Welcome to another Afternoon Dessert breakout:
Understanding NIST CSF to assess your organization’s Ransomware readiness
Ransomware attacks keep increasing in volume and impact largely due to organizations’ weak security controls. Mid-market companies are targeted as they possess a significant amount of valuable data but lack the level of protective controls and staffing of larger organizations.
According to a recent RSM survey, 62% of mid-market companies believe they are at risk of ransomware in the next 12
Darknet’s Largest Mobile Malware Marketplace Threatens Users Worldwide
Cybersecurity researchers have shed light on a darknet marketplace called InTheBox that’s designed to specifically cater to mobile malware operators.
The actor behind the criminal storefront, believed to be available since at least January 2020, has been offering over 400 custom web injects grouped by geography that can be purchased by other adversaries looking to mount attacks of their own.
Massive DDoS attack takes down Russia’s second-largest bank VTB
Russia’s second-largest financial institution VTB Bank says it is facing the worse cyberattack in its history after its website and mobile apps were taken offline due to an ongoing DDoS (distributed denial of service) attack. […]
Password Reset Calls Are Costing Your Org Big Money
Research states that the average help desk labor cost for a single password reset is about $70. With this cost, what can an organization do to lessen the impact of password resets? […]
Rackspace says ransomware is behind four-day Exchange outage
Texas-based cloud computing provider Rackspace has confirmed today that a ransomware attack is behind its ongoing hosted Microsoft Exchange outage. […]
Iranian State Hackers Targeting Key Figures in Activism, Journalism, and Politics
Hackers with ties to the Iranian government have been linked to an ongoing social engineering and credential phishing campaign directed against human rights activists, journalists, researchers, academics, diplomats, and politicians working in the Middle East.
At least 20 individuals are believed to have been targeted, Human Rights Watch (HRW) said in a report published Monday, attributing the
Android December 2022 security updates fix 81 vulnerabilities
Google has released the December 2022 security update for Android, fixing four critical-severity vulnerabilities, including a remote code execution flaw exploitable via Bluetooth. […]
Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks
A malicious campaign targeting the Middle East is likely linked to BackdoorDiplomacy, an advanced persistent threat (APT) group with ties to China.
The espionage activity, directed against a telecom company in the region, is said to have commenced on August 19, 2021 through the successful exploitation of ProxyShell flaws in the Microsoft Exchange Server.
Initial compromise leveraged binaries
Ping of death! FreeBSD fixes crashtastic bug in network tool
It’s a venerable program, and this version had a venerable bug in it.
SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m
Guilty party got 18 months, also has to pay back $20m he probably hasn’t got, which could land him in more hot water.
Number Nine! Chrome fixes another 2022 zero-day, Edge patched too
Ninth more unto the breach, dear friends, ninth more.
Microsoft: Hackers target cryptocurrency firms over Telegram
Microsoft says that cryptocurrency investment companies have been targeted by a threat group it tracks as DEV-0139 via Telegram groups used to communicate with the firms’ VIP customers. […]
Follow for more…