Google Play app store, infecting users with the Sharkbot banking trojan. [...]
Read more....
How social media scammers buy time to steal your 2FA codes
The warning is hosted on a real Facebook page; the phishing uses HTTPS via a real Google server... but the content is all fake
Read more....
Windows 10 22H2 now in broad deployment, available to everyone
Microsoft has tagged Windows 10, version 22H2 (aka the Windows 10 2022 Update) for broad deployment, thus making it available to everyone via Windows Update. [...]
Read more....
This Malware Installs Malicious Browser Extensions to Steal Users' Passwords and Cryptos
A malicious extension for Chromium-based web browsers has been observed to be distributed via a long-standing Windows information stealer called ViperSoftX. Czech-based cybersecurity company dubbed the rogue browser add-on VenomSoftX owing to its standalone features that enable it to access website visits, steal credentials and clipboard data, and even swap cryptocurrency addresses via an
Read more....
How to hack an unpatched Exchange server with rogue PowerShell code
Review your servers, your patches and your authentication policies - there's a proof-of-concept out
Read more....
Here's How to Ensure Your Incident Response Strategy is Ready for Holiday Hackers
The best line of defense against holiday hacking schemes is a comprehensive incident response strategy that focuses on end-user vulnerabilities. The holiday season is upon us and with it a slew of cybersecurity scams preying on end-user vulnerabilities. Because employees often use their business emails and cell phones as their primary point of contact, these scams quickly become a threat to
Read more....
Researchers Warn of Cyber Criminals Using Go-based Aurora Stealer Malware
A nascent Go-based malware known as Aurora Stealer is being increasingly deployed as part of campaigns designed to steal sensitive information from compromised hosts. "These infection chains leveraged phishing pages impersonating download pages of legitimate software, including cryptocurrency wallets or remote access tools, and the 911 method making use of YouTube videos and SEO-poised fake
Read more....
Android file manager apps infect thousands with Sharkbot malware
A new collection of malicious Android apps posing as harmless file managers had infiltrated the official Google Play app store, infecting users with the Sharkbot banking trojan. [...]
Read more....
How social media scammers buy time to steal your 2FA codes
The warning is hosted on a real Facebook page; the phishing uses HTTPS via a real Google server... but the content is all fake
Read more....
Windows 10 22H2 now in broad deployment, available to everyone
Microsoft has tagged Windows 10, version 22H2 (aka the Windows 10 2022 Update) for broad deployment, thus making it available to everyone via Windows Update. [...]
Read more....
This Malware Installs Malicious Browser Extensions to Steal Users' Passwords and Cryptos
A malicious extension for Chromium-based web browsers has been observed to be distributed via a long-standing Windows information stealer called ViperSoftX. Czech-based cybersecurity company dubbed the rogue browser add-on VenomSoftX owing to its standalone features that enable it to access website visits, steal credentials and clipboard data, and even swap cryptocurrency addresses via an
Read more....
How to hack an unpatched Exchange server with rogue PowerShell code
Review your servers, your patches and your authentication policies - there's a proof-of-concept out
Read more....