Welcome to another Afternoon Dessert breakout:
Cryptocurrency Mining Campaign Hits Linux Users with Go-based CHAOS Malware
A cryptocurrency mining attack targeting the Linux operating system also involved the use of an open source remote access trojan (RAT) dubbed CHAOS.
The threat, which was spotted by Trend Micro in November 2022, remains virtually unchanged in all other aspects, including when it comes to terminating competing malware, security software, and deploying the Monero (XMR) cryptocurrency miner.
Google Adds Passkey Support to Chrome for Windows, macOS and Android
Google has officially begun rolling out support for passkeys, the next-generation passwordless login standard, to its stable version of Chrome web browser.
“Passkeys are a significantly safer replacement for passwords and other phishable authentication factors,” the tech giant’s Ali Sarraf said. “They cannot be reused, don’t leak in server breaches, and protect users from phishing attacks.”
Cloudflare’s Zero Trust suite now available for free to at-risk groups
Cloudflare has made its ‘Cloudflare One Zero Trust’ security suite free to public interest groups, election sites, and state organizations that are currently part of Project Galileo and the Athenian Project. […]
Top 4 SaaS Security Threats for 2023
With 2022 coming to a close, there is no better time to buckle down and prepare to face the security challenges in the year to come. This past year has seen its fair share of breaches, attacks, and leaks, forcing organizations to scramble to protect their SaaS stacks. March alone saw three different breaches from Microsoft, Hubspot, and Okta.
With SaaS sprawl ever growing and becoming more
Fortinet says SSL-VPN pre-auth RCE bug is exploited in attacks
Fortinet urges customers to patch their appliances against an actively exploited FortiOS SSL-VPN vulnerability that could allow unauthenticated remote code execution on devices. […]
Researchers Demonstrate How EDR and Antivirus Can Be Weaponized Against Users
High-severity security vulnerabilities have been disclosed in different endpoint detection and response (EDR) and antivirus (AV) products that could be exploited to turn them into data wipers.
“This wiper runs with the permissions of an unprivileged user yet has the ability to wipe almost any file on a system, including system files, and make a computer completely unbootable,” SafeBreach Labs
Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties
That’s a mean average of $15,710 per bug… and 63 fewer bugs out there for crooks and rogues to find.
S3 Ep112: Data breaches can haunt you more than once! [Audio + Text]
Breaches, exploits, busts, buffer overflows and bug hunting – entertaining and educational in equal measure.
Uber suffers new data breach after attack on vendor, info leaked online
Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cybersecurity incident. […]
Follow for more…