Afternoon Dessert – 2022-12-22


Welcome to another Afternoon Dessert breakout:

Critical Security Flaw Reported in Passwordstate Enterprise Password Manager
Multiple high-severity vulnerabilities have been disclosed in Passwordstate password management solution that could be exploited by an unauthenticated remote adversary to obtain a user’s plaintext passwords.
“Successful exploitation allows an unauthenticated attacker to exfiltrate passwords from an instance, overwrite all stored passwords within the database, or elevate their privileges within
Read more….

The Era of Cyber Threat Intelligence Sharing
We spent forty years defending ourselves as individuals. Trying to outsmart cybercriminals, outpower them, and when all our efforts failed, only then we considered banding together with our peers to outnumber them.
Cybercriminals don’t reinvent themselves each time. Their resources are limited, and they have a limited budget. Therefore they use playbooks to attack many people. Meaning most of
Read more….

FIN7 Cybercrime Syndicate Emerges as Major Player in Ransomware Landscape
An exhaustive analysis of FIN7 has unmasked the cybercrime syndicate’s organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks.
It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct ransomware DarkSide, REvil, and LockBit families.
The highly active threat group, also known as Carbanak,
Read more….

FIN7 hackers create auto-attack platform to breach Exchange servers
The notorious FIN7 hacking group uses an auto-attack system that exploits Microsoft Exchange and SQL injection vulnerabilities to breach corporate networks, steal data, and select targets for ransomware attacks based on financial size. […]
Read more….

Get 40% off Malwarebytes Premium for the holidays
Malwarebytes is running a holiday deal where you can get 40% off the Malwarebytes Premium antivirus software through the new year. […]
Read more….

Brave launches FrodoPIR, a privacy-focused database query system
Brave Software developers have created a new privacy-centric database query system called FrodoPIR that retrieves data from servers without disclosing the content of user queries. […]
Read more….

Vice Society ransomware gang switches to new custom encryptor
The Vice Society ransomware operation has switched to using a custom ransomware encrypt that implements a strong, hybrid encryption scheme based on NTRUEncrypt and ChaCha20-Poly1305. […]
Read more….

“Suspicious login” scammers up their game – take care at Christmas
A picture is worth 1024 words – we clicked through so you don’t have to.
Read more….

S3 Ep114: Preventing cyberthreats – stop them before they stop you! [Audio + Text]
Join world-renowned expert Fraser Howard, Director of Research at SophosLabs, for this fascinating episode on how to fight cybercrime.
Read more….

Follow for more…


Create a website or blog at

%d bloggers like this: