Lunch Time Nibbles – 2022-12-08


Welcome to another Lunch Time breakout:

Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers
An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware.
The discovery, reported by Google Threat Analysis Group researchers Benoît Sevens and Clément Lecigne, is the latest set of attacks perpetrated by ScarCruft, which is
Read more….

Iranian Hackers Strike Diamond Industry with Data-Wiping Malware in Supply-Chain Attack
An Iranian advanced persistent threat (APT) actor known as Agrius has been attributed as behind a set of data wiper attacks aimed at diamond industries in South Africa, Israel, and Hong Kong.
The wiper, codenamed Fantasy by ESET, is believed to have been delivered via a supply chain attack targeting an Israeli software suite developer as part of a campaign that began in February 2022.
Read more….

New ‘Zombinder’ platform binds Android malware with legitimate apps
A darknet platform dubbed ‘Zombinder’ allows threat actors to bind malware to legitimate Android apps, causing victims to infect themselves while still having the full functionality of the original app to evade suspicion. […]
Read more….

COVID-bit: New COVert Channel to Exfiltrate Data from Air-Gapped Computers
An unconventional data exfiltration method leverages a previously undocumented covert channel to leak sensitive information from air-gapped systems.
“The information emanates from the air-gapped computer over the air to a distance of 2 m and more and can be picked up by a nearby insider or spy with a mobile phone or laptop,” Dr. Mordechai Guri, the head of R&D in the Cyber Security Research
Read more….

Best Year-End Cybersecurity Deals from Uptycs, SANS Institute, and Bitdefender
Looking to up your cybersecurity game in the new year? Do not just buy electronics this vacation season, improve your cybersecurity!
The end of the year is a great time to re-evaluate your cybersecurity strategy and make some important investments in protecting your personal and professional data. Cyber threats are constantly evolving and becoming more sophisticated, so it’s important to stay on
Read more….

Apple Boosts Security With New iMessage, Apple ID, and iCloud Protections
Apple on Wednesday announced a raft of security measures, including an Advanced Data Protection setting that enables end-to-end encrypted (E2EE) data backups in its iCloud service.
The headlining feature, when turned on, is expected to secure 23 data categories using E2EE, including device and message backups, iCloud Drive, Notes, Photos, Reminders, Voice Memos, Safari Bookmarks, Siri Shortcuts,
Read more….

Follow for more…

%d bloggers like this: