Afternoon Dessert – 2022-11-30


Welcome to another Afternoon Dessert breakout:

Researchers Find a Way Malicious NPM Libraries Can Evade Vulnerability Detection
New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an “unexpected behavior” in the npm command line interface (CLI) tool.
npm CLI’s install and audit commands have built-in capabilities to check a package and all of its dependencies for known vulnerabilities, effectively acting as a warning mechanism for
Read more….

Android and iOS apps with 15 million installs extort loan seekers
Over 280 Android and iOS apps on the Google Play and the Apple App stores trapped users in loan schemes with misleading terms and employed various methods to extort and harass borrowers. […]
Read more….

Crafty threat actor uses ‘aged’ domains to evade security platforms
A sophisticated threat actor named ‘CashRewindo’ has been using aged domains in global malvertising campaigns that lead to investment scam sites. […]
Read more….

Password Salting to Increase Windows Active Directory Security
Specops Password Policy can help to prevent users from using any passwords that are known to be vulnerable to table-based lookup attacks. The result is a level of protection that is comparable to that of password salting, but without the hassles of managing salts. […]
Read more….

NVIDIA releases GPU driver update to fix 29 security flaws
NVIDIA has released a security update for its GPU display driver for Windows, containing a fix for a high-severity flaw that threat actors can exploit to perform, among other things, code execution and privilege escalation. […]
Read more….

Microsoft fixes Windows 11 22H2 file copy performance hit
Microsoft has addressed a known issue leading to significant performance hits when copying large files over SMB after installing the Windows 11 2022 update. […]
Read more….

Google discovers Windows exploit framework used to deploy spyware
Google’s Threat Analysis Group (TAG) has linked an exploit framework that targets now-patched vulnerabilities in the Chrome and Firefox web browsers and the Microsoft Defender security app to a Spanish software company. […]
Read more….

Australia will now fine firms up to AU$50 million for data breaches
The Australian parliament has approved a bill to amend the country’s privacy legislation, significantly increasing the maximum penalties to AU$50 million for companies and data controllers who suffered large-scale data breaches. […]
Read more….

Cloudflare raises monthly plan prices for the first time
Cloudflare announced today that they are raising prices for their Pro and Business plans for the first time since they launched in 2017. […]
Read more….

TikTok “Invisible Challenge” porn malware puts us all at risk
An injury to one is an injury to all. Especially if the other people are part of your social network.
Read more….

Serious Security: MD5 considered harmful – to the tune of $600,000
It’s not just the hashing, by the way. It’s the salting and the stretching, too!
Read more….

Follow for more…


Create a website or blog at

%d bloggers like this: